- Daily - CERT.at

Tageszusammenfassung - 25.07.2019
by Daily end-of-shift report 25 Jul '19

25 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 24-07-2019 18:00 − Donnerstag 25-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ BlueKeep, mal wieder ∗∗∗ --------------------------------------------- Das "Schöne" an der IT ist, dass uns manche Themen längerfristig begleiten. So auch die Schwachstelle mit der CVE-Nummer 2019-0708, besser bekannt unter dem Namen "BlueKeep". Wir haben davor gewarnt und darüber gebloggt - und Letzteres muss leider wieder sein. --------------------------------------------- http://www.cert.at/services/blog/20190725104348-2524.html ∗∗∗ When Users Attack! Users (and Admins) Thwarting Security Controls, (Thu, Jul 25th) ∗∗∗ --------------------------------------------- Today, I'd like to discuss a few of the Critical Controls, and how I see real people abusing or circumventing them in real companies. (Sorry, no code in todays story, but we do have some GPOs ) --------------------------------------------- https://isc.sans.edu/diary/rss/25170 ∗∗∗ Verordnung über qualifizierte Stellen – QuaSteV ∗∗∗ --------------------------------------------- Mit dieser Verordnung werden jene Erfordernisse, die qualifizierte Stellen erfüllen müssen, um Betreiber wesentlicher Dienste im Hinblick auf die von ihnen betriebenen wesentlichen Dienste gemäß § 17 Abs. 3 NISG überprüfen zu können, sowie das Verfahren zur Feststellung qualifizierter Stellen festgelegt. --------------------------------------------- https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2019_II_226/BGBLA_2019_I… ∗∗∗ Cook: security things in Linux v5.2 ∗∗∗ --------------------------------------------- Over on his blog, Kees Cook runs through the security changes that came in Linux 5.2. --------------------------------------------- https://lwn.net/Articles/794145/ ∗∗∗ Hundewelpen aus Kamerun auf Facebook? Nicht kaufen! ∗∗∗ --------------------------------------------- Immer wieder wenden sich verzweifelte Konsument/innen an uns, die im Internet Hundewelpen kaufen wollten. Egal ob auf Facebook oder auf Kleinanzeigenplattformen gilt: Soll Geld nach Kamerun oder andere weit entfernte Länder überwiesen werden, handelt es sich höchstwahrscheinlich um ein betrügerisches Angebot! Die Tiere gibt es nicht und das Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/hundewelpen-aus-kamerun-auf-facebook… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Ansible CVE-2019-10206 Remote Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. --------------------------------------------- http://www.securityfocus.com/bid/109361 ∗∗∗ FreeBSD: Bhyve out-of-bounds read in XHCI device ∗∗∗ --------------------------------------------- A misbehaving bhyve guest could crash the system or access memory that it should not be able to. --------------------------------------------- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc ∗∗∗ Exim: security release for CVE-2019-13917 ∗∗∗ --------------------------------------------- A local or remote attacker can execute programs with root privileges - if youve an unusual configuration. Mitigation: Do not use ${sort } in your configuration. Fixed in: Exim 4.92.1. --------------------------------------------- http://exim.org/static/doc/security/CVE-2019-13917.txt ∗∗∗ Micro Focus ArcSight Logger CVE-2019-3485 HTML Injection Vulnerability ∗∗∗ --------------------------------------------- Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. --------------------------------------------- https://www.securityfocus.com/bid/109363/discuss ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), Debian (exim4), Fedora (java-latest-openjdk), openSUSE (libsass, tomcat, and ucode-intel), Oracle (java-1.7.0-openjdk and thunderbird), SUSE (OpenEXR, spamassassin, and thunderbird), and Ubuntu (ansible and patch). --------------------------------------------- https://lwn.net/Articles/794623/ ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: IBM Network Performance Insight (CVE-2019-10241, CVE-2019-10247) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-network-performan… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2018-1719) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.07.2019
by Daily end-of-shift report 24 Jul '19

24 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 23-07-2019 18:00 − Mittwoch 24-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Videolan: Eine VLC-Lücke, die keine ist ∗∗∗ --------------------------------------------- Ein eher unbedeutender Fehler in einer Abhängigkeit des VLC-Players wird von Behörden fälschlich als schwere Sicherheitslücke klassifiziert und viele Medien übernehmen dies ungeprüft. Das Videolan-Projekt ist nicht erfreut. --------------------------------------------- https://www.golem.de/news/videolan-eine-vlc-luecke-die-keine-ist-1907-14275… ∗∗∗ Exim: security release ahead (CVE-2019-13917) ∗∗∗ --------------------------------------------- We discovered a vulnerability. We consider the risk of an exploit as low, you need to have a fairly unusual runtime configuration. Neither our default runtime configuration nor the runtime configuration shipped by the Debian distribution is vulnerable. This is a *heads-up* notice about the upcoming release. Coordinated Release Date (CRD) for Exim 4.92.1: Thu Jul 25 10:00:00 UTC 2019 --------------------------------------------- https://seclists.org/oss-sec/2019/q3/63 ∗∗∗ Warnung: Schadsoftware mit angeblichem BSI-Absender verschickt ∗∗∗ --------------------------------------------- Derzeit verschicken Kriminelle per E-Mail Schadsoftware und gaukeln dabei vor, die Mails stammten vom BSI. Bislang bekannte Mails nutzen die Absenderadresse "meldung(a)bsi-bund.org". Das Bundesamt für Sicherheit in der Informationstechnik (BSI) ist nicht Absender dieser Mails. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Schadsoftware-BSI… ∗∗∗ Keine Ware trotz Zahlung: epic-media.shop ∗∗∗ --------------------------------------------- Konsument/innen auf der Suche nach Wasch- und Kaffeemaschinen, Spielkonsolen, Staubsaugern, Kameras und anderen technischen Geräten stoßen auf epic-media.shop. Gute Preise verlocken zu einem schnellen Einkauf. Doch Vorsicht: Bezahlte Ware wird nie geliefert, denn hinter der Website steckt nichts als Betrug! --------------------------------------------- https://www.watchlist-internet.at/news/keine-ware-trotz-zahlung-epic-medias… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Poppler CVE-2019-9959 Integer Overflow Vulnerability ∗∗∗ --------------------------------------------- Poppler is prone to an integer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Attackers can exploit this issue to cause denial-of-service conditions. --------------------------------------------- http://www.securityfocus.com/bid/109342 ∗∗∗ Vuln: GNU Binutils libiberty CVE-2019-14250 Integer Overflow Vulnerability ∗∗∗ --------------------------------------------- GNU Binutils is prone to an integer overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. --------------------------------------------- http://www.securityfocus.com/bid/109354 ∗∗∗ Serious Remote Code Execution Flaw Affects ProFTPD Powered FTP Servers ∗∗∗ --------------------------------------------- ... it's important to note that not every FTP server running vulnerable ProFTPD can be hijacked remotely, since the attacker requires log-in to the respective targeted server, or the server should have anonymous access enabled. --------------------------------------------- https://thehackernews.com/2019/07/linux-ftp-server-security.html ∗∗∗ HAProxy CVE-2019-14241 Remote Denial of Service Vulnerability ∗∗∗ --------------------------------------------- Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to HAProxy 1.9.9 and 2.0.3 are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/109352/discuss ∗∗∗ D-Link DSL-2750U Multiple Authentication Bypass Vulnerabilities ∗∗∗ --------------------------------------------- An attacker can exploit these issues to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. D-Link DSL-2750U Router 1.11 is vulnerable; other versions may also be affected. --------------------------------------------- https://www.securityfocus.com/bid/109351/discuss ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel, linux-4.9, and neovim), Fedora (slurm), openSUSE (ImageMagick, libgcrypt, libsass, live555, mumble, neovim, and teeworlds), Oracle (java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), Red Hat (java-1.7.0-openjdk), Scientific Linux (java-1.7.0-openjdk), SUSE (glibc and openexr), and Ubuntu (mysql-5.7 and patch). --------------------------------------------- https://lwn.net/Articles/794511/ ∗∗∗ Synology-SA-19:31 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to set a new password without verification via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_31 ∗∗∗ Security Advisory - TLS Certificate Verification Vulnerability in Huawei 7900 IP Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190724-… ∗∗∗ IBM Security Bulletin: IBM Cloud Private – Session not invalidated on logout (CVE-2019-4439) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-ses… ∗∗∗ IBM Security Bulletin: In IBM Cloud Private on OpenShift icp-scc SecurityContextContraints is erroneously assigned to all pods in all namespaces ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-in-ibm-cloud-private-… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Virtualization Engine TS7700 – April 2019 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in IBM Decision Optimization for Watson Studio Local ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2019-0196;CVE-2019-0197;CVE-2019-0211;CVE-2019-0215;CVE-2019-0217; and CVE-2019-0220) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-build-forge-… ∗∗∗ IBM Security Bulletin: IBM Cloud Private for Data is affected multiple security vulnerabilities in IBM Cloud Private Kubernetes ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-for… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to CSRF attack (CVE-2019-4212) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Eclipse OpenJ9, Oracle Java SE, and IBM WebSphere Application Server affect IBM Watson Compare and Comply for IBM Cloud Private for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ec… ∗∗∗ IBM Security Bulletin: IBM Cloud Private for Data is affected by vulnerabilities in the Setup package. CVE-2018-1113 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-for… ∗∗∗ NTP vulnerability CVE-2019-11331 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K09940637 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.07.2019
by Daily end-of-shift report 23 Jul '19

23 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 22-07-2019 18:00 − Dienstag 23-07-2019 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Verifying SSL/TLS configuration (part 1) ∗∗∗ --------------------------------------------- One of very important steps when performing penetration tests is to verify configuration of any SSL/TLS services. Specifically, the goal of this step is to check which protocols and ciphers are supported. This might sound easier than it is – so this will be a series of diaries where I will try to explain how to verify configuration but also how to assess risk. --------------------------------------------- https://isc.sans.edu/diary/rss/25162 ∗∗∗ QNAP und Synology warnen vor Malware-Angriffen auf schlecht gesicherte NAS ∗∗∗ --------------------------------------------- Netzwerkspeicher von QNAP und Synology sind derzeit verstärkt Attacken via Brute-Force und Exploits ausgesetzt. Die Hersteller geben Tipps zum Absichern. --------------------------------------------- https://heise.de/-4477214 ∗∗∗ Identitätsmissbrauch durch Umfrage auf selektur.net ∗∗∗ --------------------------------------------- Die Selektur GmbH gibt sich als Marktforschungsinstitut aus, bei dem Konsument/innen von Zuhause aus Produkte testen und einfach Geld verdienen können. Schon bei der Anmeldung sind Pass oder Personalausweis hochzuladen. Diese Unterlagen werden von den Kriminellen hinter selektur.net dazu genützt, ein Bankkonto zu eröffnen, welches später durch die nichtsahnenden Umfrageteilnehmer/innen freigeschaltet wird. --------------------------------------------- https://www.watchlist-internet.at/news/identitaetsmissbrauch-durch-umfrage-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Microsoft Windows OleCreateFontIndirectExt Out of Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. --------------------------------------------- http://www.securityfocus.com/bid/109335 ∗∗∗ COModo: From Sandbox to SYSTEM (CVE-2019–3969) ∗∗∗ --------------------------------------------- Antivirus (AV) is a great target for vulnerability hunting: Large attack surface, complex parsing, and various components executing with high privileges. So a couple of months ago, I decided looked at the latest Comodo Antivirus v12.0.0.6810. I ended up finding a few cool things, however one I thought was worth covering here, which is a sandbox escape as well as a privilege escalation to SYSTEM. --------------------------------------------- https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-… ∗∗∗ macOS 10.14.6 behebt Sicherheitslücken und macht Boot Camp wieder flott ∗∗∗ --------------------------------------------- macOS 10.14.6 behebt weiterhin diverse Sicherheitslücken, die unter anderem in der Web-Engine WebKit, in Bluetooth, in Core Data, im Disk Management, in Foundation und in Siri stecken. Teilweise sind sie auch aus der Ferne ausnutzbar gewesen. Zusätzlich wurde eine Lücke im Kommunikationsdienst FaceTime geschlossen, über die sogar Code von außen ausgeführt werden konnte. --------------------------------------------- https://heise.de/-4476767 ∗∗∗ Manuelles Update notwendig: Fortinet fixt kritische Lücke in mehreren Produkten ∗∗∗ --------------------------------------------- Mehrere Versionen von FortiOS, FortiManager und FortiAnalyzer akzeptieren aufgrund eines Bugs ungültige Zertifikate. Der Hersteller rät zum sofortigen Update. --------------------------------------------- https://heise.de/-4476610 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libsdl2-image and libxslt), Oracle (java-1.8.0-openjdk and java-11-openjdk), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (bzip2, microcode_ctl, and ucode-intel), and Ubuntu (clamav, evince, linux-hwe, linux-gcp, linux-snapdragon, and squid3). --------------------------------------------- https://lwn.net/Articles/794445/ ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities (CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3863) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ BIND vulnerability CVE-2019-6471 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10092301 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.07.2019
by Daily end-of-shift report 22 Jul '19

22 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 19-07-2019 18:00 − Montag 22-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Palo Alto stümpert bei kritischer Sicherheitslücke im VPN GlobalProtect ∗∗∗ --------------------------------------------- Ein Jahr nach dem Schließen einer Sicherheitslücke informiert Palo Alto seine Kunden über die Gefahr. In der Zwischenzeit hackten Forscher damit mal eben Uber. --------------------------------------------- https://heise.de/-4476441 ===================== = Vulnerabilities = ===================== ∗∗∗ Selfblow: Secure Boot in allen Tegra X1 umgehbar ∗∗∗ --------------------------------------------- Ein Fehler im Bootloader der Tegra X1 von Nvidia ermöglicht das komplette Umgehen der Verifikation des Systemboots. Das betrifft wohl alle Geräte außer der Switch. Nvidia stellt ein Update bereit. (Tegra, Nvidia) --------------------------------------------- https://www.golem.de/news/selfblow-secure-boot-in-allen-tegra-x1-umgehbar-1… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9, exiv2, kernel, nss, openjdk-11, openjdk-8, patch, and squid3), Fedora (gvfs, libldb, and samba), Mageia (firefox, gvfs, libreswan, rdesktop, and thunderbird), openSUSE (bzip2, clementine, dbus-1, expat, fence-agents, firefox, glib2, kernel, kernel-firmware, ledger, libqb, libu2f-host, pam_u2f, libvirt, neovim, php7, postgresql10, python-requests, python-Twisted, ruby-bundled-gems-rpmhelper, ruby2.5, samba, webkit2gtk3, zeromq, and znc), Red --------------------------------------------- https://lwn.net/Articles/794363/ ∗∗∗ BlackBerry Cylance Downplays, Patches Antivirus Bypass ∗∗∗ --------------------------------------------- BlackBerry Cylance has prepared an update for its CylancePROTECT product to address a recently disclosed bypass method, but the company has downplayed the impact of the issue. read more --------------------------------------------- https://www.securityweek.com/blackberry-cylance-downplays-patches-antivirus… ∗∗∗ Pro-FTPd: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Pro-FTPd ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0642 ∗∗∗ Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der Foxit Phantom PDF Suite ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0641 ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Kubernetes (CVE-2019-11246) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (CVE-2019-2602) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-0732, CVE-2018-0739, CVE-2017-3735) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2019 – Includes Oracle Apr 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technolo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.07.2019
by Daily end-of-shift report 19 Jul '19

19 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 18-07-2019 18:00 − Freitag 19-07-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Elusive MegaCortex Ransomware Found - Here is What We Know ∗∗∗ --------------------------------------------- A sample of the ransomware called MegaCortex that is known to target the enterprise in targeted attacks has been found and analyzed. In this article, we will provide a brief look at the MegaCortex Ransomware and how it encrypts a computer. --------------------------------------------- https://www.bleepingcomputer.com/news/security/elusive-megacortex-ransomwar… ∗∗∗ The Strange Case of the Malicious Favicon ∗∗∗ --------------------------------------------- During the past year, our Remediation department has seen a large increase in the number of fully spammed sites. The common factors are strangely named and unusually located favicon.ico files, along with the creation of “bak.bak” index files peppered around the website. In the majority of the cases, the pattern is similar regardless of the size of the website or the CMS being used. We have found WordPress, Magento, Joomla, and even HTML-only sites impacted by this campaign. --------------------------------------------- https://blog.sucuri.net/2019/07/the-strange-case-of-the-malicious-favicon.h… ∗∗∗ [webapps] fuelCMS 1.4.1 - Remote Code Execution ∗∗∗ --------------------------------------------- fuelCMS 1.4.1 - Remote Code Execution --------------------------------------------- https://www.exploit-db.com/exploits/47138 ===================== = Vulnerabilities = ===================== ∗∗∗ Johnson Controls exacqVision Server ∗∗∗ --------------------------------------------- This advisory includes mitigations for an unquoted search path or element vulnerability reported in the Johnson Controls exacqVision Server. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-199-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bzip2), Fedora (freetds, kernel, kernel-headers, and knot-resolver), openSUSE (bubblewrap, fence-agents, kernel, libqb, libu2f-host, pam_u2f, and tomcat), Oracle (vim), SUSE (kernel, LibreOffice, libxml2, and tomcat), and Ubuntu (libmspack and squid, squid3). --------------------------------------------- https://lwn.net/Articles/794190/ ∗∗∗ IBM Security Bulletin: Buffer overflow vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4267) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-buffer-overflow-vulne… ∗∗∗ IBM Security Bulletin: ACLs not backed up on VxFS-HP-UX filesystems by IBM Spectrum Protect Backup-Archive Client (CVE-2019-4236) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-acls-not-backed-up-on… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMWare (CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Backup-Archive Client on Windows, Linux, and Macintosh (CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: Vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-node… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Integration Bus , IBM App Connect and WebSphere Message Broker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-1902, CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-and-denial-o… ∗∗∗ IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Client web user interface and IBM Spectrum Protect for Virtual Environments (CVE-2018-1902, CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-and-denial-o… ∗∗∗ IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by an Apache Zookeeper vulnerability (CVE-2019-0201) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-netcool-agile-ser… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Jetty affect Netcool Agile Service Manager (CVE-2019-10247, CVE-2019-10246) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Expat XML parser vulnerability CVE-2018-20843 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K51011533 ∗∗∗ VLC: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0634 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.07.2019
by Daily end-of-shift report 18 Jul '19

18 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 17-07-2019 18:00 − Donnerstag 18-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Netz- und Informationssystemsicherheitsverordnung – NISV ∗∗∗ --------------------------------------------- Am 17.07.2019 wurde die Netz- und Informationssystemsicherheitsverordnung - NISV veröffentlicht. Diese ergänzt das Bundesgesetz zur Gewährleistung eines hohen Sicherheitsniveaus von Netz- und Informationssystemen (Netz- und Informationssystemsicherheitsgesetz - NISG) und bietet die Grundlage für die Identifizierung der Betreiber wesentlicher Dienste. --------------------------------------------- https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2019_II_215/BGBLA_2019_I… ∗∗∗ WeAct: Datenleck bei Petitionsplattform von Campact ∗∗∗ --------------------------------------------- Ein Fehler auf der Petitionsplattform WeAct von Campact ermöglichte den Zugriff auf die Daten der Unterstützer. Rund 1,8 Millionen Unterzeichner sind betroffen. Die Nichtregierungsorganisation hat die Hintergründe des Fehlers veröffentlicht. (Datenleck, Datenschutz) --------------------------------------------- https://www.golem.de/news/weact-datenleck-bei-petitionsplattform-von-campac… ∗∗∗ Unseriöse Shops: Versprechen Wunderdinge – liefern minderwertige Ware! ∗∗∗ --------------------------------------------- Konsument/innen stoßen beim Surfen im Internet immer wieder auf Werbung zu Produkten, die wahre Wunderdinge versprechen. Während manche Gegenstände halten, was sie versprechen, wird in anderen Fällen billigste Ware durch aggressive Werbung an die Frau und den Mann gebracht. Ähnliches gilt für Websites wie wifiboost.pro, airfreez.pro, coolblade.pro oder cleanaqua.pro, die darüber hinaus zahlreiche gesetzliche Vorgaben beim Verkauf missachten. --------------------------------------------- https://www.watchlist-internet.at/news/unserioese-shops-versprechen-wunderd… ∗∗∗ Zoom RCE only hit those who uninstalled it: Assetnote ∗∗∗ --------------------------------------------- Local webserver searched for domain suffixes that left it open to exploitation. --------------------------------------------- https://www.zdnet.com/article/zoom-rce-only-hit-those-who-uninstalled-it-as… ===================== = Vulnerabilities = ===================== ∗∗∗ Wireshark: ASN.1 BER and related dissectors crash ∗∗∗ --------------------------------------------- It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. --------------------------------------------- https://www.wireshark.org/security/wnpa-sec-2019-20.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, firefox, and squid), CentOS (thunderbird and vim), Debian (libonig), SUSE (firefox, glibc, kernel, libxslt, and tomcat), and Ubuntu (libreoffice and thunderbird). --------------------------------------------- https://lwn.net/Articles/794104/ ∗∗∗ Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Industrial Network Director Web Services Management Agent Unauthorized Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Series Switches Open Redirect Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Blind SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FindIT Network Management Software Static Credentials Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Improper Authentication Vulnerability on PC Manager ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190718-… ∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities CVE-2019-10072 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-websphere-cast-ir… ∗∗∗ IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager IP Edition (CVE-2018-1890, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-mul… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: An IBM QRadar SIEM protocol is vulnerable to Incorrect Permission Assignment (CVE-2018-2024) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-ibm-qradar-siem-pr… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-asset-analyzer-raa-is… ∗∗∗ IBM Security Bulletin: IBM Watson Studio – Local allows mounting glusterFS without security check ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-watson-studio-loc… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer (CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017-14503) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.07.2019
by Daily end-of-shift report 17 Jul '19

17 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 16-07-2019 18:00 − Mittwoch 17-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Newly identified StrongPity operations ∗∗∗ --------------------------------------------- Alien Labs has identified an unreported and ongoing malware campaign, which we attribute with high confidence to the adversary publicly reported as “StrongPity”. Based on compilation times, infrastructure, and public distribution of samples - we assess the campaign operated from the second half of 2018 into today (July 2019). This post details new malware and new infrastructure which is used to control compromised machines. --------------------------------------------- https://www.alienvault.com/blogs/labs-research/newly-identified-strongpity-… ∗∗∗ American Express Customers Targeted by Novel Phishing Attack ∗∗∗ --------------------------------------------- The phishing campaign targeted both corporate and consumer cardholders with phishing emails full of grammatical errors but with a small but deadly twist: instead of using the regular hyperlink to the landing page trick, this one used a base HTML element to hide the malicious URL from antispam solutions. This allows the attackers to specify the base URL that should be used for all relative URLs within the phishing message, effectively splitting up the phishing landing page in two separate pieces. --------------------------------------------- https://www.bleepingcomputer.com/news/security/american-express-customers-t… ∗∗∗ Analyzis of DNS TXT Records, (Wed, Jul 17th) ∗∗∗ --------------------------------------------- At the Internet Storm Center, we already mentioned so many times that the domain name system is a goldmine for threat hunting or OSINT. A particular type of DNS record is the TXT record (or text record). It's is a type of resource record used to provide the ability to associate free text with a host or other name. ... I extracted a long list of domain names from different DNS servers logs and malicious domains lists. Then I queried TXT records for each of them. Results have been loaded into a Splunk instance to search for some juicy stuff. What did I find? --------------------------------------------- https://isc.sans.edu/diary/rss/25142 ∗∗∗ EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users ∗∗∗ --------------------------------------------- researchers at security firm Intezer Labs recently discovered a new Linux backdoor implant that appears to be under development and testing phase but already includes several malicious modules to spy on Linux desktop users. ... EvilGnome malware masquerades itself as a legit GNOME extension, a program that lets Linux users extend the functionality of their desktops. --------------------------------------------- https://thehackernews.com/2019/07/linux-gnome-spyware.html ∗∗∗ Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks ∗∗∗ --------------------------------------------- In our analysis, we observed that a user account with less privilege can gain administrator rights over the automation server if jobs are built on the master machine (i.e., the main Jenkins server), a setup enabled by default. An exploit for this can be easily written using shell spawn — a default build step. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PObGTrIqU0M/ ∗∗∗ Fehler in PowerShell Core: Angreifer könnten Windows Defender austricksen ∗∗∗ --------------------------------------------- Microsoft hat einen als "wichtig" eingestuften Sicherheitspatch für PowerShell Core veröffentlicht. Ein Angriff gelingt aber nicht ohne Weiteres. --------------------------------------------- https://heise.de/-4473123 ===================== = Vulnerabilities = ===================== ∗∗∗ Oracle Critical Patch Update Advisory - July 2019 ∗∗∗ --------------------------------------------- This Critical Patch Update contains 319 new security fixes --------------------------------------------- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libreoffice), Red Hat (thunderbird), SUSE (ardana and crowbar, firefox, libgcrypt, and xrdp), and Ubuntu (nss, squid3, and wavpack). --------------------------------------------- https://lwn.net/Articles/793966/ ∗∗∗ LibreOffice: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in LibreOffice ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0611 ∗∗∗ Security Advisory - Information Disclosure Vulnerability on Secure Input ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190717-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Apache ZooKeeper vulnerability CVE-2019-0201 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by kubectl vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Go vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9 and IBM BigFix Inventory v9. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ru… ∗∗∗ IBM Security Bulletin: Vulnerability in systemd affects Power Hardware Management Console (CVE-2019-6454) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-syst… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by WebSphere Liberty Profile vulnerability CVE-2019-4046 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2018-20685 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-rackswitch-firmwa… ∗∗∗ IBM Security Bulletin: IBM Flex System switch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-switc… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.07.2019
by Daily end-of-shift report 16 Jul '19

16 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 15-07-2019 18:00 − Dienstag 16-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Topinambour & Windows event logs ∗∗∗ --------------------------------------------- TL;DR: * Block outgoing SMB traffic if you can * Hunt or Monitor for event ID 106 in "Microsoft-Windows-TaskScheduler%4Operational.evtx" * Think about enabling "Audit Process creation" in "Security.evtx" and command line logging * Hunt or monitor for event ID 4688 in "Security.evtx" --------------------------------------------- http://www.cert.at/services/blog/20190716140317-2501_en.html ∗∗∗ VU#129209: LLVMs Arm stack protection feature can be rendered ineffective ∗∗∗ --------------------------------------------- When the stack protection feature is rendered ineffective, it leaves the function vulnerable to stack-based buffer overflows. It is possible that the return address could be overwritten due to a local buffer overflow and is not caught when the cookie is checked at the end. It is also possible that the cookie itself could be overwritten since it resides on the stack, causing an unintended value to pass the check. --------------------------------------------- https://kb.cert.org/vuls/id/129209 ∗∗∗ Analysis: Server-side polymorphism & PowerShell backdoors ∗∗∗ --------------------------------------------- Malware actors very rarely stick to the same script for extended periods of time. They constantly modify and update their attack methods. Recently we have observed malware that uses server-side polymorphism to hide its payload, which consists of a backdoor fully written in PowerShell. --------------------------------------------- https://www.gdatasoftware.com/blog/2019/07/35061-server-side-polymorphism-p… ∗∗∗ FBI Releases Master Decryption Keys for GandCrab Ransomware ∗∗∗ --------------------------------------------- In an FBI Flash Alert, the FBI has released the master decryption keys for the Gandcrab Ransomware versions 4, 5, 5.0.4, 5.1, and 5.2. Using these keys, any individual or organization can create and release their very own GandCrab decryptor. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fbi-releases-master-decrypti… ∗∗∗ iOS 13: Bug in Beta gibt Passwörter frei ∗∗∗ --------------------------------------------- Wer eine Vorabversion von iOS oder iPadOS einsetzt, sollte vorsichtig mit den Geräten umgehen. Ein Fehler erlaubt Angreifern, Zugangsdaten einzusehen. --------------------------------------------- https://heise.de/-4471743 ∗∗∗ Is ‘REvil’ the New GandCrab Ransomware? ∗∗∗ --------------------------------------------- The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as "REvil," "Sodin," and "Sodinokibi." --------------------------------------------- https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/ ∗∗∗ Extenbro DNS-Changer Used in Adware Campaign ∗∗∗ --------------------------------------------- A recently observed DNS-changer Trojan is being used in an adware campaign to prevent users from accessing security-related websites, Malwarebytes reveals. --------------------------------------------- https://www.securityweek.com/extenbro-dns-changer-used-adware-campaign ∗∗∗ Betrügerische Amazon Marketplace-Shops stehlen Geld! ∗∗∗ --------------------------------------------- Verbraucher/innen können beim Online-Shopping über Amazon auch bei Drittanbieter/innen Bestellungen tätigen. Uns erreichen zahlreiche Meldungen von Personen, die von betrügerischen Marketplace-Shops zu Überweisungen auf externe Konten aufgefordert wurden. Das Geld darf nicht bezahlt werden! Es handelt sich um Betrug und Überweisungen sind verloren. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-amazon-marketplace-sh… ∗∗∗ Finger weg von notebooksbilliger-angebot.net ∗∗∗ --------------------------------------------- Im Online-Shop notebooksbilliger-angebot.net finden Sie vor allem günstige Laptops, Tablets und Smartphones. Echte Schnäppchen werden Sie dort jedoch keine ergattern, denn es handelt sich um einen Fake-Shop. Ihre Bestellung wird trotz Bezahlung nie geliefert. Wir raten, unbekannte Shops immer genauer unter die Lupe zu nehmen! --------------------------------------------- https://www.watchlist-internet.at/news/finger-weg-von-notebooksbilliger-ang… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Symantec Norton Password Manager CVE-2019-9700 IP Address Spoofing Vulnerability ∗∗∗ --------------------------------------------- An attacker can exploit this issue to spoof an IP address which may lead to a false sense of trust, allowing the attacker to perform malicious activities. Other attacks may also be possible. Versions prior to Symantec Norton Password Manager 6.3.0.2082 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108676 ∗∗∗ Patch now before you get your NAS kicked: Iomega storage boxes leave millions of files open to the internet ∗∗∗ --------------------------------------------- API blunder exposes data, fix incoming from Lenovo Lenovo is emitting an emergency firmware patch for Iomega NAS devices after the network-attached storage boxes were discovered inadvertently offering millions of files to the internet via an insecure software interface. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/16/iomega_nas_… ∗∗∗ Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu ∗∗∗ --------------------------------------------- The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software. --------------------------------------------- https://thehackernews.com/2019/07/zoom-ringcentral-vulnerabilities.html ∗∗∗ Moodle CVE-2019-10187 Security Bypass Vulnerability ∗∗∗ --------------------------------------------- Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Moodle 3.7, 3.6 through 3.6.4, 3.5 through 3.5.6 and prior unsupported versions are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/109174/discuss ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (expat and radare2), Oracle (thunderbird), Red Hat (389-ds-base, keepalived, libssh2, perl, and vim), Scientific Linux (thunderbird), SUSE (bzip2, kernel, podofo, systemd, webkit2gtk3, and xrdp), and Ubuntu (bash, nss, redis, squid, squid3, and Zipios). --------------------------------------------- https://lwn.net/Articles/793852/ ∗∗∗ Cisco Content Security Management Appliance Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to TianoCore EDK II BIOS Vulnerability (CVE-2018-12182) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-released-unif… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to File Path Traversal (CVE-2019-4430) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerability CVE-2019-12086 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Event Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Business Developer. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Netcool Configuration Manager (CVE-2018-1890, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-mozilla-fire… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ Linux kernel vulnerability CVE-2019-11599 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K51674118 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.07.2019
by Daily end-of-shift report 15 Jul '19

15 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 12-07-2019 18:00 − Montag 15-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Turla renews its arsenal with Topinambour ∗∗∗ --------------------------------------------- 2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but they’re creating new tools. Here we’ll tell you about several of them, namely “Topinambour” and its related modules. --------------------------------------------- https://securelist.com/turla-renews-its-arsenal-with-topinambour/91687/ ∗∗∗ Brilliant Boston boffins blow big borehole in Bluetooths ballyhooed barricades: MAC addy randomization broken ∗∗∗ --------------------------------------------- Scrambling addresses cant always hide you from stalkers, say eggheads A team of US academics have proposed a simple method to defeat the Bluetooth LE standards anti-tracking measures.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/12/untraceable… ∗∗∗ ENISA: Annual report Trust Services Security Incidents 2018 ∗∗∗ --------------------------------------------- The document gives an aggregated overview of security breaches with significant impact reported in 2018 by EU national supervisory bodies. It shows root causes, statistics and trends, and marks the third round of security incident reporting for the EU’s trust services sector. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/annual-report-trust-services-se… ∗∗∗ Hackers Can Manipulate Media Files Transferred via WhatsApp, Telegram ∗∗∗ --------------------------------------------- Researchers at Symantec have detailed an attack method, dubbed “Media File Jacking,” that allows a malicious Android application with “write-to-external storage” permissions to quickly modify files sent or received via WhatsApp and Telegram between the time they are written to the disk and the moment they are loaded in the app’s user interface. --------------------------------------------- https://www.securityweek.com/hackers-can-manipulate-media-files-transferred… ∗∗∗ NCSC-UK: Ongoing DNS hijacking and mitigation advice ∗∗∗ --------------------------------------------- This NCSC advisory highlights further hijacking activity of Domain Name Systems, and provides mitigation advice. --------------------------------------------- https://www.ncsc.gov.uk/news/ongoing-dns-hijacking-and-mitigation-advice ===================== = Vulnerabilities = ===================== ∗∗∗ VideoLAN VLC CVE-2019-13602 Heap Based Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. --------------------------------------------- https://www.securityfocus.com/bid/109158/discuss ∗∗∗ McAfee Agent CVE-2019-3592 Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- An attacker can exploit this issue to gain elevated privileges. McAfee Agent 5.x versions prior to 5.6.1 HF3 are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/109148/discuss ∗∗∗ Xiaomi Mi6 Browser CVE-2019-13322 Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the user. Failed exploits will result in denial-of-service conditions. Xiaomi Browser version prior to 10.4.0 are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/109138/discuss ∗∗∗ Critical Vulnerability Patched in Ad Inserter Plugin ∗∗∗ --------------------------------------------- On Friday, July 12th, our Threat Intelligence team discovered a vulnerability present in Ad Inserter, a WordPress plugin installed on over 200,000 websites. The weakness allowed authenticated users (Subscribers and above) to execute arbitrary PHP code on websites using the plugin. We privately disclosed the issue to the plugin’s developer, who released a patch the very next day. --------------------------------------------- https://www.wordfence.com/blog/2019/07/critical-vulnerability-patched-in-ad… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (libspring-java, ruby-mini-magick, and thunderbird), Fedora (fossil, python-django, snapd-glib, and thunderbird), openSUSE (helm and monitoring-plugins), Red Hat (cyrus-imapd, thunderbird, and vim), Scientific Linux (vim), Slackware (bzip2), SUSE (bubblewrap, bzip2, expat, glib2, kernel, php7, python3, and tomcat), and Ubuntu (exiv2, firefox, and flightcrew). --------------------------------------------- https://lwn.net/Articles/793740/ ∗∗∗ Squid: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Squid ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0608 ∗∗∗ 2019-07-15: Authentication Bypass Vulnerability in CCLAS and Ellipse ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A6224&Lan… ∗∗∗ Security Advisory - Intel Microarchitectural Data Sampling (MDS) vulnerabilities ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190712-… ∗∗∗ IBM Security Bulletin: Apache Struts Vulnerability Affects IBM Campaign and IBM Contact Optimization (CVE-2017-7525) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-struts-vulnera… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects Cloud Foundry for IBM Cloud Private (CVE-2019-3789) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ Linux kernel vulnerability CVE-2018-20836 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11225249 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.07.2019
by Daily end-of-shift report 12 Jul '19

12 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 11-07-2019 18:00 − Freitag 12-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Burning down the house with IoT ∗∗∗ --------------------------------------------- For years we’ve been trying to set fire to ‘smart’ things by hacking them. We got some charring on the iKettle, but nothing more. Then we found some smart hair straighteners. --------------------------------------------- https://www.pentestpartners.com/security-blog/burning-down-the-house-with-i… ∗∗∗ Investigating Some Subscription Scam iOS Apps ∗∗∗ --------------------------------------------- For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. ... Aside from being classic subscription scam apps, I wanted to examine how they work internally and how they communicate with their servers and what type of information are they sending. --------------------------------------------- https://apple.slashdot.org/story/19/07/11/1953207/investigating-some-subscr… ∗∗∗ iOS URL Scheme Susceptible to Hijacking ∗∗∗ --------------------------------------------- For example, when a URL with facetime:// is opened, FaceTime places a call — this is the URL Scheme coming into play. It is a very convenient shortcut; but the URL Scheme is designed for communication, not security. Below, we discuss how abuse of the URL Scheme can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads, and more. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-… ∗∗∗ 16Shop Now Targets Amazon ∗∗∗ --------------------------------------------- Since early November 2018 McAfee Labs have observed a phishing kit, dubbed 16Shop, being used by malicious actors to target Apple account holders in the United States and Japan. Typically, the victims receive an email with a pdf file attached. An example of the message within the email is shown below, with an accompanying translation: [...] --------------------------------------------- https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/16shop-now-targ… ∗∗∗ FIRST Announces CVSS Version 3.1 ∗∗∗ --------------------------------------------- The Forum of Incident Response and Security Teams (FIRST) on Friday announced version 3.1 of the Common Vulnerability Scoring System (CVSS). CVSS is a widely adopted standard for rating the severity of software vulnerabilities, and it provides a framework for communicating the characteristics and impact of security flaws. --------------------------------------------- https://www.securityweek.com/first-announces-cvss-version-31 ===================== = Vulnerabilities = ===================== ∗∗∗ Philips Holter 2010 Plus ∗∗∗ --------------------------------------------- This advisory provides information about, and mitigations for, a vulnerability reported in the Philips Holter 2010 Plus. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsma-19-192-01 ∗∗∗ Delta Industrial Automation CNCSoft ScreenEditor ∗∗∗ --------------------------------------------- This advisory includes mitigations for heap-based buffer overflow and out-of-bounds read vulnerabilities reported in the Delta Electronics CNCSoft ScreenEditor. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-192-01 ∗∗∗ AVEVA Vijeo Citect and Citect SCADA Floating License Manager ∗∗∗ --------------------------------------------- This advisory provides information about, and mitigations for, several vulnerabilities reported in the AVEVA Vijeo Citect and Citect SCADA Floating License Manager applications. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-192-05 ∗∗∗ Schneider Electric Interactive Graphical SCADA System ∗∗∗ --------------------------------------------- This advisory includes mitigations for an out-of-bounds write vulnerability in the Schneider Electric Interactive Graphical SCADA System software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-192-06 ∗∗∗ Schneider Electric Floating License Manager ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation and memory corruption vulnerabilities in the Schneider Electric Floating License Manager software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-192-07 ∗∗∗ CVE-2019-11360: BufferOverflow in iptables-restore v1.8.2 ∗∗∗ --------------------------------------------- This blogpost is about a BufferOverflow vulnerability which I found by fuzzing iptables-restore using AFL in March, 2019. It was fixed by the netfilter team in April 2019 ... All in all, I believe that this vulnerability can only be used for academic/educational purposes and has no particular real-world impact. --------------------------------------------- https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (dbus), Debian (firefox-esr, python3.4, and redis), Mageia (ffmpeg), Oracle (firefox, libvirt, and qemu), Red Hat (firefox and virt:8.0.0), Scientific Linux (firefox), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/793563/ ∗∗∗ QNX-2019-001 Vulnerability in procfs service Impacts BlackBerry QNX Software Development Platform ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory 2019-10: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-10-security-update-for-ot… ∗∗∗ Security Advisory 2019-11: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-11-security-update-for-ot… ∗∗∗ Security Advisory 2019-12: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-12-security-update-for-ot… ∗∗∗ Vuln: Oracle July 2019 Critical Patch Update Multiple Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/109125 ∗∗∗ ZDI-19-660: (Pwn2Own) Xiaomi Mi6 Browser miui.share APK Download Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-660/ ∗∗∗ ZDI-19-659: Xiaomi Mi6 Captive Portal WebView Authorization Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-659/ ∗∗∗ IBM Security Bulletin: Publicly disclosed vulnerability in Java used by IBM FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vu… ∗∗∗ IBM Security Bulletin: Publicly disclosed vulnerability in Oracle Outside In Technology used by IBM FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vu… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Watson Assistant for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to a publicly disclosed vulnerability in Spring Framework (CVE-2018-15756) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerability Affects IBM Campaign, IBM Contact Optimization and IBM Marketing Operations (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-commons-fileup… ∗∗∗ Asterisk: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0606 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.07.2019
by Daily end-of-shift report 11 Jul '19

11 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 10-07-2019 18:00 − Donnerstag 11-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Magento Killer ∗∗∗ --------------------------------------------- A malicious PHP script, aptly given the name “Magento Killer” by its creator(s), has been found targeting Magento websites. While it doesn’t actually kill the Magento installation, it does allow the attacker to modify data in the core_config_data table of the targeted Magento database. --------------------------------------------- https://blog.sucuri.net/2019/07/magento-killer.html ∗∗∗ AMDs SEV tech that protects cloud VMs from rogue servers may as well stand for... Still Extremely Vulnerable ∗∗∗ --------------------------------------------- Evil hypervisors can work out what apps are running, extract data from encrypted guests Five boffins from four US universities have explored AMDs Secure Encrypted Virtualization (SEV) technology – and found its defenses can be, in certain circumstances, bypassed with a bit of effort.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/10/amd_secure_… ∗∗∗ Wondering how to whack Zooms dodgy hidden web server on your Mac? No worries, Apples done it for you ∗∗∗ --------------------------------------------- iGiant acts to protect users Apple has pushed a silent update to Macs, disabling the hidden web server installed by the popular Zoom web-conferencing software.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/11/apple_remov… ∗∗∗ Awesome-Cellular-Hacking ∗∗∗ --------------------------------------------- Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the communitys knowledge. Thank you, I plan on frequently updating this "Awesome Cellular Hacking" curated list with the most up to date exploits, blogs, research, and papers. --------------------------------------------- https://github.com/W00t3k/Awesome-Cellular-Hacking ∗∗∗ Your Pa$$word doesnt matter ∗∗∗ --------------------------------------------- Every week I have at least one conversation with a security decision maker explaining why a lot of the hyperbole about passwords – “never use a password that has ever been seen in a breach,” “use really long passwords”, “passphrases-will-save-us”, and so on – is inconsistent with our research and with the reality our team sees as we defend against 100s of millions of password-based attacks every day. Focusing on password rules, rather than things that can really help – like multi-factor authentication (MFA), or great threat detection – is just a distraction. --------------------------------------------- https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your… ∗∗∗ Wenn Shoppen per Smartphone zur Falle wird ∗∗∗ --------------------------------------------- Online-Shoppen wird immer beliebter. Bereits 60 % der Österreicher/innen bestellen im Internet und klicken sich via Computer, Laptop oder Smartphone durch das Angebot. Speziell mobiles Einkaufen mit dem Smartphone hat jedoch neben den vielen Vorteilen einen großen Nachteil: betrügerische Shops sind am Handy schwieriger zu entlarven, als am Computer. --------------------------------------------- https://www.watchlist-internet.at/news/wenn-shoppen-per-smartphone-zur-fall… ===================== = Vulnerabilities = ===================== ∗∗∗ Jira Server and Data Center Update Patches Critical Vulnerability ∗∗∗ --------------------------------------------- Atlassian has patched a critical vulnerability affecting Jira Server and Data Center since version 4.4.0, launched in the summer of 2011. --------------------------------------------- https://www.bleepingcomputer.com/news/security/jira-server-and-data-center-… ∗∗∗ Custom Permissions - Critical - Access bypass - SA-CONTRIB-2019-055 ∗∗∗ --------------------------------------------- This module enables you to add and manage additional custom permissions through the administration UI.The module doesnt sufficiently check for the proper access permissions to this page. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-055 ∗∗∗ Nagios XI CVE-2018-17147 Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- Nagios XI is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. --------------------------------------------- https://www.securityfocus.com/bid/109116/discuss ∗∗∗ Exiv2 CVE-2019-13504 Remote Denial of Service Vulnerability ∗∗∗ --------------------------------------------- An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. --------------------------------------------- https://www.securityfocus.com/bid/109117/discuss ∗∗∗ Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. ... Note: Only traffic directed to the affected system can be used to exploit this vulnerability. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Citrix SD-WAN Multiple Security Updates ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been identified in the management console of the Citrix SD-WAN Center and NetScaler SD-WAN Center. Multiple Vulnerabilities have also been identified on the Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. Collectively, these vulnerabilities could result in an unauthenticated attacker executing commands as root against the SD-WAN Center management console, or potentially be used to gain root privileges on the SD-WAN appliance. --------------------------------------------- https://support.citrix.com/article/CTX251987 ∗∗∗ FSC-2019-3: Unauthenticated Remote Code Execution in F-Secure Internet Gatekeeper ∗∗∗ --------------------------------------------- A vulnerability was discovered in the web user interface of the F-Secure Internet Gatekeeper product. An unauthenticated user can cause a heap overflow by issuing a malformed HTTP request to the web user interface. A successful attack can lead to remote code execution on the F-Secure Internet Gatekeeper server. --------------------------------------------- https://www.f-secure.com/en/web/labs_global/fsc-2019-3 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dosbox and openjpeg2), Oracle (dbus and kernel), Scientific Linux (dbus), Slackware (mozilla), and SUSE (fence-agents, libqb, postgresql10, and sqlite3). --------------------------------------------- https://lwn.net/Articles/793442/ ∗∗∗ IBM Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-bind… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting (XSS) (CVE-2019-4211) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM Jazz for Service Management is missing function level access control that could allow a user to delete authorized resources (CVE-2019-4194) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-jazz-for-service-… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to an Information exposure (CVE-2019-4054) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a publicly disclosed vulnerability in Apache Tika (CVE-2018-17197) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-incident-f… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to an Information Exposure (CVE-2018-2022) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-2021) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to OpenSSL vulnerability CVE-2018-5407 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-released-unif… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Campaign (CVE-2018-1921) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: IBM QRadar Incident Forensics is vulnerable to publicly disclosed vulnerabilities from Apache Tika (CVE-2018-11761, CVE-2018-11762, CVE-2018-8017, CVE-2018-11796) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-incident-f… ∗∗∗ Excess resource consumption due to low MSS values vulnerability CVE-2019-11479 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35421172 ∗∗∗ Juniper JUNOS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0597 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.07.2019
by Daily end-of-shift report 10 Jul '19

10 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 09-07-2019 18:00 − Mittwoch 10-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ eCh0raix — New Ransomware Targets QNAP NAS Devices ∗∗∗ --------------------------------------------- A new ransomware family has been found targeting Network Attached Storage (NAS) devices made by Taiwan-based QNAP Systems and holding users data hostage until a ransom is paid, researchers told The Hacker News. Ideal for home and small business, NAS devices are dedicated file storage units connected to a network or through the Internet ... --------------------------------------------- https://thehackernews.com/2019/07/ransomware-nas-devices.html ∗∗∗ New FinSpy iOS and Android implants revealed ITW ∗∗∗ --------------------------------------------- FinSpy is used to collect a variety of private user information on various platforms. Since 2011 Kaspersky has continuously monitored the development of this malware and the emergence of new versions in the wild. According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019. --------------------------------------------- https://securelist.com/new-finspy-ios-and-android-implants-revealed-itw/916… ∗∗∗ ENISA puts out EU ICT Industrial Policy paper for consultation ∗∗∗ --------------------------------------------- The EU Agency for Cybersecurity, ENISA, launches its consultation paper ‘EU ICT Industrial Policy: Breaking the Cycle of Failure’, a paper that aims to explore issues such as digital sovereignty and the supply chain of cybersecurity products in Europe, as well as to present an overview of the relationship between the global ICT market and the cybersecurity market. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-puts-out-eu-ict-industria… ∗∗∗ Error in DNSSEC implementation on F5 BIG-IP load balancers ∗∗∗ --------------------------------------------- The vendor (F5) was informed about the error in August 2018 and now it has released the recommended configuration to workaround the problem. As the operators of DNS resolvers are already encountering the bug in normal operation, we are publishing a detailed description of the error to inform the professional public and raise awareness of the problem. --------------------------------------------- https://en.blog.nic.cz/2019/07/10/error-in-dnssec-implementation-on-f5-big-… ∗∗∗ Verschlüsseln mit PGP: Das neue GnuPG und der langsame Tod des Web of Trust ∗∗∗ --------------------------------------------- Die neue Version von GnuPG soll die Auswirkungen des Signatur-Spams einschränken. Deshalb ignoriert es ab sofort alle Signaturen der importierten Schlüssel. --------------------------------------------- https://heise.de/-4467052 ∗∗∗ Angreifbare Logitech-Tastaturen: Antworten auf die dringendsten Fragen ∗∗∗ --------------------------------------------- Was muss man bei kabellosen Tastaturen und Mäusen von Logitech jetzt beachten? Wie gefährliche sind die Lücken? Unsere FAQ beantworten die häufigsten Fragen. --------------------------------------------- https://heise.de/-4466921 ∗∗∗ Discovering and fingerprinting BACnet devices ∗∗∗ --------------------------------------------- BACnet is a communication protocol deployed for building automation and control networks. The most widely accepted networks include Internet Protocol (BACnet/IP) and the Master-Slave Token-Passing network (BACnet MS/TP). Generally, routers are required to interconnect BACnet networks while gateways are preferred for connecting non-compliant devices to a primary BACnet network. It is anticipated that 64% of the building automation industry uses BACnet for effective operations. --------------------------------------------- https://www.helpnetsecurity.com/2019/07/10/bacnet-devices/ ∗∗∗ Windows zero-day CVE-2019-1132 exploited in targeted attacks ∗∗∗ --------------------------------------------- The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component. Once the exploit was discovered and analyzed, it was reported to the Microsoft Security Response Center, who promptly fixed the vulnerability and released a patch. --------------------------------------------- https://www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-ex… ∗∗∗ Bank Austria Phishing-Nachricht mit PDF-Anhang in Umlauf ∗∗∗ --------------------------------------------- Vorsicht vor einer betrügerischen E-Mail im Namen der Bank Austria. Kriminelle versenden eine Nachricht mit .pdf-Anhang, die zur Eingabe der Online-Banking-Daten auffordert, da Datenbankprobleme aufgetreten sein sollen. Anschließend sollen Betroffene einen SMS-Code erhalten. Achtung! Es handelt sich vermutlich um eine SMS-Tan für eine betrügerische Abbuchungen. --------------------------------------------- https://www.watchlist-internet.at/news/bank-austria-phishing-nachricht-mit-… ∗∗∗ Using Wireshark: Exporting Objects from a PCAP ∗∗∗ --------------------------------------------- When reviewing packet captures (pcaps) of suspicious activity, security professionals may need to export objects from the pcaps for a closer examination.This tutorial offers tips on how to export different types of objects from a pcap. The instructions assume you understand network traffic fundamentals. We will use these pcaps of network traffic to practice extracting objects using Wireshark. --------------------------------------------- https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-… ∗∗∗ New Android malware replaces legitimate apps with ad-infested doppelgangers ∗∗∗ --------------------------------------------- New "Agent Smith" malware operation is preparing to invade the Google Play Store. --------------------------------------------- https://www.zdnet.com/article/new-android-malware-replaces-legitimate-apps-… ===================== = Vulnerabilities = ===================== ∗∗∗ Medizin: Sicherheitslücken in Beatmungsgeräten ∗∗∗ --------------------------------------------- Über das Krankenhausnetzwerk lassen sich Befehle an Anästhesie- und Beatmungsgeräte des Herstellers GE senden. Eine Sicherheitslücke ermöglicht unter anderem, Dosierung und Typ des Narkosemittels zu ändern. --------------------------------------------- https://www.golem.de/news/medizin-sicherheitsluecken-in-beatmungsgeraeten-1… ∗∗∗ [20190701] - Core - Filter attribute in subform fields allows remote code execution ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. --------------------------------------------- https://developer.joomla.org/security-centre/787-20190701-core-filter-attri… ∗∗∗ VMWare Security Advisory on DoS Vulnerability in ESXi, (Tue, Jul 9th) ∗∗∗ --------------------------------------------- VMWare has released patches for ESXi that address a denial of service vulnerablility in hostd. ESXi 6.0 is unaffected, 6.5 has a patch, and 6.7 has a patch pending. This addresses a vulnerability described in CVE-2019-5528 and is rated important (CVSSv3 = 5.3). A workaround has also been published. If you run ESXi, you should take a look at this as well today. --------------------------------------------- https://isc.sans.edu/diary/rss/25112 ∗∗∗ Vuln: Intel Processor Diagnostic Tool CVE-2019-11133 Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- A local attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. --------------------------------------------- http://www.securityfocus.com/bid/109096 ∗∗∗ Vuln: Symantec Messaging Gateway CVE-2019-12751 Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- An attacker can exploit this issue to gain elevated privileges on an affected system. Symantec Messaging Gateway versions prior to 10.7.1 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108925 ∗∗∗ Patchday: Angreifer attackieren Windows und Windows Server ∗∗∗ --------------------------------------------- Microsoft schließt fast 80 Sicherheitslücken in Windows & Co. Davon gelten mehrere Schwachstellen als kritisch. --------------------------------------------- https://heise.de/-4466722 ∗∗∗ Security Advisory - Three Vulnerabilities in Huawei PCManager Product ∗∗∗ --------------------------------------------- There are two information leak vulnerabilities in Huawei PCManager product. Successful exploitation may cause the attacker to read/write some information. The two vulnerabilities have been assigned two Common Vulnerabilities and Exposures (CVE) IDs: CVE-2019-5237 and CVE-2019-5238. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190710-… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (redis), Fedora (expat), Mageia (dosbox, irssi, microcode, and postgresql11), Red Hat (bind, dbus, openstack-ironic-inspector, openstack-tripleo-common, python-novajoin, and qemu-kvm-rhev), Scientific Linux (kernel), SUSE (kernel-firmware, libdlm, libqb, and libqb), and Ubuntu (apport). --------------------------------------------- https://lwn.net/Articles/793360/ ∗∗∗ ImageMagick: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in ImageMagick ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0589 ∗∗∗ Emerson DeltaV Distributed Control System ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-190-01 ∗∗∗ Rockwell Automation PanelView 5510 ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-190-02 ∗∗∗ Schneider Electric Zelio Soft 2 ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-190-03 ∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Intel Microarchitectural Data Sampling (MDS) Side Channel vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-released-unif… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: The IBM Runtime Environment Java Version 8 used by Transparent Cloud Tiering has a vulnerability which disclosed as part of the IBM Java SDK updates in April 2019 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-ibm-runtime-envir… ∗∗∗ IBM Security Bulletin: IBM® Java™ SDK Technology Edition, Apr 2019, affects IBM Security Identity Manager Virtual Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-java-sdk-technolo… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2019-0196, CVE-2019-0197, and CVE-2019-0220 in the IBM i HTTP Server affect IBM i. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2… ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM WebSphere Application Server affects IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem 840 and 900 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem V840 and V9000 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – IAM WebSphere Liberty (CVE-2018-1683, CVE-2018-1755) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Mozilla Firefox vulnerability in IBM SONAS (CVE-2019-11708) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-mozilla-firefox-vulne… ∗∗∗ IBM Security Bulletin: Mozilla Firefox vulnerability in IBM SONAS (CVE-2019-11707) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-mozilla-firefox-vulne… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Intel CPUs affect IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-in… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.07.2019
by Daily end-of-shift report 09 Jul '19

09 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 08-07-2019 18:00 − Dienstag 09-07-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ FPM-Sicherheitslücke: Daten exfiltrieren mit Facebooks HHVM ∗∗∗ --------------------------------------------- Server für den sogenannten FastCGI Process Manager (FPM) können, wenn sie übers Internet erreichbar sind, unbefugten Zugriff auf Dateien eines Systems geben. Das betrifft vor allem HHVM von Facebook, bei PHP sind die Risiken geringer. --------------------------------------------- https://www.golem.de/news/fpm-sicherheitsluecke-daten-exfiltrieren-mit-face… ∗∗∗ Fileless Attack Attempts to Run Astaroth Backdoor Directly in Memory ∗∗∗ --------------------------------------------- Microsoft says it recently detected and stopped a fileless campaign looking to deliver the Astaroth Trojan to unsuspecting victims. read more --------------------------------------------- https://www.securityweek.com/fileless-attack-attempts-run-astaroth-backdoor… ∗∗∗ Fake-Shops entertaini.eu & gartenhimmel.eu mit gefälschtem Klarna-Checkout! ∗∗∗ --------------------------------------------- Vorsicht vor betrügerischen Online-Shops, die vorgeben, Klarnas Sofort-Überweisung anzubieten, Konsument/innen aber auf eine gefälschte Klarna-Website weiterleiten. Das geschieht bei entertaini.eu, der Gaming- und Entertainment-Artikel anbietet, sowie gartenhimmel.eu, der Haushaltsware und Sportartikel führt. Nicht bestellen! Eingegebene Daten sind in Gefahr und die Ware existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/fake-shops-entertainieu-gartenhimmel… ∗∗∗ IT-Security - Videokonferenz-App gibt Unbekannten Zugriff auf Mac-Webcam ∗∗∗ --------------------------------------------- Lücke in Zoom erlaubte "Videoanrufe", selbst wenn das Programm nicht mehr installiert war – Millionen User und bis zu 750.000 Firmen betroffen --------------------------------------------- https://derstandard.at/2000106075694/Videokonferenz-App-gibt-Unbekannten-Zu… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Bridge CC (APSB19-37), Adobe Experience Manager (APSB19-38) and Adobe Dreamweaver (APSB19-40). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1765 ∗∗∗ [20190701] - Core - Filter attribute in subform fields allows remote code execution ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.9.7 - 3.9.8 Exploit type: Remote Code Execution Reported Date: 2019-June-20 Fixed Date: 2019-July-09 CVE Number: CVE-2019-xxx Description Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/6jkIqCFwOTE/787-20190701-c… ∗∗∗ Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to insufficient validation of input SIP traffic. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Xen Security Advisory XSA-300 ∗∗∗ --------------------------------------------- Guest may be able to crash domain 0 (Host Denial-of-Service); or may be able to starve out I/O requests from other guests (Guest Denial-of-Service). --------------------------------------------- https://xenbits.xen.org/xsa/advisory-300.html ∗∗∗ Xpdf: CERT-Bund warnt vor ungepatchten Schwachstellen in freiem PDF-Viewer ∗∗∗ --------------------------------------------- Die aktuelle Version des freien PDF-Betrachters enthält mehrere Schwachstellen. Fixes gibt es bislang noch nicht. --------------------------------------------- https://heise.de/-4465908 ∗∗∗ Linux kernel vulnerability CVE-2019-11811 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01512680 ∗∗∗ HPESBST03918 rev.1 - HPE 3PAR Service Processor (SP), remote Disclosure of Privileged Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (irssi, python-django, and python2-django), Debian (libspring-security-2.0-java and zeromq3), Red Hat (python27-python), SUSE (ImageMagick, postgresql10, python-Pillow, and zeromq), and Ubuntu (apport, Docker, glib2.0, gvfs, whoopsie, and zeromq3). --------------------------------------------- https://lwn.net/Articles/793235/ ∗∗∗ SAP Patchday Juli: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0580 ∗∗∗ Citrix Hypervisor Security Update. ∗∗∗ --------------------------------------------- CTX256725 NewApplicable Products : Citrix Hypervisor 8.0, XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 2, XenServer 7.6A vulnerability has been found in Citrix Hypervisor (formerly Citrix XenServer) that may allow an unauthenticated attacker with the ability to send traffic to a host over a management or storage network to cause the host to crash. --------------------------------------------- https://support.citrix.com/article/CTX256725 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Governance and Intelligence ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect Rational Publishing Engine ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Multicloud Manager contains sensitive information upon deployment (CVE-2019-4118) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-multicloud-manage… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus, IBM App Connect Enterpise v11 and WebSphere Message Broker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ SSA-121293 (Last Update: 2019-07-09): Code Upload Vulnerability in SIMATIC WinCC and SIMATIC PCS7 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-121293.txt ∗∗∗ SSA-307392 (Last Update: 2019-07-09): Denial-of-Service in OPC UA in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt ∗∗∗ SSA-556833 (Last Update: 2019-07-09): TLS Vulnerabilities in SIMATIC RF6XXR ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-556833.txt ∗∗∗ SSA-616472 (Last Update: 2019-07-09): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-616472.txt ∗∗∗ SSA-697412 (Last Update: 2019-07-09): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-697412.txt ∗∗∗ SSA-721298 (Last Update: 2019-07-09): Missing Authentication Vulnerability in TIA Administrator (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-721298.txt ∗∗∗ SSA-747162 (Last Update: 2019-07-09): Cross-Site Scripting Vulnerability in Spectrum Power™ ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-747162.txt ∗∗∗ SSA-899560 (Last Update: 2019-07-09): Vulnerabilities in SIPROTEC 5 relays and DIGSI 5 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-899560.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.07.2019
by Daily end-of-shift report 08 Jul '19

08 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 05-07-2019 18:00 − Montag 08-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Anubis Android Malware Returns with Over 17,000 Samples ∗∗∗ --------------------------------------------- In mid-January of 2019, we saw Anubis use a plethora of techniques, including the use of motion-based sensors to elude sandbox analysis and overlays to steal personally identifiable information. The latest samples of Anubis (detected by Trend Micro as AndroidOS_AnubisDropper) we recently came across are no different. While tracking Anubis’ activities, we saw two related servers containing 17,490 samples. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence /anubis-android-malware-returns-with-over-17000-samples/ ∗∗∗ Godlua, Missverständnisse und der Streit um DNS over HTTPS ∗∗∗ --------------------------------------------- Der Linux-Schadcode Godlua verschlüsselt seinen DNS-Traffic mit HTTPS, benutzt allerdings nicht das DoH-Protokoll. --------------------------------------------- https://heise.de/-4464640 ∗∗∗ Malicious Code Planted in strong_password Ruby Gem ∗∗∗ --------------------------------------------- A developer discovered that an update released for the 'strong_password' Ruby gem contained malicious code that allowed an attacker to remotely execute arbitrary code. Developer Tute Costa was updating gems used by a Rails application when he noticed that version 0.0.7 of strong_password was pushed out on RubyGems.org, the Ruby community's gem hosting service, but not on GitHub. --------------------------------------------- https://www.securityweek.com /malicious-code-planted-strongpassword-ruby-gem ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-19-640: (0Day) Google Android Bluetooth hci_len Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows attackers in close proximity to execute arbitrary code on vulnerable installations of Google Android. User interaction is required to exploit this vulnerability in that the target must accept a malicious file transfer. ... 06/07/19 - The vendor replied the fix was not public yet but would soon be included in the next release of a major version --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-640/ ∗∗∗ Multiple Vulnerabilities in innovaphone VoIP Products Fixed ∗∗∗ --------------------------------------------- innovaphone fixed several vulnerabilities in two VoIP products that we disclosed a while ago. The affected products are the Linux Application Platform and the IPVA. Unfortunately, the release notes are not public (yet?) and the vendor does not include information about the vulnerabilities for the Linux Application Platform. Therefore, we decided to publish some more technical details for the issues. --------------------------------------------- https://insinuator.net/2019/07 /multiple-vulnerabilities-in-innovaphone-voip-products-fixed/ ∗∗∗ ct deckt auf: Tastaturen und Mäuse von Logitech weitreichend angreifbar ∗∗∗ --------------------------------------------- In etlichen Tastaturen, Mäusen und Presentern von Logitech klaffen Sicherheitslücken. ct erklärt, welche Produkte betroffen sind und was Sie jetzt tun sollten. --------------------------------------------- https://heise.de/-4464149 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dosbox, python-django, squid3, and unzip), Fedora (filezilla, libfilezilla, and samba), openSUSE (gvfs), Oracle (kernel), Red Hat (firefox and redhat-virtualization-host), SUSE (bash and libpng16), and Ubuntu (libvirt). --------------------------------------------- https://lwn.net/Articles/793057/ ∗∗∗ CVE-2019–13142: Razer Surround 1.1.63.0 EoP ∗∗∗ --------------------------------------------- Version: Razer Surround 1.1.63.0 Operating System tested on: Windows 10 1803 (x64) Vulnerability: Razer Surround Elevation of Privilege through Insecure folder/file permissions --------------------------------------------- https://posts.specterops.io /cve-2019-13142-razer-surround-1-1-63-0-eop-f18c52b8be0c ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-mozilla-firefox-vulnerability-in-ibm -sonas-2/ ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-mozilla-firefox-vulnerability-in-ibm -sonas/ ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-mozilla-firefox-vulnerabilities-in-i bm-sonas-6/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime- affect-ibm-cloud-transformation-advisor-2/ ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Websphere Application Server could affect IBM Cloud App Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-a-vulnerability-in-ibm-websphere-application- server-could-affect-ibm-cloud-app-management/ ∗∗∗ HPESBHF03937 rev.1 - HPE UIoT Unauthorized Remote Access and Access to Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public /display?docLocale=en_US&docId=emr_na-hpesbhf03937en_us ∗∗∗ HPESBMU03941 rev.1 - HPE IceWall SSO Agent Option and IceWall MFA Remote Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public /display?docLocale=en_US&docId=emr_na-hpesbmu03941en_us -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.07.2019
by Daily end-of-shift report 05 Jul '19

05 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 04-07-2019 18:00 − Freitag 05-07-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Automated Magecart Campaign Hits Over 960 Breached Stores ∗∗∗ --------------------------------------------- A large-scale payment card skimming campaign that successfully breached 962 e-commerce stores was discovered today by Magento security research company Sanguine Security. --------------------------------------------- https://www.bleepingcomputer.com/news/security/automated-magecart-campaign-… ∗∗∗ Understanding Elliptic Curve Cryptography And Embedded Security ∗∗∗ --------------------------------------------- All About Circuits is publishing a series of articles on embedded security, with a strong focus on network security. In addition to the primer article, so far they have covered the Diffie-Hellman exchange (using prime numbers, exponentiation and modular arithmetic) and the evolution of this exchange using elliptic curve cryptography (ECC) --------------------------------------------- https://hackaday.com/2019/07/04/understanding-elliptic-curve-cryptography-a… ∗∗∗ Tor Project to fix bug used for DDoS attacks on Onion sites for years ∗∗∗ --------------------------------------------- Tor vulnerability has been exploited for years and has been used for censorship, sabotage, and extortion of Onion sites. --------------------------------------------- https://www.zdnet.com/article/tor-project-to-fix-bug-used-for-ddos-attacks-… ∗∗∗ Croatian government targeted by mysterious hackers ∗∗∗ --------------------------------------------- Government agencies targeted with never before seen malware payload — named SilentTrinity. --------------------------------------------- https://www.zdnet.com/article/croatian-government-targeted-by-mysterious-ha… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by SUSE (firefox, mozilla-nss, mozilla-nspr, helm-mirror, libu2f-host, and libu2f-host, pam_u2f) and Ubuntu (bzip2 and irssi). --------------------------------------------- https://lwn.net/Articles/792890/ ∗∗∗ IBM Security Bulletin: IBM Jazz for Service Management stores sensitive information in URL parameters (CVE-2019-4193) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-jazz-for-service-… ∗∗∗ IBM Security Bulletin: Vulnerability in Google Guava affects IBM Cúram Social Program Management (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-goog… ∗∗∗ Foxit Reader und Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0574 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.07.2019
by Daily end-of-shift report 04 Jul '19

04 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 03-07-2019 18:00 − Donnerstag 04-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device ∗∗∗ --------------------------------------------- Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victims computer. --------------------------------------------- https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html ∗∗∗ New Golang malware plays the Linux field in quest for cryptocurrency ∗∗∗ --------------------------------------------- F5 researchers say that Golang spreads through a total of seven methods; four exploits targeting ThinkPHP, Drupal, and Confluence; the use of SSH and Redis database misconfigurations or credentials, and the subsequent spread to other machines using any SSH keys the malware stumbles across. --------------------------------------------- https://www.zdnet.com/article/new-golang-malware-plays-the-field-in-quest-f… ∗∗∗ Unfixable Seed Extraction on Trezor - A practical and reliable attack ∗∗∗ --------------------------------------------- An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$. This vulnerability affects Trezor One, Trezor T, Keepkey and all other Trezor clones. Unfortunately, this vulnerability cannot be patched and, for this reason, we decided not to give technical details about the attack to mitigate a possible exploitation in the field. However SatoshiLabs and Keepkey suggested users to either exclude physical attacks --------------------------------------------- https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/ ∗∗∗ File-Storage App 4shared Caught Serving Invisible Ads and Making Purchases Without Consent ∗∗∗ --------------------------------------------- With more than 100 million installs, file-sharing service 4shared is one of the most popular apps in the Android app store. But security researchers say the app is secretly displaying invisible ads and subscribes users to paid services, racking up charges without the users knowledge -- or their permission --------------------------------------------- https://it.slashdot.org/story/19/07/03/1738253/file-storage-app-4shared-cau… ∗∗∗ Hohe finanzielle Verluste durch betrügerische Investments! ∗∗∗ --------------------------------------------- Konsument/innen stoßen auf aggressiv beworbene Investment-Möglichkeiten bei unzähligen Offshore-Unternehmen, die unglaubliche Gewinne versprechen. Angebote wie FXLeader, KeyMarkets, ELCurrency oder CFReserve sind hier beispielsweise zu nennen. Während einige Betroffene lediglich die 250 Euro Mindesteinsatz verlieren, gehen die Schäden bei anderen häufig in den fünf- oder gar sechsstelligen Bereich! --------------------------------------------- https://www.watchlist-internet.at/news/hohe-finanzielle-verluste-durch-betr… ===================== = Vulnerabilities = ===================== ∗∗∗ Benutzt hier jemand Little Snitch?Das ist so eine Personal ... ∗∗∗ --------------------------------------------- Benutzt hier jemand Little Snitch?Das ist so eine Personal Firewall für OS X, falls das jemandem nichts sagt. Immerhin ist das wohl nur eine locale privilege escalation, nicht über Netz. --------------------------------------------- http://blog.fefe.de/?ts=a3e3de34 ∗∗∗ Sicherheitsupdates: Cisco-Produkte für DoS-Angriffe und Schadcode anfällig ∗∗∗ --------------------------------------------- Es gibt abgesicherte Software für beispielsweise Web Security Appliance und Small Business Series Switches von Cisco. --------------------------------------------- https://heise.de/-4462730 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libssh2 and qemu-kvm), Debian (lemonldap-ng), Fedora (tomcat), Oracle (kernel), and SUSE (elfutils, kernel, and php5). --------------------------------------------- https://lwn.net/Articles/792831/ ∗∗∗ Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance HTTPS Certificate Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Series Switches Memory Corruption Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Series Switches HTTP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Issues in Cisco Small Business 250/350/350X/550X Series Switches Firmware and Cisco FindIT Network Probe ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber for Windows DLL Preloading Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center RSS Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Content Filter Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Content Filter Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Web Proxy Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Security vulnerability has been identified in IBM Java Runtime shipped with AppScan Standard (CVE-2019-2602) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Governance and Intelligence ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Brocade Fabric OS (FOS) Advisory vulnerabilities affect Brocade 8Gb SAN Switch Module for BladeCenter and IBM Flex System FC5022 16Gb SAN Scalable Switch ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-brocade-fabric-os-fos… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2018-1902, CVE-2018-1968, CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileg… ∗∗∗ BIG-IP DNS and GTM DNSSEC security exposure ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00724442 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.07.2019
by Daily end-of-shift report 03 Jul '19

03 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 02-07-2019 18:00 − Mittwoch 03-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Trickbot Trojan Now Has a Separate Cookie Stealing Module ∗∗∗ --------------------------------------------- Trickbot trojan now comes with a separate module for stealing browser cookies, threat researchers found on Tuesday, marking new progress in the malwares development. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trickbot-trojan-now-has-a-se… ∗∗∗ Heres a great idea: Why dont we hardcode the same private key into all our smart home hubs? ∗∗∗ --------------------------------------------- Another day, another appalling Internet of S**t security flaw Smart home company Zipato hardcoded the same private SSH key into every one of its hubs, leaving its system open to hacking, researchers revealed this week. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/03/zipato_hard… ∗∗∗ Vulnerabilities in Nexus Repository left thousands of artifacts exposed ∗∗∗ --------------------------------------------- In the Nexus repository there are 2 main problems (unrelated to each other) that arise from the default settings: * The default user is always set to be admin/admin123 – CWE-521 * Any unauthenticated user can read/download resources from Nexus – CWE-276 This means all the images in the repository can be download just by accessing the repository, with no authentication needed, or by authenticating as the default admin account if unchanged. --------------------------------------------- https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-t… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Camera Firm Arlo Zaps High-Severity Bugs ∗∗∗ --------------------------------------------- Bugs in Arlo Technologies’ equipment allow a local attacker to take control of Alro wireless home video security cameras. --------------------------------------------- https://threatpost.com/arlo-zaps-high-severity-bugs/146216/ ∗∗∗ Magento 2.3.1: Unauthenticated Stored XSS to RCE ∗∗∗ --------------------------------------------- This blog post shows how the combination of a HTML sanitizer bug and a Phar Deserialization in the popular eCommerce solution Magento <=2.3.1 lead to a high severe exploit chain. This chain can be abused by an unauthenticated attacker to fully takeover certain Magento stores and to redirect payments. --------------------------------------------- https://blog.ripstech.com/2019/magento-rce-via-xss/ ∗∗∗ Websites can feed Tridactyl fake key events ∗∗∗ --------------------------------------------- Malicious websites could feed keys to Tridactyl which it would execute as if a user had pressed them, outside of the command line. If the native messenger was installed, an attacker could execute arbitrary programs ... All Tridactyl versions released between September 2018 and June 14th 2019 were affected, i.e. 1.14.0 <= v <= 1.14.10 and 1.15.0. --------------------------------------------- https://github.com/tridactyl/tridactyl/security/advisories/GHSA-7qr7-93pf-h… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pdns), Fedora (kernel and kernel-headers), Mageia (cgit and firefox), Oracle (libssh2 and qemu-kvm), Red Hat (openstack-ironic-inspector, openstack-tripleo-common, and qemu-kvm-rhev), Scientific Linux (libssh2 and qemu-kvm), SUSE (bzip2, cronie, libtasn1, nmap, php7, php72, python-Twisted, and taglib), and Ubuntu (thunderbird and znc). --------------------------------------------- https://lwn.net/Articles/792705/ ∗∗∗ QEMU: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert. Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0563 ∗∗∗ FreeBSD Project FreeBSD OS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in FreeBSD Project FreeBSD OS ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand hervorrufen, Informationen einzusehen oder seine Privilegien zu eskalieren. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0561 ∗∗∗ Vuln: Schneider Electric Modicon Controllers CVE-2019-6819 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/109004 ∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Virtual Domain Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM Java SDK affect Rational Build Forge (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin:IBM Content Navigator is affected by a local file inclusion vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletinibm-content-navigator-… ∗∗∗ IBM Security Bulletin: Vulnerability in kernel affects Power Hardware Management Console (CVE-2018-14633) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-kern… ∗∗∗ IBM Security Bulletin: Guardium StealthBits Integration is affected by an SQLite vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-guardium-stealthbits-… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact Session Management – Session Fixation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-netcool-im… ∗∗∗ IBM Security Bulletin: IBM Application Performance Management could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names (CVE-2019-4131) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-application-perfo… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM® WebSphere™ Application Server and IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: It is possible to download arbitrary server files via ViewONE server (CVE-2019-4260) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-it-is-possible-to-dow… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM HTTP Server affects IBM Netezza Performance Portal ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ HPESBHF03943 rev.1 - Certain HPE Servers using AMD EPYC 7001 series Processors, Local Disclosure of Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.07.2019
by Daily end-of-shift report 02 Jul '19

02 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 01-07-2019 18:00 − Dienstag 02-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Network Time Security: Sichere Uhrzeit übers Netz ∗∗∗ --------------------------------------------- Fast alle modernen Geräte synchronisieren ihre Uhrzeit übers Internet. Das dafür genutzte Network Time Protocol ist nicht gegen Manipulationen geschützt - bisher. Mit der Erweiterung Network Time Security soll sich das ändern. --------------------------------------------- https://www.golem.de/news/network-time-security-sichere-uhrzeit-uebers-netz… ∗∗∗ IT-Sicherheit: BSI erarbeitet neue Mindeststandards für Browser ∗∗∗ --------------------------------------------- Vor zwei Jahren formulierte das Bundesamt für Sicherheit in der Informationstechnik Anforderungen an sichere Browser. Nun soll das Dokument aktualisiert werden, um Kommentierung wird gebeten. --------------------------------------------- https://www.golem.de/news/it-sicherheit-bsi-erarbeitet-neue-mindeststandard… ∗∗∗ Using Powershell in Basic Incident Response - A Domain Wide "Kill-Switch", (Tue, Jul 2nd) ∗∗∗ --------------------------------------------- Now that we have the hashes for all the running processes in the AD Domain, and also have the VT Score for each hash in the system, how can we use this information? Incident Response comes immediately to mind for me. If you've ever been in a medium-to-large-scale "incident", the situation that you often find is 'we know everything seems to be infected, but out of thousands of machines, which ones are actually infected right now? --------------------------------------------- https://isc.sans.edu/diary/rss/25088 ∗∗∗ Tale of a Windows Error Reporting Zero-Day (CVE-2019-0863) ∗∗∗ --------------------------------------------- In December 2018, a hacker who goes by the alias ‘SandboxEscaper’ publicly disclosed a zero-day vulnerability in the Windows Error Reporting (WER) component. Digging deeper into her submission, I discovered another zero-day vulnerability, which could be abused to elevate system privileges. According to the Microsoft advisory, attackers exploited this bug as a zero-day in the wild until the patch was released in May 2019. So how did this bug work exactly? --------------------------------------------- https://unit42.paloaltonetworks.com/tale-of-a-windows-error-reporting-zero-… ∗∗∗ Firefox 68: Mozilla behebt Konflikte zwischen Browser und Antiviren-Software ∗∗∗ --------------------------------------------- Frühere Firefox-Versionen kollidierten häufig mit AV-Software; Fehlermeldungen und Verbindungsprobleme waren die Folge. Mit Version 68 soll sich das ändern. --------------------------------------------- https://heise.de/-4460657 ∗∗∗ The art and science of password hashing ∗∗∗ --------------------------------------------- The recent FlipBoard breach shines a spotlight again on password security and the need for organizations to be more vigilant. Password storage is a critical area where companies must take steps to ensure they don’t leave themselves and their customer data vulnerable. Storing passwords in plaintext is recognized as a major cybersecurity blunder. --------------------------------------------- https://www.helpnetsecurity.com/2019/07/02/password-hashing/ ∗∗∗ SD-WAN Security Assessment: The First Hours ∗∗∗ --------------------------------------------- SD-WAN Security Assessment: The First HoursIntroductionSuppose you need to perform a security assessment of an SD-WAN solution.There are several reasons for this and one of them is selecting an SD-WAN provider or product.A traditional SD-WAN system involves many planes, technologies, mechanisms, services, protocols and features.It has distributed and multilayered architecture. So where should you start? --------------------------------------------- http://www.scada.sl/2019/07/sd-wan-security-assessment-first-hours.html ∗∗∗ Achtung Fake: cyberino.store ∗∗∗ --------------------------------------------- Bestellen Sie nicht bei cyberino.store, denn Sie werden Ihre Ware nie erhalten. Es handelt sich um einen Fake-Shop! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-fake-cyberinostore/ ∗∗∗ In eigener Sache: CERT.at sucht Verstärkung ∗∗∗ --------------------------------------------- Für unsere täglichen Routineaufgaben suchen wir derzeit 1 Berufsein- oder -umsteiger/in mit ausgeprägtem Interesse an IT-Security, welche/r uns bei den täglich anfallenden Standard-Aufgaben unterstützt. Details finden sich auf unserer Jobs-Seite. --------------------------------------------- http://www.cert.at/services/blog/20190702153623-2489.html ===================== = Vulnerabilities = ===================== ∗∗∗ SquirrelMail XSS ∗∗∗ --------------------------------------------- When viewing e-mails in HTML mode (not active by default) SquirrelMail applies a custom sanitization step in an effort to remove possibly malicious script and other content from the viewed e-mail. Due to improper handling of RCDATA and RAWTEXT type elements, the HTML parser used in this process shows differences compared to real user agent behavior. Exploiting these differences JavaScript code can be introduced which is not removed. --------------------------------------------- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-… ∗∗∗ Patchday: Android und das löchrige Media Framework ∗∗∗ --------------------------------------------- Google hat Sicherheitsupdates veröffentlicht, die kritische Lücken in Pixel-Smartphones schließen. --------------------------------------------- https://heise.de/-4460308 ∗∗∗ VMSA-2019-0010 ∗∗∗ --------------------------------------------- VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0010.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, firefox-developer-edition, libarchive, and vlc), CentOS (firefox, thunderbird, and vim), Debian (firefox-esr, openssl, and python-django), Fedora (glpi and xen), Mageia (thunderbird), openSUSE (ImageMagick, irssi, libheimdal, and phpMyAdmin), Red Hat (libssh2 and qemu-kvm), Scientific Linux (firefox, thunderbird, and vim), SUSE (389-ds, cf-cli, curl, dbus-1, dnsmasq, evolution, glib2, gnutls, graphviz, java-1_8_0-openjdk, and libxslt), [...] --------------------------------------------- https://lwn.net/Articles/792595/ ∗∗∗ Linux kernel vulnerability CVE-2019-3896 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04327111 ∗∗∗ TMM vulnerability CVE-2019-6628 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04730051 ∗∗∗ F5 TMUI and iControl Rest vulnerability CVE-2019-6634 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K64855220 ∗∗∗ iControl REST vulnerability CVE-2019-6637 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K29149494 ∗∗∗ TMM vulnerability CVE-2019-6629 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95434410 ∗∗∗ BIG-IP HTTP profile vulnerability CVE-2019-6631 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19501795 ∗∗∗ iControl REST vulnerability CVE-2019-6620 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20445457 ∗∗∗ iControl REST and tmsh vulnerability CVE-2019-6621 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20541896 ∗∗∗ iControl REST vulnerability CVE-2019-6641 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K22384173 ∗∗∗ BIG-IP TMUI vulnerability CVE-2019-6625 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K79902360 ∗∗∗ iControl REST vulnerability CVE-2019-6638 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K67825238 ∗∗∗ SNMP vulnerability CVE-2019-6640 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K40443301 ∗∗∗ BIG-IP Appliance mode vulnerability CVE-2019-6633 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K73522927 ∗∗∗ BIG-IP Appliance mode vulnerability CVE-2019-6635 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11330536 ∗∗∗ vCMP vulnerability CVE-2019-6632 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01413496 ∗∗∗ F5 SSL Orchestrator vulnerability CVE-2019-6630 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33444350 ∗∗∗ F5 SSL Orchestrator vulnerability CVE-2019-6627 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K36320691 ∗∗∗ BIG-IP AFM and PEM TMUI XSS vulnerability CVE-2019-6639 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K61002104 ∗∗∗ iControl REST vulnerability CVE-2019-6622 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44885536 ∗∗∗ TMM vulnerability CVE-2019-6623 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K72335002 ∗∗∗ BIG-IP TMUI XSS vulnerability CVE-2019-6626 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00432398 ∗∗∗ IP Intelligence Feed List TMUI vulnerability CVE-2019-6636 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K68151373 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.07.2019
by Daily end-of-shift report 01 Jul '19

01 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 28-06-2019 18:00 − Montag 01-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mehrere Sicherheitslücken im Datenbankmanagementsystem IBM Db2 ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für IBM Db2. Insgesamt gilt das Sicherheitsrisiko als "hoch". --------------------------------------------- https://heise.de/-4457961 ∗∗∗ Verschlüsselte Kommunikation: Angriff auf PGP-Keyserver demonstriert hoffnungslose Situation ∗∗∗ --------------------------------------------- Mit einem gezielten Angriff auf zwei PGP-Schlüssel demonstrieren Unbekannte, dass ein zentraler Teil der PGP-Infrastruktur wahrscheinlich unrettbar kaputt ist. --------------------------------------------- https://heise.de/-4458354 ∗∗∗ Sicherheitsupdates: BIG-IP-Appliances von F5 angreifbar ∗∗∗ --------------------------------------------- In verschiedenen Netzwerkprodukten vom Hersteller F5 findet sich eine Root-Schwachstelle. --------------------------------------------- https://heise.de/-4457976 ∗∗∗ RATs and stealers rush through “Heaven’s Gate” with new loader ∗∗∗ --------------------------------------------- By Holger Unterbrink and Edmund Brumaghin. Executive summaryMalware is constantly finding new ways to avoid detection. This doesnt mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the radar for just a few days is enough to infect sufficient machines to earn a decent amount of revenue for an attack. --------------------------------------------- https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-h… ∗∗∗ Achtung vor Job-Angeboten der Wentics GmbH ∗∗∗ --------------------------------------------- Arbeitssuchende, die Job-Börsen bei der Suche nach dem neuen Beruf nutzen, müssen sich vor betrügerischen Angeboten in Acht nehmen. So kontaktieren Kriminelle beispielsweise als Wentics GmbH Internetnutzer/innen und bieten verlockende Jobs im Home Office gegen hervorragende Bezahlung an. Betroffene dürfen keine Daten übermitteln, denn es handelt sich um einen Identitätsmissbrauch zum Zweck der Geldwäsche! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-job-angeboten-der-wentic… ∗∗∗ Netzpolitik - Phishing-Mails: Betrüger setzen nun auf QR-Codes ∗∗∗ --------------------------------------------- Betrüger versuchen, Sharepoint-Logindaten zu bekommen – Bildcodes gelangen durch Spamfilter --------------------------------------------- https://derstandard.at/2000105726829/Phishing-Mails-Betrueger-setzen-nun-au… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Kritische Lücke in Firewalls und Hotspots von Zyxel ∗∗∗ --------------------------------------------- Verschiedene Netzwerkgeräte von Zyxel sind über eine kritische Schwachstelle attackierbar. --------------------------------------------- https://heise.de/-4458725 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (expat, golang-go.crypto, gpac, and rdesktop), Fedora (chromium, GraphicsMagick, kernel, kernel-headers, pdns, and xen), openSUSE (chromium, dbus-1, evince, libvirt, postgresql96, tomcat, and wireshark), Oracle (thunderbird and vim), Scientific Linux (thunderbird), Slackware (irssi), SUSE (gvfs), and Ubuntu (linux-lts-xenial, linux-aws, linux-azure and linux-oem, linux-oracle, linux-raspi2, linux-snapdragon). --------------------------------------------- https://lwn.net/Articles/792463/ ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is impacted by multiple PHP vulnerabilities(CVE-2019-11038 CVE-2019-11039 CVE-2019-11040) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a FileServer functionality vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: A vulnerabilityin IBM Java Runtime affect Financial Transaction Manager for Check Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerabilityin-ibm… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: API Connect is impacted by an information leakage vulnerability in Oracle MySQL (CVE-2018-3123) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-impact… ∗∗∗ IBM Security Bulletin: Password disclosure in IBM Spectrum Protect Server (CVE-2019-4140) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-disclosure-i… ∗∗∗ IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2018-1922, CVE-2018-1923, CVE-2018-1936, CVE-2018-1978, CVE-2018-1980, CVE-2019-4014, CVE-2019-4015, CVE-2019-4016, CVE-2019-4094) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerab… ∗∗∗ IBM Security Bulletin: IBM Planning Analytics Administration is affected by a vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-planning-analytic… ∗∗∗ IBM Security Bulletin: IBM Cloud Private Monitoring is vulnerable to XSS attack in Prometheus (CVE-2018-14041) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-mon… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.06.2019
by Daily end-of-shift report 28 Jun '19

28 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 27-06-2019 18:00 − Freitag 28-06-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: ImageMagick Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- Successfully exploiting these issues may allow an attacker to gain access to sensitive information, bypass certain security restrictions and to perform unauthorized actions or cause a denial-of-service condition. This may aid in launching further attacks. Due to the nature of this issue, code execution may be possible but this has not been confirmed. ImageMagick version 7.0.8-34 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/108913 ∗∗∗ Vuln: OpenJPEG Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- Attackers can exploit these issues to cause the application to crash or execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. OpenJPEG version 2.3.0 and prior are vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/108921 ∗∗∗ Vuln: Symantec Endpoint Encryption CVE-2019-9703 Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- Local attackers can exploit this issue to gain elevated privileges. Versions prior to Symantec Endpoint Encryption 11.3.0 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108796 ∗∗∗ Vuln: Symantec Endpoint Encryption CVE-2019-9702 Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- Local attackers can exploit this issue to gain elevated privileges. Versions prior to Symantec Endpoint Encryption 11.3.0 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108795 ∗∗∗ McAfee schließt mehrere Schwachstellen in Enterprise Security Manager ∗∗∗ --------------------------------------------- Neue Versionen des SIEM von McAfee beseitigen insgesamt zehn potenzielle Angriffspunkte, von denen zum Teil ein hohes Sicherheitsrisiko ausgeht. --------------------------------------------- https://heise.de/-4457190 ∗∗∗ Medtronic recalls vulnerable MiniMed insulin pumps ∗∗∗ --------------------------------------------- Medtronic, the world’s largest medical device company, has issued a recall of some of its insulin pumps because they can be tampered with by attackers. About the vulnerable devices The affected devices are insulin pumps from the MiniMed 508 and Paradigm series ... --------------------------------------------- https://www.helpnetsecurity.com/2019/06/28/hackable-medtronic-insulin-pumps… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (expat and mupdf), Fedora (drupal7-uuid, php-brumann-polyfill-unserialize, and php-typo3-phar-stream-wrapper2), openSUSE (thunderbird), Oracle (thunderbird and vim), SUSE (glibc), and Ubuntu (poppler). --------------------------------------------- https://lwn.net/Articles/792318/ ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a wget vulnerability (CVE-2019-5953) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities (CVE-2019-7221, CVE-2019-6974, CVE-2018-17972, CVE-2018-9568) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Admin Console (CVE-2019-4269) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by multiple libssh2 vulnerabilities (CVE-2019-3863, CVE-2019-3857, CVE-2019-3856, CVE-2019-3855) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a an openssl vulnerability (CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: Sensitive information disclosure affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2019-4369) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-sensitive-information… ∗∗∗ IBM Security Bulletin: Guardium StealthBits Integration is affected by an SQLite vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-guardium-stealthbits-… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an OpenSSH vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ F5 tmsh vulnerability CVE-2019-6642 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K40378764 ∗∗∗ PHOENIX CONTACT Security Advisory for Industrial Controllers ILC1x0, ILC1x1, AXC1050 and AXC3050 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-015 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.06.2019
by Daily end-of-shift report 27 Jun '19

27 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 26-06-2019 18:00 − Donnerstag 27-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ How Hackers Turn Microsoft Excels Own Features Against It ∗∗∗ --------------------------------------------- A pair of recent findings show how hackers can compromise Excel users without any fancy exploits. --------------------------------------------- https://www.wired.com/story/microsoft-excel-hacking-power-query-macros ∗∗∗ Fake Instagram Verification ∗∗∗ --------------------------------------------- Across various social media platforms there are verification checkmark symbols that appear near the name of the account’s page we view. For example, this verified account indicator seen from our our Twitter page: These verification checkmarks exist as a credibility indicator to help show authenticity and integrity to social media page visitors. --------------------------------------------- https://blog.sucuri.net/2019/06/fake-instagram-verification.html ∗∗∗ NIST Releases Report on Managing IoT Risks ∗∗∗ --------------------------------------------- Original release date: June 26, 2019The National Institute of Standards and Technology (NIST) has released the Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks report. The publication—the first in a planned series on IoT—aims to help federal agencies and other organizations manage the cybersecurity and privacy risks associated with individual IoT devices. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/06/26/nist-releases-repo… ∗∗∗ Europäischer Rechtsakt zur Cyber-Sicherheit tritt in Kraft ∗∗∗ --------------------------------------------- Der europäische Rechtsakt zur Cyber-Sicherheit ("Cybersecurity Act") ist am 27. Juni 2019 in Kraft getreten. Kernelemente des Rechtsakts sind ein neues, permanentes Mandat für die europäische Cyber-Sicherheitsagentur ENISA sowie die Einführung eines einheitlichen europäischen Zertifizierungsrahmens für IKT-Produkte, -Dienstleistungen und -Prozesse. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Cybersecuri… ∗∗∗ GreenFlash Sundown exploit kit expands via large malvertising campaign ∗∗∗ --------------------------------------------- The GreenFlash exploit kit, which we typically saw targeting South Korean users, reaches globally with a large malvertising campaign via a popular website.Categories: Threat analysisTags: EKexploit kitGreenFlash Sundownmalvertisingseon ransomware [...] --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-ex… ∗∗∗ Bestellen Sie nicht bei media-blue.store ∗∗∗ --------------------------------------------- Wer bei media-blue.store glaubt, ein Schnäppchen ergattert zu haben, irrt sich, denn die Ware wird trotz Bezahlung nie geliefert. Es handelt sich um einen Fake-Shop! --------------------------------------------- https://www.watchlist-internet.at/news/bestellen-sie-nicht-bei-media-bluest… ===================== = Vulnerabilities = ===================== ∗∗∗ Epyc crypto flaw? AMD emits firmware fix for server processors after Googler smashes RAM encryption algorithms ∗∗∗ --------------------------------------------- SEV code cracked to leak secret keys Updated Microchip slinger AMD has issued a firmware patch to fix the encryption in its Secure Encrypted Virtualization technology (SEV), used to defend the memory of Linux KVM virtual machines running on its Epyc processors. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/06/26/amd_epyc_ke… ∗∗∗ Advanced Forum - Critical - Cross Site Scripting - SA-CONTRIB-2019-054 ∗∗∗ --------------------------------------------- Project: Advanced Forum Version: 7.x-2.x-dev Date: 2019-June-26 Security risk: Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All Vulnerability: Cross Site Scripting --------------------------------------------- https://www.drupal.org/sa-contrib-2019-054 ∗∗∗ Kritische Lücken in Cisco Data Center Network Manager ∗∗∗ --------------------------------------------- Eine Schwachstelle gefährdet Netzwerkgeräte von Cisco. Ein Sicherheitsupdate schließt mehrere Schlupflöcher. --------------------------------------------- https://heise.de/-4456661 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (drupal7-uuid, php-brumann-polyfill-unserialize, and php-typo3-phar-stream-wrapper2), openSUSE (ansible, compat-openssl098, exempi, glib2, gstreamer-0_10-plugins-base, gstreamer-plugins-base, libmediainfo, libssh2_org, SDL2, sqlite3, and wireshark), Oracle (firefox), Red Hat (thunderbird and vim), Scientific Linux (firefox), SUSE (java-1_8_0-ibm), and Ubuntu (bzip2 and expat). --------------------------------------------- https://lwn.net/Articles/792231/ ∗∗∗ Kubernetes CLI tool security flaw lets attackers run code on host machine ∗∗∗ --------------------------------------------- Interesting bug can lead to total compromise of cloud production environments. --------------------------------------------- https://www.zdnet.com/article/kubernetes-cli-tool-security-flaw-lets-attack… ∗∗∗ Vuln: GNU Binutils CVE-2019-12972 Heap Based Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108903 ∗∗∗ Vuln: Linux Kernel CVE-2019-12984 Null Pointer Dereference Remote Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108905 ∗∗∗ OpenJPEG: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0545 ∗∗∗ ImageMagick: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0547 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.06.2019
by Daily end-of-shift report 26 Jun '19

26 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 25-06-2019 18:00 − Mittwoch 26-06-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ YouTube Bitcoin Scams Pushing the njRAT Backdoor InfoStealer ∗∗∗ --------------------------------------------- YouTube scams are promoting software that pretends to allow users to get free Bitcoins, but instead installs the njRAT remote access Trojan and password stealer. --------------------------------------------- https://www.bleepingcomputer.com/news/security/youtube-bitcoin-scams-pushin… ∗∗∗ Brickerbot 2.0: Neue Schadsoftware möchte IoT-Geräte zerstören ∗∗∗ --------------------------------------------- Wie das Vorbild Brickerbot möchte die Schadsoftware Silex unsichere IoT-Geräte zerstören. Auch ungeschützte Linux-Server könnten ihr Opfer werden. Der Entwickler der Schadsoftware arbeitet an weiteren Funktionen. --------------------------------------------- https://www.golem.de/news/brickerbot-2-0-neue-schadsoftware-moechte-iot-ger… ∗∗∗ Subdomain Takeover: Sicherheitsfirmen übernehmen Subdomain von EA ∗∗∗ --------------------------------------------- Die Subdomain eaplayinvite.ea.com des Spieleherstellers Electronic Arts ist von Sicherheitsfirmen übernommen worden. Über einen weiteren Angriff konnten die Firmen auch an Nutzerdaten gelangen. --------------------------------------------- https://www.golem.de/news/subdomain-takeover-sicherheitsfirmen-uebernehmen-… ∗∗∗ Achtung vor Scamming im Internet ∗∗∗ --------------------------------------------- Scamming (dt. Vorschussbetrug) beschreibt eine beliebte Betrugsform im Internet, die Kriminelle nutzen, um an schnelles Geld zu gelangen. Sie versprechen ihren Opfern Erbschaften, Millionengewinne, günstige Kredite oder spielen ihnen eine Notlage vor und drängen sie zu hohen Vorschusszahlungen. Es handelt sich ausnahmslos um leere Versprechen und Geld landet ausschließlich in den Taschen der Betrüger/innen. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-scamming-im-internet/ ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Nessus CVE-2019-3961 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- Nessus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Nessus 8.4.0 and prior versions are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108892 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python3.4), Oracle (firefox), Red Hat (firefox and kernel-alt), SUSE (ImageMagick and SUSE Manager Server 3.2), and Ubuntu (bzip2). --------------------------------------------- https://lwn.net/Articles/792111/ ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190626-… ∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Connect:Direct Web Services (CVE-2018-1890) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-af… ∗∗∗ IBM Security Bulletin: WebSphere App Server – Out of Memory Exception can cause DOS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-websphere-app-server-… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli System Automation Application Manager April 2019 CPU (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: A security vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components and Watson Content Analytics (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-exist… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.06.2019
by Daily end-of-shift report 25 Jun '19

25 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Montag 24-06-2019 18:00 − Dienstag 25-06-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic ∗∗∗ --------------------------------------------- Oracle WebLogic has recently disclosed and patched remote-code-execution (RCE) vulnerabilities in its software, many of which were due to insecure deserialization. Oracle addressed the most recent vulnerability, CVE-2019-2729, in an out-of-band security patch on June 18, 2019. CVE-2019-2729 was assigned a CVSS score of 9.8, making it a critical vulnerability. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fYmCaoi4AE8/ ∗∗∗ Thunderbird 60.7.2: Mozilla fixt potenziell gefährliche Lückenkombination ∗∗∗ --------------------------------------------- Das Mozilla Entwickler-Team hat vergangene Woche zwei Sicherheitslücken in Thunderbird behoben, die zuvor in Firefox aktiv ausgenutzt worden war. --------------------------------------------- https://heise.de/-4454671 ∗∗∗ Side-Channel Attacks: OpenSSH erhält Schutz vor Spectre, RAMBleed und Co. ∗∗∗ --------------------------------------------- Die temporäre Verschlüsselung im RAM soll mit OpenSSH genutzte Keys künftig vor Seitenkanalangriffen schützen. --------------------------------------------- https://heise.de/-4455055 ∗∗∗ Phishing-Versuch gegen free-Kund/innen der Advanzia Bank S.A. ∗∗∗ --------------------------------------------- Konsument/innen finden eine E-Mail in ihrem Posteingang, in der sie über die Notwendigkeit einer Datenbestätigung informiert werden, um die free-Kreditkarte weiter nutzen zu können. Die Nachricht erweckt den Eindruck, von der Advanzia Bank S.A. zu stammen, doch sie wird von Kriminellen verschickt. Dem Link darf nicht gefolgt werden, denn es handelt sich um einen Phishing-Versuch! --------------------------------------------- https://www.watchlist-internet.at/news/phishing-versuch-gegen-free-kundinne… ∗∗∗ New Mac malware abuses recently disclosed Gatekeeper zero-day ∗∗∗ --------------------------------------------- Researchers find new OSX/Linker malware abusing still-unpatched macOS Gatekeeper bypass. --------------------------------------------- https://www.zdnet.com/article/new-mac-malware-abuses-recently-disclosed-gat… ===================== = Vulnerabilities = ===================== ∗∗∗ TYPO3 9.5.8 and 8.7.27 security releases published ∗∗∗ --------------------------------------------- We are announcing the release of the following TYPO3 updates: TYPO3 9.5.8 LTS TYPO3 8.7.27 LTS All versions are security releases and contain important security fixes --------------------------------------------- https://typo3.org/article/typo3-958-and-8727-security-releases-published/ ∗∗∗ TYPO3-EXT-SA-2019-014: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin) ∗∗∗ --------------------------------------------- CVE: CVE-2019-11768 and CVE-2019-12616 * PMASA-2019-3: SQL injection in Designer feature * PMASA-2019-4: CSRF vulnerability in login form --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2019-014/ ∗∗∗ Kubernetes CVE-2019-11246 Incomplete Fix Arbitrary File Overwrite Vulnerability ∗∗∗ --------------------------------------------- Kubernetes is prone to a vulnerability that may allow attackers to overwrite arbitrary files. Successful exploits may allow an attacker to write arbitrary files in the context of the user running the affected application. Versions prior to kubernetes 1.12.9, 1.13.6, and 1.14.2 are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/108866/discuss ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (python), Debian (bzip2, libvirt, python2.7, python3.4, rdesktop, and thunderbird), Fedora (thunderbird and tomcat), openSUSE (aubio, docker, enigmail, GraphicsMagick, and python-Jinja2), SUSE (kernel, libvirt, postgresql96, and tomcat), and Ubuntu (ceph, firefox, imagemagick, libmysofa, linux, linux-hwe, neutron, and policykit-desktop-privileges). --------------------------------------------- https://lwn.net/Articles/792006/ ∗∗∗ Alpine Linux Docker image vulnerability CVE-2019-5021 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K25551452 ∗∗∗ QEMU: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0541 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.06.2019
by Daily end-of-shift report 24 Jun '19

24 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 21-06-2019 18:00 − Montag 24-06-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft: Were fighting Windows malware spread via Excel in email with bad macro ∗∗∗ --------------------------------------------- Earlier this month Microsoft warned that attackers were firing spam that exploited an Office flaw to install a trojan. The bug meant the attackers didn't require Windows users to enable macros. However, a new malware campaign that doesn't exploit a specific vulnerability in Microsoft software takes the opposite approach, using malicious macro functions in an Excel attachment to compromise fully patched Windows PCs. --------------------------------------------- https://www.zdnet.com/article/microsoft-were-fighting-windows-malware-sprea… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Schwachstelle in bzip2 - je nach Setup für RCE ausnutzbar ∗∗∗ --------------------------------------------- Kritische Schwachstelle in bzip2 - je nach Setup für RCE ausnutzbar 24. Juni 2019 Beschreibung In der Kompressions-Software bzip2 gibt es eine Lücke, durch die sich in manchen Konfigurationen beliebiger Code mit den Rechten des Benutzers ausführen lässt. CVSS3 Score: 9.8 (laut NIST NVD) CVE-Nummer: CVE-2019-12900 Auswirkungen Angreifer müssen es schaffen, entsprechend präparierte komprimierte Dateien zur Dekompression zu bringen. Dies kann zB durch Versand solcher --------------------------------------------- http://www.cert.at/warnings/all/20190624.html ∗∗∗ Tor Browser 8.5.3 Fixes a Sandbox Escape Vulnerability in Firefox ∗∗∗ --------------------------------------------- Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest version. --------------------------------------------- https://www.bleepingcomputer.com/news/software/tor-browser-853-fixes-a-sand… ∗∗∗ Sicherheitslücke: Outlook-App ermöglichte Auslesen von E-Mails ∗∗∗ --------------------------------------------- Eigentlich sollte in E-Mails eingebetteter Javascript-Code nicht ausgeführt werden. Mit der Android-Version von Microsofts Outlook war dies durch einen Trick möglich. Mit einer präparierten E-Mail konnte unter anderem das Mailkonto ausgelesen werden. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-outlook-app-ermoeglichte-ausles… ∗∗∗ Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer ∗∗∗ --------------------------------------------- If you use VLC media player on your computer and havent updated it recently, dont you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. Thats because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities... --------------------------------------------- https://thehackernews.com/2019/06/vlc-media-player-hacking.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jackson-databind, libvirt, pdns, and vim), Fedora (evince, firefox, gjs, libxslt, mozjs60, and poppler), openSUSE (dbus-1, firefox, ImageMagick, netpbm, openssh, and thunderbird), Oracle (libssh2, libvirt, and python), Scientific Linux (python), SUSE (compat-openssl098 , dbus-1 , evince , exempi , firefox , glib2 , gstreamer-0_10-plugins-base , gstreamer-plugins-base , java-1_8_0-ibm , libssh2_org , libvirt , netpbm , samba , SDL2 , sqlite3 , thunderbird, wireshark), Ubuntu (web2py) --------------------------------------------- https://lwn.net/Articles/791921/ ∗∗∗ cURL: Windows OpenSSL engine code injection ∗∗∗ --------------------------------------------- A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. This flaw exists in the official curl-for-windows binaries built and hosted by the curl project (all versions up to and including 7.65.1_1). It does not exist in the curl executable shipped by Microsoft, bundled with Windows 10. It possibly exists in other curl builds for Windows too that uses OpenSSL. --------------------------------------------- https://curl.haxx.se/docs/CVE-2019-5443.html ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Nagios XI ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0534 ∗∗∗ Mattermost security update 5.11.1 / 5.10.2 / 5.9.2 / 4.10.10 (ESR) released ∗∗∗ --------------------------------------------- We are releasing a recommended security update via Mattermost Team Edition 5.11.1, 5.10.2, 5.9.2 and 4.10.10 (ESR) and Mattermost Enterprise Edition 5.11.1, 5.10.2, 5.9.2 and 4.10.10 (ESR). This security update addresses a medium-level vulnerability discovered during a security research review by Zonduu. --------------------------------------------- https://mattermost.com/blog/mattermost-security-update-5-11-1-5-10-2-5-9-2-… ∗∗∗ Secure Hub accepts 10 digit worxpin when "PIN Length Requirement" Client Property is set to more than 10 ∗∗∗ --------------------------------------------- Secure Hub when enrolling would prompt for Worxpin post successful enrollment and you would observe that Worxpin requirement is met as soon as 10 Digit PIN is set while XM console has PIN Length Requirement set to more than 10. --------------------------------------------- https://support.citrix.com/article/CTX256810 ∗∗∗ IBM Security Bulletin: Vulnerability affects IBM Cloud Object Storage SDK Java (June 2019) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-affects… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Access Manager Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL affect QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-cu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.06.2019
by Daily end-of-shift report 21 Jun '19

21 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-06-2019 18:00 − Freitag 21-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Botnet Uses SSH and ADB to Create Android Cryptomining Army ∗∗∗ --------------------------------------------- Researchers discovered a cryptocurrency mining botnet that uses the Android Debug Bridge (ADB) Wi-Fi interface and SSH connections to hosts stored in the known_hosts list to spread to other devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-c… ===================== = Vulnerabilities = ===================== ∗∗∗ PHOENIX CONTACT Automation Worx Software Suite ∗∗∗ --------------------------------------------- This advisory includes mitigations for access of uninitialized pointer, out-of-bounds read, and use after free vulnerabilities reported in Phoenix Contacts Automation Worx Software Suite. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-171-01 ∗∗∗ Cisco schließt zwei kritische und zahlreiche weitere Schwachstellen ∗∗∗ --------------------------------------------- Updates für Ciscos SD-WAN-Lösung und DNA Center beseitigen kritische Sicherheitsprobleme. Aber auch zahlreiche weitere Produkte wurden frisch gepatcht. --------------------------------------------- https://heise.de/-4451734 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, gvfs, intel-microcode, and python-urllib3), Fedora (advancecomp, firefox, freeradius, kubernetes, pam-u2f, and rubygem-jquery-ui-rails), openSUSE (elfutils and sssd), Red Hat (chromium-browser), SUSE (doxygen and samba), and Ubuntu (evince, firefox, Gunicorn, libvirt, and sqlite3). --------------------------------------------- https://lwn.net/Articles/791572/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libvirt and python), Debian (intel-microcode, php-horde-form, and znc), Fedora (firefox), Mageia (firefox, flash-player-plugin, git, graphicsmagick, kernel, kernel-linus, kernel-tmb, phpmyadmin, and thunderbird), Oracle (libssh2, libvirt, and python), Red Hat (libvirt and python), Scientific Linux (libvirt), Slackware (bind and mozilla), SUSE (enigmail), and Ubuntu (bind9, intel-microcode, mosquitto, postgresql-10, postgresql-11, and thunderbird). --------------------------------------------- https://lwn.net/Articles/791669/ ∗∗∗ Synology-SA-19:28 Linux kernel ∗∗∗ --------------------------------------------- CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 allow remote attackers to conduct denial-of-service attacks via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_28 ∗∗∗ Multiple vulnerabilities in VAIO Update ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN13555032/ ∗∗∗ Intel-SA-00213: Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT vulnerabilities ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42117350 ∗∗∗ Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/ ∗∗∗ Security vulnerabilities fixed in Thunderbird 60.7.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/ ∗∗∗ AirPort Base Station Firmware Update 7.8.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT210091 ∗∗∗ CVE-2019-10072 Apache Tomcat HTTP/2 DoS ∗∗∗ --------------------------------------------- https://mail-archives.apache.org/mod_mbox/tomcat-announce/201906.mbox/brows… ∗∗∗ DSA-2019-084: Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Security Update for PC Doctor Vulnerability ∗∗∗ --------------------------------------------- https://www.dell.com/support/article/at/de/atdhs1/sln317291/dsa-2019-084-de… ∗∗∗ [webapps] WebERP 4.15 - SQL injection ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/47013 ∗∗∗ DoS Vulnerability in Huawei S Series Switch Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-… ∗∗∗ IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following jQuery vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-mess… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability in Node.js (CVE-2019-5737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-is-a… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js lodash module vulnerability (CVE-2018-16487) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-mess… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-5390 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.06.2019
by Daily end-of-shift report 19 Jun '19

19 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 18-06-2019 18:00 − Mittwoch 19-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Zombieload: Intel-Microcode für Windows v1809/v1803 verfügbar ∗∗∗ --------------------------------------------- Schutz gegen Microarchitectural Data Sampling wie Zombieload: Wer noch Windows 10 oder Windows Server in einer älteren Version auf einem Intel-Prozessor nutzt, erhält nun direkt über das Betriebssystem passenden Microcode, um das System gegen Seitenkanalangriffe zu härten. --------------------------------------------- https://www.golem.de/news/zombieload-intel-microcode-fuer-windows-v1809-v18… ∗∗∗ Pass the salt! Popular CMSs aren’t securing passwords properly ∗∗∗ --------------------------------------------- A group of researchers has discovered that many of the webs most popular content management systems are using obsolete algorithms to protect their users passwords. --------------------------------------------- https://nakedsecurity.sophos.com/2019/06/19/popular-content-platforms-putti… ∗∗∗ Quick Detect: Exim "Return of the Wizard" Attack, (Wed, Jun 19th) ∗∗∗ --------------------------------------------- Thanks to our reader Alex for sharing some of his mail logs with the latest attempts to exploit CVE-2019-10149 (aka "Return of the Wizard"). The vulnerability affects Exim and was patched about two weeks ago. There are likely still plenty of vulnerable servers, but it looks like attackers are branching out and are hitting servers not running Exim as well. --------------------------------------------- https://isc.sans.edu/diary/rss/25052 ∗∗∗ Evading Sysmon DNS Monitoring ∗∗∗ --------------------------------------------- In a recent update to Sysmon, a new feature was introduced allowing the ability to log DNS events. While this gives an excellent datapoint for defenders (shout out to the SysInternals team for continuing to provide and support these awesome tools for free), for us as attackers, this means that should our implant or payloads attempt to communicate via DNS, BlueTeam have a potential way to pick up on indicators which could lead to detection. --------------------------------------------- https://blog.xpnsec.com/ ∗∗∗ BSI veröffentlicht Empfehlungen zur sicheren Konfiguration von Microsoft-Office-Produkten ∗∗∗ --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat für den Einsatz auf dem Betriebssystem Microsoft Windows sieben Cyber-Sicherheitsempfehlungen für eine sichere Konfiguration von Microsoft Office 2013/2016/2019 erstellt. Diese behandeln zum einen übergreifende Richtlinien für Microsoft Office, zum anderen Richtlinien für sechs häufig genutzte Microsoft Office-Anwendungen (Access, Excel, Outlook, PowerPoint, Visio und Word). --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Empfehlunge… ∗∗∗ Achtung vor gefälschten News zu BitUp und Bitcoin Code ∗∗∗ --------------------------------------------- Internetnutzer/innen stoßen vermehrt auf erfundene Nachrichtenartikel, die die Angebote von Bitcoin Code oder BitUp bewerben. Berichtet wird vom „größten Deal der Geschichte“ bei den Fernsehsendungen „Die Höhle der Löwen“ oder „2 Minuten 2 Millionen“. Die Angebote auf bitcoincodesoftapps.com und bitupapp.com sind unseriös und Anleger/innen verlieren ihr Geld! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-gefaelschten-news-zu-bit… ===================== = Vulnerabilities = ===================== ∗∗∗ Zero Day: Mozilla schließt ausgenutzte Sicherheitslücke in Firefox ∗∗∗ --------------------------------------------- Firefox-Hersteller Mozilla hat eine kritische Sicherheitslücke in seinem Browser geschlossen, die wohl aktiv ausgenutzt wird. Updates stehen bereit und werden von Mozilla bereits verteilt. --------------------------------------------- https://www.golem.de/news/zero-day-mozilla-schliesst-ausgenutzte-sicherheit… ∗∗∗ Oracle Releases Security Advisory for WebLogic ∗∗∗ --------------------------------------------- Original release date: June 19, 2019 Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/06/19/Oracle-Releases-Se… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dbus, firefox, kernel, linux-lts, linux-zen, and python), CentOS (bind and kernel), Debian (firefox-esr, glib2.0, and vim), Fedora (dbus, kernel, kernel-headers, mingw-libxslt, poppler, and python-gnupg), openSUSE (gnome-shell, kernel, libcroco, php7, postgresql10, python, sssd, and thunderbird), Oracle (kernel and libvirt), Red Hat (go-toolset:rhel8, gvfs, java-11-openjdk, pki-deps:10.6, systemd, and WALinuxAgent), SUSE (docker, kernel, libvirt, [...] --------------------------------------------- https://lwn.net/Articles/791462/ ∗∗∗ PHOENIX CONTACT Multiple Vulnerabilities in Automation Worx Software Suite ∗∗∗ --------------------------------------------- Security Advisory for Automation Worx Software Suite version 1.86 and earlier --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-014 ∗∗∗ Vuln: Symantec DLP CVE-2019-9701 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108733 ∗∗∗ Samba: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0521 ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by sensitive information leakage in LoopBack (CVE-2019-4382) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4377) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Command Center (CVE-2019-2602) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM API Connect ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by sensitive information leak (CVE-2018-2013) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by software stack information leak (CVE-2018-2011) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V5 is vulnerable to CSRF attacks (CVE-2018-1858) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-vul… ∗∗∗ FreeBSD SACK Slowness vulnerability CVE-2019-5599 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K75521003 ∗∗∗ Linux SACK Slowness vulnerability CVE-2019-11478 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26618426 ∗∗∗ Linux SACK Panic vulnerability CVE-2019-11477 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K78234183 ∗∗∗ Excess resource consumption due to low MSS values vulnerability CVE-2019-11479 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35421172 ∗∗∗ Intel CSME and SPS vulnerability CVE-2019-0093 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13710800 ∗∗∗ Intel Server Platform Services vulnerability CVE-2019-0089 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K47234311 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.06.2019
by Daily end-of-shift report 18 Jun '19

18 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Montag 17-06-2019 18:00 − Dienstag 18-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Security Alert: Booking.Com Fake Emails Infect Computers with Sodinokibi Ransomware ∗∗∗ --------------------------------------------- A new spam campaign pretending to be from Booking.com is now targeting users. The emails carry a document containing macro code. If someone clicks on the document, opens it, and allows the execution of the macro code, a loader will be spawned. This will download and run ransomware of the Sodinokibi class. --------------------------------------------- https://heimdalsecurity.com/blog/booking-com-fake-emails-sodinokibi-ransomw… ∗∗∗ Plurox: Modular backdoor ∗∗∗ --------------------------------------------- The analysis showed the Backdoor.Win32.Plurox to have a few quite unpleasant features. What’s more, the backdoor is modular, which means that its functionality can be expanded with the aid of plugins. --------------------------------------------- https://securelist.com/plurox-modular-backdoor/91213/ ∗∗∗ Malware sidesteps Google permissions policy with new 2FA bypass technique ∗∗∗ --------------------------------------------- When Google restricted the use of SMS and Call Log permissions in Android apps in March 2019, one of the positive effects was that credential-stealing apps lost the option to abuse these permissions for bypassing SMS-based two-factor authentication (2FA) mechanisms. We have now discovered malicious apps capable of accessing one-time passwords (OTPs) in SMS 2FA messages without using SMS permissions, circumventing Google’s recent restrictions. As a bonus, this technique also works to obtain OTPs from some email-based 2FA systems. --------------------------------------------- https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-by… ∗∗∗ Sharing the Secrets: Pwning an industrial IoT router ∗∗∗ --------------------------------------------- I get involved in a lot of IoT and ICS pen tests and found an interesting device on one of them. I didn’t have enough time on the job to go as deep as I wanted, so got PTP to buy a couple to play with. eBay FTW! It’s an Ewon Flexy IoT Router. --------------------------------------------- https://www.pentestpartners.com/security-blog/sharing-the-secrets-pwning-an… ∗∗∗ Bestellen Sie nicht bei lastore.net ∗∗∗ --------------------------------------------- Auch wenn die Preise bei lastore.net sehr verlockend sind, raten wir von einer Bestellung ab. Denn lastore.net ist ein Fake-Shop, der trotz Bezahlung keine Ware liefert! --------------------------------------------- https://www.watchlist-internet.at/news/bestellen-sie-nicht-bei-lastorenet/ ===================== = Vulnerabilities = ===================== ∗∗∗ TCP SACK PANIC: Linux- und FreeBSD-Kernel lassen sich aus der Ferne angreifen ∗∗∗ --------------------------------------------- Netflix hat einige Sicherheitsprobleme im Netzwerk-Stack von Linux- und FreeBSD-Kerneln entdeckt, die sich für Denial-of-Service-Attacken eignen. --------------------------------------------- https://heise.de/-4449183 ∗∗∗ Vulnerability Spotlight: Two bugs in KCodes NetUSB affect some NETGEAR routers ∗∗∗ --------------------------------------------- KCodes’ NetUSB kernel module contains two vulnerabilities that could allow an attacker to inappropriately access information on some NETGEAR wireless routers. Specific models of these routers utilize the kernel module from KCodes, a Taiwanese company. The module is custom-made for each device, but they all contain similar functions. --------------------------------------------- https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-two-bugs… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (linux-hardened), Debian (kdepim, kernel, linux-4.9, and phpmyadmin), Fedora (ansible and glib2), openSUSE (kernel and vim), Oracle (bind and kernel), Red Hat (kernel and kernel-rt), Scientific Linux (bind and kernel), SUSE (dbus-1, ImageMagick, kernel, netpbm, openssh, and sqlite3), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon and linux, --------------------------------------------- https://lwn.net/Articles/791370/ ∗∗∗ Critical Flaw Exposes TP-Link Wi-Fi Extenders to Remote Attacks ∗∗∗ --------------------------------------------- A critical remote code execution vulnerability discovered by an IBM X-Force researcher allows an unauthenticated attacker to take complete control of some TP-Link Wi-Fi extenders. Firmware updates that should patch the flaw have been made available by the vendor. --------------------------------------------- https://www.securityweek.com/critical-flaw-exposes-tp-link-wi-fi-extenders-… ∗∗∗ MISP: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- MISP ist eine Open-Source-Plattform für den Informationsaustausch über Bedrohungen. Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in MISP ausnutzen, um beliebigen Programmcode auszuführen. CVE Liste: CVE-2019-12868 --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0515 ∗∗∗ Improper Access Control Vulnerability in AppDNA ∗∗∗ --------------------------------------------- A vulnerability has been identified in AppDNA that could result in access controls not being enforced when accessing the web console potentially allowing privilege escalation and remote code execution. --------------------------------------------- https://support.citrix.com/article/CTX253828 ∗∗∗ IBM Security Bulletin: Password exposure via job log in IBM Spectrum Protect Plus (CVE-2019-4385) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-exposure-via… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to CSV Injection (CVE-2019-4364) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-4303) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Tivoli System Automation for Multiplatforms April 2019 CPU (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5743 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: An Arbitrary Download Vulnerability Affects IBM Campaign (CVE-2019-4384) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-arbitrary-download… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability Affects IBM Marketing Platform (CVE-2017-1107) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.06.2019
by Daily end-of-shift report 17 Jun '19

17 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-06-2019 18:00 − Montag 17-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ U.S. Govt Achieves BlueKeep Remote Code Execution, Issues Alert ∗∗∗ --------------------------------------------- The Cybersecurity and Infrastructure Security Agency (CISA) published an alert for Windows users to patch the critical severity Remote Desktop Services (RDS) RCE security flaw dubbed BlueKeep. --------------------------------------------- https://www.bleepingcomputer.com/news/security/us-govt-achieves-bluekeep-re… ∗∗∗ Ermittler entschlüsselten neue Version der GandCrab-Ransomware ∗∗∗ --------------------------------------------- Wer Opfer der Ransomware wurde, kann die Schadsoftware mit dem neuen Tool kostenfrei entfernen. --------------------------------------------- https://futurezone.at/netzpolitik/ermittler-entschluesselten-neue-version-d… ∗∗∗ An infection from Rig exploit kit, (Mon, Jun 17th) ∗∗∗ --------------------------------------------- [...] Today's diary reviews a recent example of infection traffic caused by Rig EK. --------------------------------------------- https://isc.sans.edu/diary/rss/25040 ∗∗∗ Überteuertes Visum für Kanada auf kanadaeta.com und kanada-eta.de ∗∗∗ --------------------------------------------- Zahlreiche verärgerte Konsument/innen berichten uns von überteuerten ETA-Anträgen (Electronic Travel Authorization) – also Reisegenehmigungen – auf kanadaeta.com und kanada-eta.de. Statt etwa 5 Euro auf der offiziellen Website der kanadischen Regierung werden hier zwischen 50 und 80 Euro für ein Visum verrechnet. Die Watchlist Internet empfiehlt: Die offizielle Regierungswebsite nutzen! --------------------------------------------- https://www.watchlist-internet.at/news/ueberteuertes-visum-fuer-kanada-auf-… ∗∗∗ Security researcher finds critical XSS bug in Googles Invoice Submission Portal ∗∗∗ --------------------------------------------- Security bug would have allowed hackers access to one of Googles backend apps. --------------------------------------------- https://www.zdnet.com/article/security-researcher-finds-critical-xss-bug-in… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and thunderbird), Debian (php-horde-form, pyxdg, thunderbird, and znc), Fedora (containernetworking-plugins, mediawiki, and podman), openSUSE (chromium), Red Hat (bind, chromium-browser, and flash-plugin), SUSE (docker, glibc, gstreamer-0_10-plugins-base, gstreamer-plugins-base, postgresql10, sqlite3, and thunderbird), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/791277/ ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-pla… ∗∗∗ IBM Security Bulletin: Vulnerability in strongswan affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-stro… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL and strongswan affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-fabric-os-firmware-fo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.06.2019
by Daily end-of-shift report 14 Jun '19

14 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-06-2019 18:00 − Freitag 14-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs ∗∗∗ --------------------------------------------- Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations’ computing resources to use for malicious purposes and it remains a top security concern. In this blog post, we will detail an attack type where an API [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/T-m0jjHJA_o/ ∗∗∗ Security and Privacy, Two Sides of the Same Coin ∗∗∗ --------------------------------------------- ENISA Annual Privacy Forum 2019 --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/security-and-privacy-two-sides-… ∗∗∗ Phishing-Mails gaukeln Ende von WhatsApp-Abonnement vor ∗∗∗ --------------------------------------------- Eine aktuelle Phishing-Welle versucht, WhatsApp-Nutzer über ein angeblich auslaufendes Abonnement zur Preisgabe von Zahlungsdaten zu bewegen. --------------------------------------------- https://heise.de/-4447165 ∗∗∗ Linux servers under attack via latest Exim flaw ∗∗∗ --------------------------------------------- It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149). Active campaigns One security enthusiast detected exploitation attempts five days ago: [...] --------------------------------------------- https://www.helpnetsecurity.com/2019/06/14/exploiting-cve-2019-10149/ ∗∗∗ Adware and PUPs families add push notifications as an attack vector ∗∗∗ --------------------------------------------- Push notifications are being added to the arsenal of PUPs, adware, and even a Trojan browser extension that spams Facebook groups. --------------------------------------------- https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-p… ∗∗∗ Yubico Replacing YubiKey FIPS Devices Due to Security Issue ∗∗∗ --------------------------------------------- Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA signatures generated on these devices to have reduced strength. --------------------------------------------- https://www.securityweek.com/yubico-replacing-yubikey-fips-devices-due-secu… ∗∗∗ French Authorities Release Free Decryptor for PyLocky Ransomware ∗∗∗ --------------------------------------------- The French Ministry of Interior has released a free decryption tool for the PyLocky ransomware to help victims recover their data. --------------------------------------------- https://www.securityweek.com/french-authorities-release-free-decryptor-pylo… ∗∗∗ MISP 2.4.109 released (aka cool-attributes-to-object) ∗∗∗ --------------------------------------------- MISP 2.4.109 releasedA new version of MISP (2.4.109) has been released with a host of new features, improvements, bug fixes and a minor security fix. We strongly advise all users to update their MISP installations to this latest version. --------------------------------------------- https://www.misp-project.org/2019/06/14/MISP.2.4.109.released.html ===================== = Vulnerabilities = ===================== ∗∗∗ BD Alaris Gateway Workstation ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper access control and unrestricted upload of file with dangerous type vulnerabilities reported in BD’s Alaris Gateway Workstation. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01 ∗∗∗ Johnson Controls exacqVision Enterprise System Manager ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper authorization vulnerability reported in Johnson Controls exacqVision Enterprise System Manager. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-164-01 ∗∗∗ Xen Security Advisory XSA-295 - Unlimited Arm Atomics Operations ∗∗∗ --------------------------------------------- An attacker in a domU could perform a denial of service attack on Xen by accessing a memory region shared with the hypervisor, while Xen is performing an atomic operation on the same region. As a result Xen could end up looping boundlessly. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-295.txt ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (gvim, lib32-openssl, openssl, and vim), Debian (dbus), Fedora (dovecot, evince, js-jquery-jstree, libxslt, php-phpmyadmin-sql-parser, and phpMyAdmin), openSUSE (neovim and rubygem-rack), Oracle (docker-engine and python), Scientific Linux (python), Slackware (mozilla), and SUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, elfutils, libvirt, and python-requests). --------------------------------------------- https://lwn.net/Articles/791165/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact Remote Code Execution (CVE-2019-4103) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-netcool-im… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is affected by a XXE (XML External Entity) Injection vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Notes 9 and Domino 9 are affected by Open Source James Clark Expat Vulnerabilities (CVE-2013-0340, CVE-2013-0341) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-notes-9-and-domin… ∗∗∗ IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cognos-controller… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.06.2019
by Daily end-of-shift report 13 Jun '19

13 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-06-2019 18:00 − Donnerstag 13-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ What is "THAT" Address Doing on my Network, (Thu, Jun 13th) ∗∗∗ --------------------------------------------- Disclosure: ISC does not endorse any one particular vendor. That said, you may recognize what type of firewall I use :) --------------------------------------------- https://isc.sans.edu/diary/rss/25028 ∗∗∗ LDAP Swiss Army Knife ∗∗∗ --------------------------------------------- This paper presents the "LDAP Swiss Army Knife", an easy to use LDAP server implementation built for penetration oder software testing. Apart from general usage as a server or proxy it also shows some specific attacks against Java/JNDI based LDAP clients. --------------------------------------------- https://packetstormsecurity.com/files/153270/LDAP-Swiss-Army-Knife.html ∗∗∗ SandboxEscaper enthüllt fünften Win-Exploit, Microsoft patcht die übrigen ∗∗∗ --------------------------------------------- Pünktlich zum Patchday hat Microsoft auch die 0-Day-Lücken des Hackers "SandboxEscaper" geschlossen. Alle bis auf eine. --------------------------------------------- https://heise.de/-4445318 ∗∗∗ Vermeintliche E-Mail von A1 ignorieren ∗∗∗ --------------------------------------------- Eine E-Mail von A1, in der es heißt, dass Ihnen irrtümlicherweise 86,43 Euro in Rechnung gestellt wurde, können Sie ignorieren. Es handelt sich um einen Versuch, an Ihre Zugangs- und Bankdaten zu gelangen. --------------------------------------------- https://www.watchlist-internet.at/news/vermeintliche-e-mail-von-a1-ignorier… ∗∗∗ SEC security alert warns about misconfigured NAS, DBs, and cloud storage servers ∗∗∗ --------------------------------------------- SEC OCIE inspections finds that companies have failed to properly secure network-accessible storage systems. --------------------------------------------- https://www.zdnet.com/article/sec-security-alert-warns-about-misconfigured-… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ About the security content of iCloud for Windows 10.4 ∗∗∗ --------------------------------------------- This document describes the security content of iCloud for Windows 10.4. --------------------------------------------- https://support.apple.com/en-us/HT210212 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (firefox, kernel, kernel-headers, libreswan, python-urllib3, and vim), Red Hat (python), SUSE (sssd), and Ubuntu (dbus). --------------------------------------------- https://lwn.net/Articles/791052/ ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2019-4403) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-secur… ∗∗∗ IBM Security Bulletin: IBM i Clustering is affected by CVE-2019-4381 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-clustering-is-a… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud April 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in Python affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-py… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.06.2019
by Daily end-of-shift report 12 Jun '19

12 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-06-2019 18:00 − Mittwoch 12-06-2019 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft Releases June 2019 Office Updates With Security Fixes ∗∗∗ --------------------------------------------- Microsoft released the June 2019 Office Updates today, which consist of 13 security updates and 13 non-security updates. Given that some of the Microsoft Office security updates issued today also resolve critical vulnerabilities, it is strongly advised to install them as soon as possible. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-releases-june-2019… ∗∗∗ Bad Cert Vulnerability Can Bring Down Any Windows Server ∗∗∗ --------------------------------------------- A Google security expert today revealed that an unpatched issue in the main cryptographic library in Microsofts operating system can cause a denial-of-service (DoS) condition on Windows 8 servers and above. --------------------------------------------- https://www.bleepingcomputer.com/news/security/bad-cert-vulnerability-can-b… ∗∗∗ Ransomware identification for the judicious analyst ∗∗∗ --------------------------------------------- When facing a ransomware infection, it helps to be familiar with some tools as well as key points to identify ransomware correctly. --------------------------------------------- https://www.gdatasoftware.com/blog/2019/06/31666-ransomware-identification-… ∗∗∗ RAMBleed: Rowhammer kann auch Daten auslesen ∗∗∗ --------------------------------------------- Mit Angriffen durch RAM-Bitflips lassen sich unberechtigt Speicherinhalte auslesen. Als Demonstration zeigen Forscher, wie sie mit Nutzerrechten einen RSA-Key eines SSH-Daemons auslesen können. --------------------------------------------- https://www.golem.de/news/rambleed-rowhammer-kann-auch-daten-auslesen-1906-… ∗∗∗ DICOM Standard in Medical Devices ∗∗∗ --------------------------------------------- NCCIC is aware of a public report of a vulnerability in the DICOM (Digital Imaging and Communications in Medicine) standard with proof-of-concept (PoC) exploit code. The DICOM standard is the international standard to transmit, store, retrieve, print, process, and display medical imaging information. According to this report, the vulnerability is exploitable by embedding executable code into the 128 byte preamble. This report was released without coordination with NCCIC or any known vendor. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-19-162-01 ∗∗∗ AVML - Acquire Volatile Memory for Linux ∗∗∗ --------------------------------------------- AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary. AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori. No on-target compilation or fingerprinting is needed. --------------------------------------------- https://github.com/microsoft/avml ∗∗∗ Windows-Schwachstelle „Bluekeep“: Erneute Warnung vor wurmartigen Angriffen ∗∗∗ --------------------------------------------- Wurmartige Cyber-Angriffe mit den Schadprogrammen WannaCry und NotPetya haben im Jahr 2017 weltweit Millionenschäden verursacht und einzelne Unternehmen in Existenznöte gebracht. Ein vergleichbares Szenario ermöglicht die kritische Schwachstelle Bluekeep, die im Remote-Desktop-Protocol-Dienst (RDP) von Microsoft-Windows enthalten ist. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hatte bereits im Mai ebenso wie Microsoft vor dieser Schwachstelle gewarnt und --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Windows-Sch… ∗∗∗ Achtung vor angeblichen Microsoft-Anrufen ∗∗∗ --------------------------------------------- Eine neue Welle angeblicher Microsoft Anrufe rollt momentan über Österreich hinweg. Die Anrufer/innen behaupten, Probleme auf den Geräten der Betroffenen gefunden zu haben. Vorsicht: Es handelt sich um Betrüger/innen, die versuchen, Zugriff auf das System ihrer Opfer zu erhalten und Daten zu stehlen. Konsument/innen sollten derartige Anrufe umgehend beenden. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-angeblichen-microsoft-an… ===================== = Vulnerabilities = ===================== ∗∗∗ Intel Releases Security Updates, Mitigations for Multiple Products ∗∗∗ --------------------------------------------- Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Sec… ∗∗∗ Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series ∗∗∗ --------------------------------------------- The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities resulting from old software components embedded in the firmware. --------------------------------------------- https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-wago… ∗∗∗ Patchday: Gefährliche Lücke in Aufgabenplanung von Windows 10 gepatcht ∗∗∗ --------------------------------------------- Microsoft hat jede Menge Sicherheitsupdates für Windows, Office und weitere Software veröffentlicht. Viele Lücke gelten als kritisch. --------------------------------------------- https://heise.de/-4444614 ∗∗∗ Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine ∗∗∗ --------------------------------------------- The Preempt research team found two critical Microsoft vulnerabilities that consist of three logical flaws in NTLM, the company’s proprietary authentication protocol. These vulnerabilities allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS. The research shows that all Windows versions are vulnerable. --------------------------------------------- https://www.helpnetsecurity.com/2019/06/11/microsoft-ntlm-vulnerabilities/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libgd2, mediawiki, otrs2, vlc, and zookeeper), Fedora (containernetworking-plugins, kernel, kernel-headers, nodejs-tough-cookie, podman, python-django, and python-urllib3), openSUSE (virtualbox), SUSE (gnome-shell, libcroco, and php7), and Ubuntu (dbus, Neovim, and vim). --------------------------------------------- https://lwn.net/Articles/790976/ ∗∗∗ Flaw in Evernote Extension Allows Hackers to Steal Data ∗∗∗ --------------------------------------------- A vulnerability identified by researchers in a popular Evernote extension for Chrome can be exploited by hackers to steal sensitive information from the websites accessed by a user. read more --------------------------------------------- https://www.securityweek.com/flaw-evernote-extension-allows-hackers-steal-d… ∗∗∗ MISP: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- MISP ist eine Open-Source-Plattform für den Informationsaustausch über Bedrohungen. Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in MISP ausnutzen, um seine Privilegien zu erhöhen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0491 ∗∗∗ Security Advisory - DLL Hijacking Vulnerability on Huawei HiSuite ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190612-… ∗∗∗ IBM Security Bulletin: A security vulnerability has been idenfied in IBM SDK which affects IBM Db2 Query Management Facility for z/OS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.06.2019
by Daily end-of-shift report 11 Jun '19

11 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-06-2019 18:00 − Dienstag 11-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Paketmanagement: Java-Dependencies über unsichere HTTP-Downloads ∗∗∗ --------------------------------------------- In zahlreichen Java-Projekten werden Abhängigkeiten ungeprüft über HTTP ohne TLS heruntergeladen. Ein Netzwerkangreifer kann dadurch trivial die Downloads manipulieren und Schadcode ausführen. --------------------------------------------- https://www.golem.de/news/paketmanagement-java-dependencies-ueber-unsichere… ∗∗∗ Tip: Sysmon Will Log DNS Queries ∗∗∗ --------------------------------------------- [...] Mark announced a new version of Sysmon that will log DNS queries (and replies): [...] --------------------------------------------- https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/ ∗∗∗ Microsoft Office: Gefährliches RTF-Dokument bringt Backdoor-Trojaner mit ∗∗∗ --------------------------------------------- Derzeit nutzen Angreifer vermehrt eine zwei Jahre alte Office-Lücke aus, für die es bereits einen Patch gibt. Dabei stehen vor allem Ziele in Europa im Fokus. --------------------------------------------- https://heise.de/-4444187 ∗∗∗ China Telecom Routes European Traffic to Its Network for Two Hours ∗∗∗ --------------------------------------------- For two hours last week, a BGP route leak resulted in large portions of European Internet traffic being routed through China Telecom’s network. read more --------------------------------------------- https://www.securityweek.com/china-telecom-routes-european-traffic-its-netw… ∗∗∗ Bitcoin-Erpressungs-Mail mit erfundenen Webcam-Aufnahmen ∗∗∗ --------------------------------------------- Kriminelle versenden massenhaft E-Mails an Internet-Nutzer/innen, in denen sie behaupten, dass die Systeme der Empfänger/innen gehackt wurden. Sie geben an, dadurch Videos über die Webcam aufgenommen zu haben, die die Empfänger/innen beim Masturbieren zeigen sollen. Um eine Verbreitung der Aufnahmen zu verhindern, werden 2000 Euro in Bitcoins gefordert. Es besteht kein Grund zur Sorge, denn es handelt sich um einen Erpressungsversuch und die Videos existieren nicht. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressungs-mail-mit-erfunde… ∗∗∗ Major HSM vulnerabilities impact banks, cloud providers, governments ∗∗∗ --------------------------------------------- Researchers disclose major vulnerabilities in HSMs (Hardware Security Modules). --------------------------------------------- https://www.zdnet.com/article/major-hsm-vulnerabilities-impact-banks-cloud-… ∗∗∗ Das CERT, das Wolf rief ∗∗∗ --------------------------------------------- Die Fabel ist bekannt: dem Hirtenjungen war fad, er schlug Alarm ("Wolf!"), um die Eintönigkeit zu vertreiben, und als dann der Wolf wirklich da war, hörte keiner mehr auf seinen Hilferuf. Wir haben regelmäßig ein ähnliches Thema: Wir sollen möglichst früh vor kommenden Problemen warnen, aber wenn der vorhergesagte Notfall doch nicht eintritt, dann senkt das unsere Glaubwürdigkeit. --------------------------------------------- http://www.cert.at/services/blog/20190611093533-2484.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe ColdFusion (APSB19-27), Adobe Flash Player (APSB19-30) and Adobe Campaign (APSB19-28). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1760 ∗∗∗ SAP Security Patch Day – June 2019 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580 ∗∗∗ --------------------------------------------- There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, including denial of service and the disclosure of sensitive information. --------------------------------------------- https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-multiple… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and pam-u2f), Debian (cyrus-imapd), Fedora (curl, cyrus-imapd, kernel, kernel-headers, php, and vim), openSUSE (axis, bind, bubblewrap, evolution, firefox, gnome-shell, libpng16, and rmt-server), Oracle (edk2 and kernel), and SUSE (bind, cloud7, and libvirt). --------------------------------------------- https://lwn.net/Articles/790818/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind and thunderbird), Mageia (firefox, ghostscript, graphicsmagick, imagemagick, postgresql, and thunderbird), Oracle (kernel), Red Hat (Advanced Virtualization and rh-haproxy18-haproxy), SUSE (bind, gstreamer-0_10-plugins-base, thunderbird, and vim), and Ubuntu (elfutils, glib2.0, and libsndfile). --------------------------------------------- https://lwn.net/Articles/790875/ ∗∗∗ Synology-SA-19:26 Photo Station ∗∗∗ --------------------------------------------- These vulnerabilities allow remote attackers to obtain sensitive information or modify system settings via a susceptible version of Photo Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_26 ∗∗∗ IBM Security Bulletin: IBM MQ Advanced Cloud Pak may print out plain text credentials in logs. (CVE-2019-4239) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud… ∗∗∗ [20190603] - Core - ACL hardening of com_joomlaupdate ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_M8Ux7hoaTM/785-20190603-c… ∗∗∗ [20190602] - Core - XSS in subform field ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/pYcjfxwUS9o/784-20190602-c… ∗∗∗ [20190601] - Core - CSV injection in com_actionlogs ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/XjAgqEhAS7g/783-20190601-c… ∗∗∗ # SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt ∗∗∗ # SSA-557804: Mirror Port Isolation Vulnerability in SCALANCE X switches ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-557804.txt ∗∗∗ # SSA-480230: Denial-of-Service in Webserver of Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-480230.txt ∗∗∗ # SSA-307392: Denial-of-Service in OPC UA in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt ∗∗∗ # SSA-254686: Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt ∗∗∗ # SSA-181018: Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-181018.txt ∗∗∗ # SSA-816980: Multiple Web Vulnerabilities in SIMATIC Ident MV420 and MV440 families ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-816980.txt ∗∗∗ # SSA-774850: Vulnerabilities in SIEMENS LOGO!8 devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-774850.txt ∗∗∗ # SSA-646841: Recoverable Password from Configuration Storage in SCALANCE X Switches ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-646841.txt ∗∗∗ # SSA-212009: Vulnerabilities in Siveillance VMS ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-212009.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.06.2019
by Daily end-of-shift report 07 Jun '19

07 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-06-2019 18:00 − Freitag 07-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ SandboxEscaper Debuts ByeBear Windows Patch Bypass ∗∗∗ --------------------------------------------- SandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch. --------------------------------------------- https://threatpost.com/sandboxescaper-byebear-windows-bypass/145470/ ∗∗∗ Keep an Eye on Your WMI Logs, (Thu, Jun 6th) ∗∗∗ --------------------------------------------- WMI ("Windows Management Instrumentation")[1] is, like Microsoft says, "the infrastructure for management data and operations on Windows-based operating systems". Personally, I like to make a (very) rough comparison between WMI and SNMP: You can query information about a system (read) but also alter it (write). WMI is present on Windows systems since the version Windows 2000. As you can imagine, when a tool is available by default on all systems, [...] --------------------------------------------- https://isc.sans.edu/diary/rss/25012 ∗∗∗ The EU Cybersecurity Act: a new Era dawns on ENISA ∗∗∗ --------------------------------------------- Today, 7th June 2019, the EU Cybersecurity Act was published in the Official Journal of the European Union. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/the-eu-cybersecurity-act-a-new-… ∗∗∗ Bloodhound walkthrough. A Tool for Many Tradecrafts ∗∗∗ --------------------------------------------- A walkthrough on how to set up and use BloodHound BloodHound (https://github.com/BloodHoundAD/BloodHound) is an application used to visualize active directory environments. The front-end is built on electron and the back-end is a Neo4j database, the data leveraged is pulled from a series of data collectors also referred to as ingestors which come in PowerShell and [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/bloodhound-walkthrough-a-tool… ∗∗∗ New Mirai Variant Adds 8 New Exploits, Targets Additional IoT Devices ∗∗∗ --------------------------------------------- Palo Alto Networks Unit 42 has been tracking the evolution of the Mirai malware, known for targeting embedded devices with the primary intent of launching DDoS attacks and self-propagation, since 2016 when it took down several notable targets. As part of this ongoing research, we’ve recently discovered a new variant of Mirai that[...] --------------------------------------------- https://unit42.paloaltonetworks.com/new-mirai-variant-adds-8-new-exploits-t… ∗∗∗ A botnet is brute-forcing over 1.5 million RDP servers all over the world ∗∗∗ --------------------------------------------- Furthermore, statistics show that despite BlueKeep, most RDP attacks today are brute-force attempts. --------------------------------------------- https://www.zdnet.com/article/a-botnet-is-brute-forcing-over-1-5-million-rd… ===================== = Vulnerabilities = ===================== ∗∗∗ Optergy Proton Enterprise Building Management System ∗∗∗ --------------------------------------------- This advisory includes mitigations for information exposure, cross-site request forgery, unrestricted upload of file with dangerous type, open redirect, hidden functionality, exposed dangerous method or function, and use of hard-coded credentials vulnerabilities reported in Optergy’s Proton/Enterprise Building Management System. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-157-01 ∗∗∗ Panasonic Control FPWIN Pro ∗∗∗ --------------------------------------------- This advisory includes mitigations for heap-based buffer overflow and type confusion vulnerabilities reported in Panasonics Control FPWIN Pro PLC programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (evolution and qemu), Fedora (cyrus-imapd and hostapd), Gentoo (exim), openSUSE (exim), Red Hat (qpid-proton), SUSE (bind, libvirt, mariadb, mariadb-connector-c, python, and rubygem-rack), and Ubuntu (firefox, jinja2, and linux-lts-xenial, linux-aws). --------------------------------------------- https://lwn.net/Articles/790647/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM API Connect’s Developer Portal is impacted by vulnerabilities in PHP (CVE-2019-11035 CVE-2019-11034) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-deve… ∗∗∗ IBM Security Bulletin: Secure Gateway is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-secure-gateway-is-aff… ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is impacted by Cross Site Scripting vulnerability (CVE-2016-10531 CVE-2018-3721 CVE-2017-0268) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… ∗∗∗ Intel UEFI vulnerability CVE-2019-0119 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K85585101 ∗∗∗ Intel Xeon access control vulnerability CVE-2019-0126 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37428370 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.06.2019
by Daily end-of-shift report 06 Jun '19

06 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-06-2019 18:00 − Donnerstag 06-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ USB Killer: What it is and how to protect your devices ∗∗∗ --------------------------------------------- Introduction What’s more ubiquitous in the PC world than USB sticks? They’re easy to use, affordable and are used by millions of people on a daily basis. Everyone knows that USB sticks can house nasties, including malware, but did you know that this same little drive can completely destroy a system by simply inserting it? --------------------------------------------- https://resources.infosecinstitute.com/usb-killer-how-to-protect-your-devic… ∗∗∗ Telecoms taken by storm: Natural phenomena dominate the outage picture ∗∗∗ --------------------------------------------- A total of 157 telecom outages were reported by the 28 EU member states and 2 EFTA countries, as part of the EU-wide telecom security breach reporting for the year 2018. Today ENISA, the EU Agency for Cybersecurity, publishes the 8th annual report on telecom security incidents, analyzing root causes, impact, and trends. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/telecoms-taken-by-storm-natural… ∗∗∗ Will you be Europe’s best cybersecurity talent? ∗∗∗ --------------------------------------------- European countries have started or are preparing to kick off their national cybersecurity competitions. The winners of the national contests will represent their countries in the ultimate cybersecurity competition on the continent: the European Cyber Security Challenge (ECSC) 2019. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/will-you-be-europe-s-best-cyber… ∗∗∗ Emotet bei Heise – Lehren aus einem Trojaner-Angriff ∗∗∗ --------------------------------------------- Es gab einen schwerwiegenden Einbruch in das Heise-Netz. An der Beseitigung arbeiten aktuell die IT-Abteilungen der Heise Gruppe und weitere Spezialisten. --------------------------------------------- https://heise.de/-4437807 ∗∗∗ Vorsicht bei BAWAG PSK-Mails ∗∗∗ --------------------------------------------- Mit der Aufforderung Ihren "secTAN" zu aktivieren, versuchen Kriminelle derzeit an Ihre Bankzugangsdaten zu gelangen. In der vermeintlichen E-Mail der Bank werden Sie aufgefordert, einem Link zu folgen. Dieser Link führt jedoch zu einer gefälschten BAWAG PSK-Website! Wir raten dazu, derartige Mails in den Spam-Ordner zu verschieben. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-bawag-psk-mails/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Exim-Sicherheitslücke gefährlicher als gedacht ∗∗∗ --------------------------------------------- EineSicherheitslücke im Exim-Mailserver lässt sich auch übers Netz zur Codeausführung ausnutzen, der Angriff dauert aber in der Standardkonfiguration mehrere Tage. Lokal ist er trivial und emöglicht es Nutzern, Root-Rechte zu erlangen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-root-zugriff-fuer-angreifer-bei… ∗∗∗ Angreifer könnten Kommunikationssoftware von Cisco lahmlegen ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Cisco Unified Communications Manager, Webex Meetings Server & Co. --------------------------------------------- https://heise.de/-4440986 ∗∗∗ VMSA-2019-0009 ∗∗∗ --------------------------------------------- VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities. (CVE-2019-5522, CVE-2019-5525) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0009.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (binutils), Debian (exim4 and poppler), Fedora (deepin-api, kernel, kernel-headers, kernel-tools, and php), openSUSE (cronie), and Ubuntu (apparmor, exim4, mariadb-10.1, php5, and php7.0, php7.2). --------------------------------------------- https://lwn.net/Articles/790541/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM® Intelligent Operations Center does not correctly validate file types before uploading files (CVE-2019-4069) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-intelligent-opera… ∗∗∗ IBM Security Bulletin: IBM® Intelligent Operations Center has a weak user-creation policy (CVE-2019-4066) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-intelligent-opera… ∗∗∗ IBM Security Bulletin: IBM® Intelligent Operations Center is vulnerable to user enumeration (CVE-2019-4068) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-intelligent-opera… ∗∗∗ IBM Security Bulletin: User passwords might be obtained by a brute force attack on IBM® Intelligent Operations Center (CVE-2019-4067) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-user-passwords-might-… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in IBM® Intelligent Operations Center (CVE-2019-4070) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is impacted by multiple vulnerabilities in IBM Java SDK (CVE-2018-3139 CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.06.2019
by Daily end-of-shift report 05 Jun '19

05 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-06-2019 18:00 − Mittwoch 05-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ We Decide What You See: Remote Code Execution on a Major IPTV Platform ∗∗∗ --------------------------------------------- Check Point Research discerned there to be over 1000 providers of this service with quite likely very high numbers of worldwide customers. As this vulnerability has been patched, we can now reveal what was involved. --------------------------------------------- https://research.checkpoint.com/we-decide-what-you-see-remote-code-executio… ∗∗∗ Its alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign ∗∗∗ --------------------------------------------- Cisco Talos recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. We assess that the attackers carried out these operations between January and April 2019 in an effort to install malware on users machines via malicious documents. --------------------------------------------- https://blog.talosintelligence.com/2019/06/frankenstein-campaign.html ∗∗∗ Warnung vor den Geschäftspraktiken bei FutureNet ∗∗∗ --------------------------------------------- FutureNet der BCU Trading LLC aus Dubai verspricht User/innen leicht zu verdienendes Geld. Zum einen soll durch das Kaufen von ‚AdPacks‘ und Anklicken von Werbungen, zum anderen durch das Anwerben neuer Nutzer/innen Geld verdient werden können. Es häufen sich aber die Meldungen zu ausbleibenden Zahlungen und das polnische Amt für Wettbewerb und Verbraucherschutz (UOKIK) warnt wegen dem Verdacht auf ein Pyramidensystem vor dem Unternehmen. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-den-geschaeftspraktiken-… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: VIM-Modelines erlauben Codeausführung ∗∗∗ --------------------------------------------- Im Texteditor VIM wurde eine Sicherheitslücke gefunden, bei der ein speziell präpariertes Dokument Code ausführen kann. Die dafür genutzte Funktion der Modelines ist nur auf manchen Systemen aktiv. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-vim-modelines-erlauben-codeausf… ∗∗∗ phpmyadmin: PMASA-2019-4 ∗∗∗ --------------------------------------------- CSRF vulnerability in login form Affected Versions: All versions prior to phpMyAdmin 4.9.0 are affected, probably at least as old as version 4.0 (perhaps even earlier) CVE ID: CVE-2019-12616 --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2019-4/ ∗∗∗ phpmyadmin: PMASA-2019-3 ∗∗∗ --------------------------------------------- SQL injection in Designer feature Affected Versions: phpMyAdmin versions prior to 4.8.6 are affected. CVE ID: CVE-2019-11768 --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2019-3/ ∗∗∗ Django security releases issued: 2.2.2, 2.1.9 and 1.11.21 ∗∗∗ --------------------------------------------- * CVE-2019-12308: AdminURLFieldWidget XSS * Patched bundled jQuery for CVE-2019-11358: Prototype pollution --------------------------------------------- https://www.djangoproject.com/weblog/2019/jun/03/security-releases/ ∗∗∗ Wireless Presenter von Logitech und Inateck anfällig für Angriffe über Funk ∗∗∗ --------------------------------------------- Die Pentesting-Firma SySS hat bereits zum wiederholten Male Sicherheitslücken in Wireless-Presenter-Systemen gefunden, über die sich Systeme kapern lassen. --------------------------------------------- https://heise.de/-4439795 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python-django), openSUSE (curl and libtasn1), Oracle (kernel), Red Hat (etcd, kernel-alt, and rh-python36-python-jinja2), Scientific Linux (thunderbird), SUSE (libvirt), and Ubuntu (db5.3, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws-hwe, linux-hwe, linux-oracle, linux-hwe, and linux-raspi2, linux-snapdragon). --------------------------------------------- https://lwn.net/Articles/790411/ ∗∗∗ PHOENIX CONTACT PLCNext AXC F 2152 ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-155-01 ∗∗∗ PHOENIX CONTACT FL NAT SMx ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-155-02 ∗∗∗ Geutebrück G-Cam and G-Code ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-155-03 ∗∗∗ 2019-06-05: Multiple Vulnerabilities in ABB CP635 HMI ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&Language… ∗∗∗ 2019-06-05: Vulnerabilities in ABB PB610 ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&Language… ∗∗∗ 2019-06-05: Vulnerabilities in ABB CP651 HMI ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&Language… ∗∗∗ Security Advisory - XSS Vulnerability in Huawei HedEx products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190605-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server in IBM Cloud April 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server used in IBM WebSphere Application Server in IBM Cloud (CVE-2019-0211 CVE-2019-0220) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue reveals internal data in application error messages ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue does not prevent caching of sensitive pages ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue web application is vulnerable to clickjacking attack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue web server allows downgrading to non-secure HTTP ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue discloses internal data left over from the product development phases ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ TECSON/GOK Improper Authentication and Access Control on multiple devices ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-012 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.06.2019
by Daily end-of-shift report 04 Jun '19

04 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Montag 03-06-2019 18:00 − Dienstag 04-06-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ VU#576688: Microsoft windows RDP Network Level Authenticaion can bypass the Windows lock screen ∗∗∗ --------------------------------------------- Microsoft Windows Remote Desktop supports a feature called Network Level Authentication(NLA),which moves the authentication aspect of a remote session from the RDP layer to the network-layer. The use of NLA is recommended to reduce the attack surface of systems exposed using the RDP protocol. --------------------------------------------- https://kb.cert.org/vuls/id/576688 ∗∗∗ VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles ∗∗∗ --------------------------------------------- The Lazarus Group, generally linked to the North Korean government, is one of the most notorious threat groups seen in recent years. At VB2018 ESET researchers Peter Kálnai and Michal Poslušný presented a paper looking at the groups various campaigns. Today, we publish their paper and the recording of their presentation. Read more --------------------------------------------- https://www.virusbulletin.com:443/blog/2019/06/vb2018-paper-lazarus-group-m… ∗∗∗ So schützen Sie sich vor Kleinanzeigen-Betrug ∗∗∗ --------------------------------------------- Kleinanzeigen-Plattformen erfreuen sich großer Beliebtheit. Sie bieten eine hervorragende Möglichkeit, alte Gegenstände zu verkaufen, die nicht mehr gebraucht werden, oder wahre Schnäppchen aus zweiter Hand zu ergattern. Doch Vorsicht: Sowohl hinter angeblichen Interessent/innen als auch Verkäufer/innen verstecken sich oft Kriminelle, die es nur auf das Geld oder die Ware ihrer Opfer abgesehen haben. --------------------------------------------- https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-kleinanzei… ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - June 2019 ∗∗∗ --------------------------------------------- The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-06-01.html ∗∗∗ Potentielles Sicherheitsproblem in Mailserver-Software Exim - Patches ab 11. 6. verfügbar ∗∗∗ --------------------------------------------- Das Exim-Projekt hat am 4. 6. 2019 Vorab-Informationen zu einer schwerwiegenden Sicherheitslücke veröffentlicht. Entsprechende Patches sind bereits für Linux-Distributionen etc. verfügbar, und so können von diesen - zeitgleich mit Veröffentlichung des Patches - ab 11. 6. fehlerbereinigte Pakete ausgerollt werden. --------------------------------------------- http://www.cert.at/warnings/all/20190604.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (python-django and python2-django), Debian (heimdal), Fedora (kernel, kernel-headers, kernel-tools, and sqlite), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork and GraphicsMagick), Oracle (thunderbird), Red Hat (systemd and thunderbird), SUSE (bind and firefox), and Ubuntu (qtbase-opensource-src). --------------------------------------------- https://lwn.net/Articles/790266/ ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Analyzer and Information Governance Catalog is affected by an Information Disclosure vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js denial of service vulnerability (CVE-2019-5737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: Jazz for Service Management (JazzSM) could allow a remote attacker to conduct phishing attacks, using an open redirect attack (CVE-2019-4201) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-jazz-for-service-mana… ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere eXtreme Scale ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Malicious File Upload attack (CVE-2019-4056) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Back and Refresh Attack (CVE-2019-4048) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Reverse Tabnabbing (CVE-2018-2028) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.06.2019
by Daily end-of-shift report 03 Jun '19

03 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 31-05-2019 18:00 − Montag 03-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Vorsicht: Offizielle Windows-10-Apps zeigen schädliche Werbung an ∗∗∗ --------------------------------------------- Der Konzern warnt Windows-Nutzer: Microsoft-Anwendungen leiten ihre Nutzer auf betrügerische Websites um. --------------------------------------------- https://futurezone.at/digital-life/vorsicht-offizielle-windows-10-apps-zeig… ∗∗∗ Legacy app whitelist can be abused to bypass latest macOS security features, expert warns ∗∗∗ --------------------------------------------- Three words to ruin an Apple engineers day: Patrick Wardle disclosure Malware can bypass protections in macOS Mojave, and potentially access user data as well as the webcam and mic – by exploiting a hole in Apples legacy app support. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/06/03/macos_secur… ∗∗∗ GandCrab ransomware operation says its shutting down ∗∗∗ --------------------------------------------- GandCrab crew says it made enough money and plans to retire within a month. --------------------------------------------- https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutti… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#877837: Multiple vulnerabilities in Quest (Dell) Kace K1000 Appliance ∗∗∗ --------------------------------------------- CVE-2018-5404:The Dell Kace K1000 Appliance allows an authenticated,remote attacker with least privileges(User Console Only role)to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. (CWE-89) CVE-2018-5405:The Dell Kace K1000 Appliance allows an authenticated least privileged user with‘User Console Only’rights to potentially inject arbitrary JavaScript code on the tickets page. --------------------------------------------- https://kb.cert.org/vuls/id/877837 ∗∗∗ Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Border Gateway Protocol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Sicherheitsupdate: Nvidia Geforce Experience angreifbar ∗∗∗ --------------------------------------------- Ein lokaler Angreifer könnte über Schwachstellen in Nvidia Geforce Experience Schadcode auf Computer schieben. --------------------------------------------- https://heise.de/-4437588 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, and live-media), Debian (doxygen and php5), Fedora (cryptopp, drupal7-context, drupal7-ds, drupal7-module_filter, drupal7-path_breadcrumbs, drupal7-uuid, drupal7-views, drupal7-xmlsitemap, and sleuthkit), openSUSE (axis, chromium, containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, curl, doxygen, GraphicsMagick, [...] --------------------------------------------- https://lwn.net/Articles/790174/ ∗∗∗ Vuln: Apache Hadoop CVE-2018-8029 Remote Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108518 ∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to denial of service (CVE-2019-0199) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a information disclosure (CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-as-used-in-ib… ∗∗∗ ASP.NET x-up-devcap-post-charset header security exposure ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54150332 ∗∗∗ HPESBMU03923 rev.1 - HPE Smart Update Manager (SUM), Local Unauthorized Elevation of Privilege ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBMU03922 rev.1 - HPE Smart Update Manager (SUM), Remote Unauthorized Access ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.05.2019
by Daily end-of-shift report 31 May '19

31 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-05-2019 18:00 − Freitag 31-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Analyzing First Stage Shellcode, (Thu, May 30th) ∗∗∗ --------------------------------------------- Yesterday, reader Alex submitted a PowerShell script he downloaded from a website. Xavier, handler on duty, showed him the script launched shellcode that tried to establish a TCP connection. --------------------------------------------- https://isc.sans.edu/diary/rss/24984 ∗∗∗ Retrieving Second Stage Payload with Ncat, (Fri, May 31st) ∗∗∗ --------------------------------------------- In diary entry "Analyzing First Stage Shellcode", I show how to analyze first stage shellcode when you have no access to the server with the second stage payload. --------------------------------------------- https://isc.sans.edu/diary/rss/24988 ∗∗∗ HiddenWasp Malware Stings Targeted Linux Systems ∗∗∗ --------------------------------------------- Intezer has discovered a new, sophisticated malware that they have named "HiddenWasp", targeting Linux systems. --------------------------------------------- https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/ ∗∗∗ Über 50.000 Datenbank-Server über Uralt-Windows-Bug mit Krypto-Minern infiziert ∗∗∗ --------------------------------------------- Mit raffinierten Methoden haben Hacker zehntausende schlecht gesicherte Windows-Server gekapert und schürfen dort heimlich Monero. --------------------------------------------- https://heise.de/-4435622 ∗∗∗ Your threat model is wrong ∗∗∗ --------------------------------------------- Several subjects have come up with the past week that all come down to the same thing: your threat model is wrong. Instead of addressing the the threat that exists, youve morphed the threat into something else that youd rather deal with, or which is easier to understand. --------------------------------------------- https://blog.erratasec.com/2019/05/your-threat-model-is-wrong.html ===================== = Vulnerabilities = ===================== ∗∗∗ Convert Plus Plugin Flaw Lets Attackers Become a Wordpress Admin ∗∗∗ --------------------------------------------- A critical vulnerability in Convert Plus, a commercial plugin for WordPress websites estimated to have 100,000 active installations, allows an unauthenticated attacker to create accounts with administrator privileges. --------------------------------------------- https://www.bleepingcomputer.com/news/security/convert-plus-plugin-flaw-let… ∗∗∗ AVEVA Vijeo Citect and CitectSCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for an insufficiently protected credentials vulnerability reported in AVEVA's Vijeo Citect and CitectSCADA supervisory control and data acquisition software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-150-01 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox and libvirt), Debian (openjdk-8 and tomcat7), Fedora (drupal7-entity), Mageia (kernel), openSUSE (bluez, gnutls, and libu2f-host), Oracle (bind), Red Hat (bind), Scientific Linux (bind), SUSE (axis, libtasn1, and rmt-server), and Ubuntu (sudo). --------------------------------------------- https://lwn.net/Articles/789849/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (miniupnpd and qemu), Fedora (drupal7-entity and xen), openSUSE (kernel), Oracle (bind and firefox), Red Hat (go-toolset-1.11-golang), SUSE (cronie, evolution, firefox, gnome-shell, java-1_7_0-openjdk, jpeg, and mailman), and Ubuntu (corosync, evolution-data-server, gnutls28, and libseccomp). --------------------------------------------- https://lwn.net/Articles/789995/ ∗∗∗ Security Advisory 2019-08: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-08-security-update-for-ot… ∗∗∗ Security Advisory 2019-09: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-09-security-update-for-ot… ∗∗∗ HPESBNS03925 rev.1 - HPE Nonstop Maintenance Entity family of products, Local Disclosure of Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ AirPort Base Station Firmware Update 7.9.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT210090 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Watson Knowledge Catalog (with Information Server) is affected by a Cryptographic vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-watson-knowledge-… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server containers are vulnerable to privilege escalation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK (January 2019) affecting IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5 and V5.0.4 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 & 8, IBM SDK, Java Technology Edition Version 8 and Eclipse OpenJ9 Affect Transformation Extender ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (April 2019 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Tivoli Storage Manager FastBack (CVE-2018-12547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Commons Compress may affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: Multiple open source vulnerabilities affect IBM PureApplication System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-open-source-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.05.2019
by Daily end-of-shift report 29 May '19

29 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-05-2019 18:00 − Mittwoch 29-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Researchers uncover smart padlock's dumb security ∗∗∗ --------------------------------------------- Pen Test Partners has found some major security flaws in the Bluetooth Nokelock that consumers might like to know about. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/29/researchers-uncover-smart-padlo… ∗∗∗ CVE-2019-0725: An Analysis of Its Exploitability ∗∗∗ --------------------------------------------- May's Patch Tuesday saw what is likely to be one of the most prominent vulnerabilities this year with the "wormable" Windows Terminal Services vulnerability (CVE-2019-0708). However, there's another remote code execution (RCE) vulnerability that would be hard to ignore: CVE-2019-0725, an RCE vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) Server. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/3268yMf2sDY/ ∗∗∗ Learning to Rank Strings Output for Speedier Malware Analysis ∗∗∗ --------------------------------------------- Reverse engineers, forensic investigators, and incident responders have an arsenal of tools at their disposal to dissect malicious software binaries. When performing malware analysis, they successively apply these tools in order to gradually gather clues about a binary's function, design detection methods, and ascertain how to contain its damage. One of the most useful initial steps is to inspect its printable characters via the Strings program. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-string… ∗∗∗ Docker: Lücke erlaubt Root-Zugriff auf Dateien ∗∗∗ --------------------------------------------- Über eine Lücke in allen Docker-Versionen könnten Angreifer ihre Privilegien erweitern. Exploit-Code ist verfügbar; der Patch steckt noch im Review-Prozess. --------------------------------------------- https://heise.de/-4434730 ∗∗∗ A dive into Turla PowerShell usage ∗∗∗ --------------------------------------------- ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only --------------------------------------------- https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/ ∗∗∗ Google Researcher Finds Code Execution Vulnerability in Notepad ∗∗∗ --------------------------------------------- Google Project Zero researcher Tavis Ormandy revealed on Tuesday that he identified a code execution vulnerability in Microsoft’s Notepad text editor. --------------------------------------------- https://www.securityweek.com/google-researcher-finds-code-execution-vulnera… ∗∗∗ diekundenexperten.at für Versicherungsrücktritte ist unseriös ∗∗∗ --------------------------------------------- Auf diekundenexperten.at wird Konsument/innen ein Angebot präsentiert, welches beim Rücktritt von Lebensversicherungen ohne Geldverlust und Risiko helfen soll. Die Behauptungen sind allerdings nicht mit geltendem Recht vereinbar und es sind weder ein Impressum noch sonstige Informationen über die Website-Betreiber/innen auffindbar. Aufgrund dieser Mängel raten wir von einer Übermittlung persönlicher Informationen ab. --------------------------------------------- https://www.watchlist-internet.at/news/diekundenexpertenat-fuer-versicherun… ∗∗∗ Proofpoint Q1 2019 Threat Report: Emotet carries the quarter with consistent high-volume campaigns ∗∗∗ --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/proofpoint-q1-2019-threat… ===================== = Vulnerabilities = ===================== ∗∗∗ Emerson Ovation OCR400 Controller ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow and heap-based buffer overflow vulnerabilities reported in Emersons Ovation OCR400 Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-148-01 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (webkit2gtk), Debian (kernel and libav), Fedora (c3p0 and community-mysql), Scientific Linux (pacemaker), SUSE (axis, libtasn1, NetworkManager, sles12sp3-docker-image, sles12sp4-image, system-user-root, and xen), and Ubuntu (freerdp, GNU Screen, keepalived, and thunderbird). --------------------------------------------- https://lwn.net/Articles/789709/ ∗∗∗ About the security content of iCloud for Windows 7.12 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT210125 ∗∗∗ About the security content of iTunes for Windows 12.9.5 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT210124 ∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Some Microsoft Windows Systems ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190529-… ∗∗∗ Security Advisory - Some Huawei 4G LTE devices are exposed to a message replay vulnerability ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190529-… ∗∗∗ IBM Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in Drupal core (CVE-2019-10909 CVE-2019-10910 CVE-2019-10911) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-deve… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in Google Guava could affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-go… Next End-of-Day report: 2019-05-31 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.05.2019
by Daily end-of-shift report 28 May '19

28 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 27-05-2019 18:00 − Dienstag 28-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ DNSSEC-Chain: DANE für Browser ist praktisch tot ∗∗∗ --------------------------------------------- Eine TLS-Erweiterung sollte die Nutzung von DANE und DNSSEC im Browser erleichtern und die Validierung beschleunigen. Der Vorschlag wird nun aber offenbar nicht weiter verfolgt. --------------------------------------------- https://www.golem.de/news/dnssec-chain-dane-fuer-browser-ist-praktisch-tot-… ∗∗∗ Google-protected mobile browsers were open to phishing for over a year ∗∗∗ --------------------------------------------- Researchers revealed a massive hole in Google Safe Browsings mobile browser protection that existed for over a year. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/28/google-protected-mobile-browser… ∗∗∗ Return to the City of Cron – Malware Infections on Joomla and WordPress ∗∗∗ --------------------------------------------- We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created by a cron that was scheduled to download malware from a third party domain. --------------------------------------------- https://blog.sucuri.net/2019/05/return-to-the-city-of-cron-malware-infectio… ∗∗∗ W3C und WHATWG erarbeiten künftig gemeinsam die HTML-Spezifikation ∗∗∗ --------------------------------------------- Das World Wide Web Consortium und die Arbeitsgruppe WHATWG bündeln ihre Bemühungen zur Standardisierung der Webtechniken. --------------------------------------------- https://heise.de/-4433970 ∗∗∗ Bitcoin-Erpressungsversuch gegen Unternehmen und Website-Betreiber/innen ∗∗∗ --------------------------------------------- Unternehmen und Website-Betreiber/innen erhalten momentan erpresserische Nachrichten per E-Mail, in Kommentarfunktionen oder in Chats. Kriminelle drohen damit, Millionen von Spam-Nachrichten im Namen der Betroffenen zu verschicken, wenn nicht binnen kurzer Zeit ein hoher Geldbetrag in Bitcoin bezahlt wird. Wir gehen von leeren Drohungen aus, raten aber dennoch zu einer Anzeige wegen Erpressung. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressungsversuch-gegen-unt… ∗∗∗ Emissary Panda Attacks Middle East Government Sharepoint Servers ∗∗∗ --------------------------------------------- Our latest research shows attacks against Middle East government Sharepoint servers using a newly patched vulnerability. --------------------------------------------- https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-gove… ===================== = Vulnerabilities = ===================== ∗∗∗ SAP UI5 1.0.0 is vulnerable to Content Spoofing in multiples parameters ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2019050283 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox and thunderbird), Debian (sox and vcftools), Fedora (safelease and sharpziplib), openSUSE (chromium, evolution, graphviz, nmap, systemd, transfig, and ucode-intel), Red Hat (pacemaker), SUSE (curl, libvirt, openssl, php7, php72, and systemd), and Ubuntu (gnome-desktop3, keepalived, and samba). --------------------------------------------- https://lwn.net/Articles/789595/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.05.2019
by Daily end-of-shift report 27 May '19

27 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-05-2019 18:00 − Montag 27-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Joomla and WordPress Found Harboring Malicious Redirect Code ∗∗∗ --------------------------------------------- New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites. --------------------------------------------- https://threatpost.com/joomla-and-wordpress-malicious-redirect-code/145068/ ∗∗∗ Serious Security: Don’t let your SQL server attack you with ransomware ∗∗∗ --------------------------------------------- Tales from the honeypot: this time a MySQL-based attack. Old tricks still work, because were still making old mistakes - heres what to do. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/25/serious-security-dont-let-your-… ∗∗∗ Alles Fake: sendlein.net, reipel.net, kleimer.net und lieberg24.com ∗∗∗ --------------------------------------------- Die verlockenden Technik-Angebote bei sendlein.net, reipel.net, kleimer.net oder lieberg24.com sind leider zu schön, um wahr zu sein! Es handelt sich um betrügerische Shops, die nicht liefern. Sie verlieren Ihr Geld und geben Kreditkartendaten preis, die für Online-Einkäufe verwendet werden könnten! --------------------------------------------- https://www.watchlist-internet.at/news/alles-fake-sendleinnet-reipelnet-kle… ∗∗∗ Intense scanning activity detected for BlueKeep RDP flaw ∗∗∗ --------------------------------------------- A threat actor hidden behind Tor nodes is scanning for Windows systems vulnerable to BlueKeep flaw. --------------------------------------------- https://www.zdnet.com/article/intense-scanning-activity-detected-for-blueke… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin - May 2019 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. ... This advisory is in response to the Android Security Bulletin (May) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ New unpatched macOS Gatekeeper Bypass Published Online ∗∗∗ --------------------------------------------- Details have been released for an unpatched vulnerability in macOS 10.14.5 (Mojave) and below that allows a hacker to execute arbitrary code without user interaction. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-unpatched-macos-gatekeep… ∗∗∗ Fortinet schließt mehrere Sicherheitslücken in FortiOS und Co. ∗∗∗ --------------------------------------------- Das SSL-VPN-Webportal von FortiOS war über mehrere Wege angreifbar – aus der Ferne und teils ohne Authentifizierung. Der Hersteller rät zum Update. --------------------------------------------- https://heise.de/-4432813 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, jackson-databind, minissdpd, php5, thunderbird, wireshark, and wpa), Fedora (curl, drupal7, firefox, kernel, libmediainfo, mediaconch, mediainfo, mod_http2, mupdf, rust, and singularity), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork), Oracle (firefox and libvirt), Scientific Linux (firefox and libvirt), and SUSE (bluez, curl, gnutls, java-1_7_1-ibm, libu2f-host, libvirt, python3, screen, and xen). --------------------------------------------- https://lwn.net/Articles/789523/ ∗∗∗ SSA-932041: Vulnerability in Radiography and Mobile X-ray Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-932041.txt ∗∗∗ SSA-832947: Vulnerability in Laboratory Diagnostics Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-832947.txt ∗∗∗ SSA-433987: Vulnerability in Radiation Oncology Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-433987.txt ∗∗∗ SSA-406175: Vulnerability in Siemens Healthineers Software Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-406175.txt ∗∗∗ SSA-166360: Vulnerability in Advanced Therapy Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-166360.txt ∗∗∗ SSA-616199: Vulnerability in Point of Care Diagnostics Products from Siemens Healthineers - Blood Gas ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-616199.txt ∗∗∗ IBM Security Bulletin: IBM QRadar WinCollect Agent Does Not Verify TLS Syslog Certificate (CVE-2019-4264) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-wincollect… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder shipped with Jazz Reporting Service (CVE-2019-4184) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ GNU Binutils vulnerability CVE-2019-9070 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13534168 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.05.2019
by Daily end-of-shift report 24 May '19

24 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-05-2019 18:00 − Freitag 24-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Hacker veröffentlicht vier Windows-0-Day-Lücken innerhalb weniger Tage ∗∗∗ --------------------------------------------- Als "SandboxEscaper" und "Polar Bear" hat ein Hacker insgesamt vier bislang ungepatchte Windows-Lücken veröffentlicht. Grund zur Panik besteht aber nicht. --------------------------------------------- https://heise.de/-4430811 ∗∗∗ CEO Fraud goes WhatsApp ∗∗∗ --------------------------------------------- Uns wurde in den letzten Tagen von zwei Firmen berichtet, dass sie Ziel von CEO Fraud Versuchen waren, wobei der Kontakt per WhatsApp Nachricht erfolgte. Wir kannten das Schema bisher eigentlich nur per Email: Der "Geschäftsführer" verlangt per Mail die Hilfe bei einer wichtigen, aber vertraulichen Überweisung. Details siehe Wikipedia. Daher: bitte hier nicht nur an Email denken. --------------------------------------------- http://www.cert.at/services/blog/20190524171920-2476.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (zookeeper), Fedora (kernel, singularity, and thunderbird), openSUSE (java-1_8_0-openjdk), Oracle (curl), Red Hat (firefox, libvirt, and virt:rhel), SUSE (php5, python-Jinja2, python-Pillow, and sysstat), and Ubuntu (MariaDB). --------------------------------------------- https://lwn.net/Articles/789353/ ∗∗∗ Vuln: Atlassian Bitbucket Server CVE-2019-3397 Directory Traversal Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108447 ∗∗∗ IBM Security Bulletin: A security vulnerability has been addressed in IBM Cognos Analytics (CVE-2019-4139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Cross-site scripting and failure to enforce HTTP Strict Transport Security vulnerabilities in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4137, CVE-2019-4138) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-2426, CVE-2018-12547, CVE-2018-1890) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-guardium-stealthbits-… ∗∗∗ IBM Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability… ∗∗∗ IBM Security Bulletin: security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Potential Spoofing vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1902) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-spoofing-vu… ∗∗∗ Binutils vulnerability CVE-2019-9075 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42059040 ∗∗∗ Binutils vulnerability CVE-2019-9074 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K09092524 ∗∗∗ GNU Binutils vulnerability CVE-2019-9077 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00056379 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.05.2019
by Daily end-of-shift report 23 May '19

23 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-05-2019 18:00 − Donnerstag 23-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day ∗∗∗ --------------------------------------------- SandboxEscaper held true to that promise, on Thursday releasing on GitHub the proof-of-concepts (PoCs) for another three Windows LPE flaws, and a sandbox-escape zero-day vulnerability impacting Internet Explorer 11. One of them however turns out to already be patched. ... Though SandboxEscaper released PoC demos for these last three flaws, researchers have not yet confirmed their validity. --------------------------------------------- https://threatpost.com/sandboxescaper-more-exploits-ie-zero-day/145010/ ∗∗∗ IT threat evolution Q1 2019 ∗∗∗ --------------------------------------------- Zebrocy and GreyEnergy, four zero-day vulnerabilities in Windows, attacks on cryptocurrency exchanges, a very old bug in WinRAR, attacks on smart devices and other events of the first quarter of 2019. --------------------------------------------- https://securelist.com/it-threat-evolution-q1-2019/90978/ ∗∗∗ Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903 ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1903 (a.k.a., “19H1”), and for Windows Server version 1903. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2019/05/23/security-baseline-f… ∗∗∗ New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices ∗∗∗ --------------------------------------------- We discovered a new variant of Mirai that uses a total of 13 different exploits, almost all of which have been used in previous Mirai-related attacks. Typical of Mirai variants, it has backdoor and distributed denial-of-service (DDoS) capabilities. However, this case stands out as the first to have used all 13 exploits together in a single campaign --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-varia… ∗∗∗ Jeder dritte RDP-Server Österreichs auf „BlueKeep“ anfällig ∗∗∗ --------------------------------------------- In einem überraschenden Schritt hat Microsoft vergangene Woche eine kritische Schwachstelle in den eigentlich nicht mehr unterstützten Betriebssystemen Windows XP und Server 2003 behoben. Die Remote Code Execution „BlueKeep“ (CVE-2019-0708) in der Fernwartungsfunktion Remote Desktop Service (RDP) ist für entfernte Angreifer direkt ausnutzbar und wird als kritisch eingestuft. --------------------------------------------- https://www.offensity.com/de/blog/jeder-dritte-rdp-server-oesterreichs-auf-… ∗∗∗ GetCrypt Ransomware Brute Forces Credentials, Decryptor Released ∗∗∗ --------------------------------------------- A new ransomware called GetCrypt is being installed through malvertising campaigns that redirect victims to the RIG exploit kit. ... If you were infected with the GetCrypt Ransomware, it is possible to get your files back for free. All you need is a original unencrypted copy of a file that has been encrypted. --------------------------------------------- https://www.bleepingcomputer.com/news/security/getcrypt-ransomware-brute-fo… ∗∗∗ iX 6/2019: Follow-Up zu den Sicherheitsproblemen in Office 365 ∗∗∗ --------------------------------------------- Auf die von der iX aufgedeckten Sicherheitsproblemen in Office 365 reagierte Microsoft nun – zufriedenstellen konnten die Antworten aber nicht. --------------------------------------------- https://heise.de/-4429020 ∗∗∗ Apple behebt Firmwareproblem bei T2-Sicherheitschip ∗∗∗ --------------------------------------------- Der Konzern hat ein Zusatzupdate für macOS 10.14.5 freigegeben, das bestimmte MacBook-Pro-Modelle betrifft. Details sind noch rar. --------------------------------------------- https://heise.de/-4429365 ∗∗∗ Undurchsichtige Angebote auf retinollift.com und hyaluronicone.com ∗∗∗ --------------------------------------------- Auf retinollift.com und hyaluronicone.com werden diverse Beautyprodukte angeboten und auch ein besonderes Tagesangebot als „Today’s Special“ beworben. Dieses Spezialangebot enthält eine vermeintlich kostenlose Probe, lediglich der Versand muss per Kreditkarte bezahlt werden. Kurz darauf kommt es aber zu weiteren Abbuchungen, denen die verärgerten Konsument/innen nie bewusst zugestimmt haben. --------------------------------------------- https://www.watchlist-internet.at/news/undurchsichtige-angebote-auf-retinol… ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress plugin "WP Open Graph" vulnerable to cross-site request forgery ∗∗∗ --------------------------------------------- Description: WordPress plugin "WP Open Graph" provided by Custom4Web contains a cross-site request forgery vulnerability (CWE-352). Impact: If a user views a malicious page while logged in, unintended operations may be performed. --------------------------------------------- https://jvn.jp/en/jp/JVN33652328/ ∗∗∗ Vuln: Apache Camel CVE-2019-0188 XML External Entity Injection Vulnerability ∗∗∗ --------------------------------------------- Apache Camel is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks. --------------------------------------------- http://www.securityfocus.com/bid/108422 ∗∗∗ Vuln: QEMU CVE-2019-12247 Integer Overflow Vulnerability ∗∗∗ --------------------------------------------- Attackers can exploit this issue to crash the QEMU instance, resulting in a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. --------------------------------------------- http://www.securityfocus.com/bid/108434 ∗∗∗ WD My Cloud RCE ∗∗∗ --------------------------------------------- In this post I’ll explain how I discoverd several vulnerabilities in Western Digital NAS devices and used them together to execute code remotely, as root. To take control of the NAS an attacker needs to be in the same network and know its IP address. --------------------------------------------- https://bnbdr.github.io/posts/wd/ ∗∗∗ DoS Vulnerability in RTSP Module of Huawei Smart Phones ∗∗∗ --------------------------------------------- There is a DoS vulnerability in RTSP module of some Huawei smart phones. Remote attacker could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. ... CVE-2019-5284. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190523-… ∗∗∗ Tcl code injection security exposure ∗∗∗ --------------------------------------------- Certain coding practices may allow an attacker to inject arbitrary Tool Command Language (Tcl) commands, which could be executed in the security context of the target Tcl script. --------------------------------------------- https://support.f5.com/csp/article/K15650046 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ffmpeg and firefox-esr), openSUSE (bzip2, chromium, and GraphicsMagick), Slackware (curl), SUSE (ucode-intel), and Ubuntu (curl and intel-microcode). --------------------------------------------- https://lwn.net/Articles/789224/ ∗∗∗ Synology-SA-19:25 Virtual Machine Manager ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to bypass security constraints via a susceptible version of Virtual Machine Manager. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_25 ∗∗∗ cURL: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0444 ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is potentially impacted by a weak cipher (CVE-2019-4256) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache ActiveMQ Affects IBM Control Center (CVE-2019-0222) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.05.2019
by Daily end-of-shift report 22 May '19

22 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-05-2019 18:00 − Mittwoch 22-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Zero-Day Exploit [Local Privilege Escalation, Anm.] for Bug in Windows 10 Task Scheduler ∗∗∗ --------------------------------------------- Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsofts monthly cycle of security updates. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-bug… ∗∗∗ Forthcoming OpenSSL Releases ∗∗∗ --------------------------------------------- These releases will be made available on 28th May 2019 between approximately 1200-1600 UTC. OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not address any CVEs. OpenSSL 1.1.1c is a bug-fix release (and contains the equivalent security hardening fixes as for 1.1.0k and 1.0.2s where relevant). --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2019-May/000150.html ∗∗∗ Sophisticated Spear Phishing Campaigns using Homograph Attacks ∗∗∗ --------------------------------------------- Over the last few months we did some research on how to create phishing emails which are good enough to fool even security professionals. Therefore, we were looking into quite an old topic: Punycode domains and IDN homograph attacks. --------------------------------------------- https://www.offensity.com/en/newsroom/sophisticated-spear-phishing-campaign… ∗∗∗ Gefälschte Gewinn-SMS im Namen der Post führt in Abo-Falle ∗∗∗ --------------------------------------------- Konsument/innen erhalten eine gefälschte SMS-Nachricht im Namen der Post AG aufgrund einer angeblichen Gewinnspielteilnahme zugesandt. Wer dem Link folgt, an einer kurzen Umfrage teilnimmt und einen Gewinn auswählt, tappt in eine Abo-Falle. Es bleibt nämlich nicht bei der einmaligen Zahlung von 2 Euro für Adidas Schuhe, die nie geliefert werden, sondern es folgen laufend weitere Abbuchungen durch die ILS Company ApS. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-gewinn-sms-im-namen-der-… ===================== = Vulnerabilities = ===================== ∗∗∗ Mozilla Firefox und Thunderbird: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Es bestehen mehrere Schwachstellen in Mozilla Thunderbird, Mozilla Firefox und Mozilla Firefox ESR. Ein Angreifer kann dies ausnutzen, um den Browser zum Absturz zu bringen, um Daten zu manipulieren, um Sicherheitsmechanismen zu umgehen, um vertrauliche Daten einzusehen oder schädlichen Programmcode auszuführen. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/05/warn… ∗∗∗ DoS Vulnerability in Huawei S Series Switch Products ∗∗∗ --------------------------------------------- Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. ... CVE-2019-5285. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ruby and wget), Debian (proftpd-dfsg), Fedora (firefox, mupdf, nss, and wavpack), openSUSE (evolution, GraphicsMagick, graphviz, libxslt, openssl-1_0_0, ovmf, and sqlite3), Red Hat (dotnet, python27-python and python27-python-jinja2, and rh-mariadb102-mariadb and rh-mariadb102-galera), Slackware (mozilla), SUSE (gnutls, java-1_7_1-ibm, and java-1_8_0-ibm), and Ubuntu (curl, firefox, php5, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/789132/ ∗∗∗ Computrols CBAS Web ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-141-01 ∗∗∗ Mitsubishi Electric MELSEC-Q Series Ethernet Module ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-141-02 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM License Key Server Administration and Reporting Tool and Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack due to incorrect permissions on MQ directories. (CVE-2019-4078) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-… ∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a denial of service attack within the error logging function (CVE-2019-4039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.05.2019
by Daily end-of-shift report 21 May '19

21 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 20-05-2019 18:00 − Dienstag 21-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ DDoS attacks in Q1 2019 ∗∗∗ --------------------------------------------- Q1 2019 held no particular surprises, save for countries such as Saudi Arabia, the Netherlands, and Romania maintaining a high level of DDoS activity. --------------------------------------------- https://securelist.com/ddos-report-q1-2019/90792/ ∗∗∗ Jetzt patchen! Exploit-Code für RDP-Lücke BlueKeep in Windows gesichtet ∗∗∗ --------------------------------------------- Wer ältere Windows-Versionen als 10 und 8.1 nutzt, sollte aufgrund von möglichen Angriffen spätestens jetzt die aktuellen Sicherheitsupdates installieren. --------------------------------------------- https://heise.de/-4427183 ∗∗∗ Zweite Ausgabe des Deutsch-Französischen IT-Sicherheitslagebilds erschienen ∗∗∗ --------------------------------------------- Darin tragen das Bundesamt für Sicherheit in der Informationstechnik (BSI) und die französische Agence nationale de la sécurité des systèmes d'information (ANSSI) nationale Erkenntnisse und Erfahrungen zu zwei aktuellen Themen vergleichend zusammen und bereiten diese für die allgemeine Öffentlichkeit auf. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/D-F-IT-Sich… ∗∗∗ So schützen Sie sich vor Abo-Fallen im Internet ∗∗∗ --------------------------------------------- Gleich vorweg sei gesagt: Auch im Internet hat niemand etwas zu verschenken! Seien Sie daher skeptisch bei schier unglaublichen Gratisangeboten oder Gewinnversprechen in E-Mails und SMS, auf Social Media, auf Websites oder in Online-Werbung. Kriminelle nutzen diese häufig, um Konsument/innen in eine Abo-Falle zu locken. --------------------------------------------- https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-abo-fallen… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: systemd CVE-2018-20839 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- systemd is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. systemd 242 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/108389 ∗∗∗ Linux Privilege Escalation via LXD & Hijacked UNIX Socket Credentials ∗∗∗ --------------------------------------------- Linux systems running LXD are vulnerable to privilege escalation via multiple attack paths, two of which are published in my “lxd_root” GitHub repository. This blog will go into the details of what I think is a very interesting path - abusing relayed UNIX socket credentials to speak directly to systemd’s private interface. --------------------------------------------- https://shenaniganslabs.io/2019/05/21/LXD-LPE.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7 and jackson-databind), Fedora (checkstyle and gradle), openSUSE (qemu and xen), SUSE (ffmpeg, kvm, and ucode-intel), and Ubuntu (libraw and python-urllib3). --------------------------------------------- https://lwn.net/Articles/789017/ ∗∗∗ IBM Addresses Reported Intel Security Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-addresses-reported-intel-security-vulne… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Web Experience Factory ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.05.2019
by Daily end-of-shift report 20 May '19

20 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-05-2019 18:00 − Montag 20-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Linksys-Router leaken offenbar alle verbundenen Geräte ∗∗∗ --------------------------------------------- Linksys will die Sicherheitslücke bereits 2014 geschlossen haben, doch laut dem Sicherheitsforscher Troy Mursch leaken die Router weiterhin die Daten aller jemals verbundenen Geräte. (Router-Lücke, Netzwerk) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-linksys-router-leaken-offenbar-… ∗∗∗ ENISA is setting the ground for Industry 4.0 Cybersecurity ∗∗∗ --------------------------------------------- The EU Agency for Cybersecurity ENISA is stepping up its efforts to foster cybersecurity for Industry 4.0 by publishing a new paper on ‘Challenges and Recommendations for Industry 4.0 Cybersecurity’ . --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-is-setting-the-ground-for… ∗∗∗ Security researchers discover Linux version of Winnti malware ∗∗∗ --------------------------------------------- Winnti Linux variant used in 2015 in the hack of a Vietnamese gaming company. --------------------------------------------- https://www.zdnet.com/article/security-researchers-discover-linux-version-o… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cups-filters, dhcpcd5, faad2, ghostscript, graphicsmagick, jruby, lemonldap-ng, and libspring-security-2.0-java), Fedora (gnome-desktop3, java-1.8.0-openjdk-aarch32, libu2f-host, samba, sqlite, webkit2gtk3, xen, and ytnef), Mageia (docker, flash-player-plugin, freeradius, libsndfile, libxslt, mariadb, netpbm, python-jinja2, tomcat-native, and virtualbox), openSUSE (kernel and ucode-intel), and SUSE (kernel, kvm, libvirt, nmap, and transfig). --------------------------------------------- https://lwn.net/Articles/788911/ ∗∗∗ MIELE Multiple Vulnerabilities in XGW 3000 ZigBee Gateway ∗∗∗ --------------------------------------------- Miele XGW 3000 is prone to mutiple vulerabilities in version <= 2.3.4 (1.4.6) --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-010 ∗∗∗ IBM Security Bulletin: Vulnerabiliies in ghostscript affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-gho… ∗∗∗ IBM Security Bulletin: A vulnerability in OpenSSL affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-op… ∗∗∗ IBM Security Bulletin: A vulnerability in Corosync affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-co… ∗∗∗ IBM Security Bulletin: A vulnerability in Docker affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-do… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by a security degradation vulnerability in Kubernetes (CVE-2019-9946) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V5 is impacted by information disclosure (CVE-2018-1991) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-imp… ∗∗∗ HPESBST03928 rev.1 - Command View Advanced Edition (CVAE) Products using JDK, Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03917 rev.1 - HPE Integrated Lights-Out 4 (iLO 4) for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.05.2019
by Daily end-of-shift report 17 May '19

17 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-05-2019 18:00 − Freitag 17-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cyber Security Challenge 2019 ∗∗∗ --------------------------------------------- Auch heuer veranstaltet der Verein Cyber Security Austria gemeinsam mit dem Abwehramt die Austria Cyber Security Challenge, quasi das Äquivalent zu den Mathe/Chemie/Latein/... - Olympiaden für Cyber Security.Über das Jahr hinweg werden einerseits die Staatsmeister ermittelt, aber auch das österreichische Team für den Europäischen Wettbewerb ausgesucht. --------------------------------------------- http://www.cert.at/services/blog/20190517101951-2471.html ∗∗∗ Google recalls Titan Bluetooth keys after finding security flaw ∗∗∗ --------------------------------------------- Google had egg on its face this week after it had to recall some of its Titan hardware security keys for being insecure. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/17/google-recalls-titan-bluetooth-… ∗∗∗ A Large Chunk of Ethereum Clients Remain Unpatched ∗∗∗ --------------------------------------------- In a report shared with ZDNet today, security researchers from SRLabs revealed that a large chunk of the Ethereum client software that runs on Ethereum nodes has yet to receive a patch for a critical security flaw the company discovered earlier this year. --------------------------------------------- https://it.slashdot.org/story/19/05/17/151222/a-large-chunk-of-ethereum-cli… ∗∗∗ Intel fixt teils kritische Lücken in UEFI-BIOS, ME und Linux-Grafiktreiber ∗∗∗ --------------------------------------------- In den vergangenen Tagen beschäftigten Intel neben ZombieLoad noch weitere Lücken. Die sind zum Glück nicht aus der Ferne ausnutzbar. --------------------------------------------- https://heise.de/-4423912 ∗∗∗ Dateidiebstahl und mehr: Problematische Lücken in Apples AirDrop-Technik ∗∗∗ --------------------------------------------- Mit dem AWDL-Verfahren können iPhones, Macs und Co. direkt Daten austauschen. Forscher aus Darmstadt zeigten nun neue Missbrauchsmöglichkeiten. --------------------------------------------- https://heise.de/-4424245 ===================== = Vulnerabilities = ===================== ∗∗∗ DNS-Software BIND: Neue Version schließt mehrere Schwachstellen ∗∗∗ --------------------------------------------- Die BIND-Versionen 9.11.7, 9.14.2 und aktualisierte BIND-Packages für Linux sind gegen zwei potzenzielle Denial-of-Service-Angriffspunkte abgesichert. --------------------------------------------- https://heise.de/-4424425 ∗∗∗ Security Advisory - MITM Vulnerability on Huawei Share ∗∗∗ --------------------------------------------- There is a man-in-the-middle(MITM) vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190517-… ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Wacom Update Helper ∗∗∗ --------------------------------------------- There are two privilege escalation vulnerabilities in the Wacom update helper. The update helper is a utility installed alongside the macOS application for Wacom tablets. The application interacts with the tablet and allows the user to manage it. These vulnerabilities could allow an attacker with local access to raise their privileges to root. --------------------------------------------- https://blog.talosintelligence.com/2019/05/wacom-update-helper-vuln-spotlig… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jquery), Fedora (kernel-headers, php-typo3-phar-stream-wrapper, and python3), openSUSE (qemu, ucode-intel, and xen), Red Hat (chromium-browser, java-1.8.0-ibm, and rh-python35-python-jinja2), SUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, evolution, graphviz, kernel, qemu, and systemd), and Ubuntu (libmediainfo, libvirt, and Wireshark). --------------------------------------------- https://lwn.net/Articles/788773/ ∗∗∗ Drupal: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Drupal [genauer: externen Modulen, Anm.] ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0433 ∗∗∗ Symantec Messaging Gateway: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer aus dem angrenzenden Netzwerk kann eine Schwachstelle in Symantec Messaging Gateway ausnutzen, um Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0432 ∗∗∗ F-Secure Produkte: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/05/warn… ∗∗∗ Vuln: Fuji Electric Alpha7 PC Loader Out-of-Bounds Read Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108359 ∗∗∗ Potential Impact on Processors in the POWER Family ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ ∗∗∗ IBM Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2019-4293) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-vulnera… ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-5-x… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ SSB-501863 (Last Update: 2019-05-16): Customer Information on Microsoft Windows RDP Vulnerability for Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssb-501863.pdf ∗∗∗ Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52370164 ∗∗∗ Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K97035296 ∗∗∗ Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K80159635 ∗∗∗ Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K34303485 ∗∗∗ INTEL-SA-00233 Microarchitectural Data Sampling Advisory ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41283800 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.05.2019
by Daily end-of-shift report 16 May '19

16 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-05-2019 18:00 − Donnerstag 16-05-2019 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Announcing the all new Attack Surface Analyzer 2.0 ∗∗∗ --------------------------------------------- Attack Surface Analyzer 2.0 can help you identify security risks introduced when installing software on Windows, Linux, or macOS by analyzing changes to the file system, registry, network ports, .. --------------------------------------------- https://www.microsoft.com/security/blog/2019/05/15/announcing-new-attack-su… ∗∗∗ Sicherheitsupdate: WordPress-Plugin WP Live Chat Support für Attacken anfällig ∗∗∗ --------------------------------------------- Aufgrund eines Fehlers könnten Angreifer Schadcode auf WordPress-Websites mit dem Zusatzmodul WP Live Chat Support verankern. --------------------------------------------- https://heise.de/-4423479 ∗∗∗ Kritische Schwachstelle in Microsoft Remote Desktop Services - Updates verfügbar ∗∗∗ --------------------------------------------- Microsoft hat als Teil des "Patch Tuesday" ein Update für eine Schwachstelle in "Remote Desktop Services" veröffentlicht. Diese Schwachstelle ermöglicht es einem Angreifer, durch eine speziell .. --------------------------------------------- http://www.cert.at/warnings/all/20190516.html ∗∗∗ An MDS reading list ∗∗∗ --------------------------------------------- We contemplated putting together an LWN article on the "microarchitecturaldata sampling" (MDS) vulnerabilities, as weve done for pastspeculative-execution issues. But the truth of the matter is that its .. --------------------------------------------- https://lwn.net/Articles/788522/ ∗∗∗ IT-Security - Zombieload und Co.: Softwarehersteller geben zunehmend gegen Prozessorlücken auf ∗∗∗ --------------------------------------------- Apple hat aktuelle Patches wegen massiven Performanceverlusten nur teilweise aktiviert, Googles v8-Team sieht Aufwand nicht gerechtfertigt --------------------------------------------- https://derstandard.at/2000103251668/Zombieload-und-Co-Softwarehersteller-g… ∗∗∗ $100 million GozNym cybercrime network dismantled as suspects charged ∗∗∗ --------------------------------------------- The sophisticated conspiracy saw tens of thousands of victims’ computers infected with the GozNym malware in order to steal online banking passwords, and raid .. --------------------------------------------- https://hotforsecurity.bitdefender.com/blog/100-million-goznym-cybercrime-n… ∗∗∗ Threat Actor Profile: TA542, From Banker to Malware Distribution Service ∗∗∗ --------------------------------------------- Proofpoint researchers began tracking a prolific actor (referred to as TA542) in 2014 when reports first emerged about the appearance of the group’s signature payload, Emotet (aka Geodo). TA542 consistently uses the latest version of this malware, launching widespread email campaigns .. --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta54… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Unified Intelligence Center Remote File Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow a remote attacker to gain the ability to .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/05/15/Cisco-Releases-Mul… ∗∗∗ Drupal core - Moderately critical - Third-party libraries - SA-CORE-2019-007 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2019-007 ∗∗∗ Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys ∗∗∗ --------------------------------------------- https://security.googleblog.com/2019/05/titan-keys-update.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.05.2019
by Daily end-of-shift report 15 May '19

15 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-05-2019 18:00 − Mittwoch 15-05-2019 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücken: Adobe patcht PDF-Werkzeuge und den Flash Player ∗∗∗ --------------------------------------------- Adobe hat turnusmäßig neue Sicherheitsupdates veröffentlicht. Im Mai 2019 sollten vor allem der Adobe Reader und Adobe Acrobat abgesichert werden. Auch für den Flash Player gibt es eine Warnung .. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-adobe-patcht-pdf-werkzeuge-und… ∗∗∗ Best of the Web: Trust-Siegel verteilt Keylogger ∗∗∗ --------------------------------------------- Eigentlich soll das Best-of-the-Web-Siegel die Sicherheit von Webseiten zertifizieren, stattdessen wurden über ein gehacktes Script Keylogger .. --------------------------------------------- https://www.golem.de/news/best-of-the-web-trust-siegel-verteilt-keylogger-1… ∗∗∗ May 2019 Security Update Release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2019/05/14/may-2019-security-updat… ∗∗∗ Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) ∗∗∗ --------------------------------------------- Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updat… ∗∗∗ Three New Masque Attacks against iOS: Demolishing, Breaking and Hijacking ∗∗∗ --------------------------------------------- In the recent release of iOS 8.4, Apple fixed several vulnerabilities including vulnerabilities that allow attackers to deploy two new kinds of Masque Attack (CVE-2015-3722/3725, and CVE-2015-3725). We call these exploits Manifest Masque and Extension Masque, which can be used to demolish apps, including system apps (e.g., Apple Watch, .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2015/06/three_new_masqueatt.html ∗∗∗ array_diff_ukey Usage in Malware Obfuscation ∗∗∗ --------------------------------------------- We discovered a PHP backdoor on a WordPress installation that contained some interesting obfuscation .. --------------------------------------------- http://labs.sucuri.net/?note=2019-05-14 ∗∗∗ IT-Security - Grazer Forscher entdeckten neue Lücken bei Intel-Prozessoren ∗∗∗ --------------------------------------------- Prozessoren der Jahre 2012 bis 2018 betroffen – Neue Updates werden notwendig --------------------------------------------- https://derstandard.at/2000103122472/Grazer-Forscher-entdeckten-neue-Sicher… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: SAP BusinessObjects Business Intelligence CVE-2019-0289 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- SAP BusinessObjects Business Intelligence CVE-2019-0289 Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/108311 ∗∗∗ Synology-SA-19:23 Samba AD DC ∗∗∗ --------------------------------------------- CVE-2018-16860 allows man-in-the-middle attackers to bypass security constraints via a susceptible version of Directory Server for Windows Domain. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_23 ∗∗∗ DSA-4443 samba - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2019/dsa-4443 ∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/05/13/Cisco-Releases-Sec… ∗∗∗ Authorization Bypass Vulnerability in RSA NetWitness (CVE-2019-3724) ∗∗∗ --------------------------------------------- https://sec-consult.com/en/blog/advisories/authorization-bypass-vulnerabili… ∗∗∗ VMSA-2019-0007 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0007.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.05.2019
by Daily end-of-shift report 14 May '19

14 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 13-05-2019 18:00 − Dienstag 14-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Unklare Angebote zu Strafregisterauszug, Führungs- und Leumundszeugnis ∗∗∗ --------------------------------------------- Auf leumundszeugnis.at, strafregisterauszug.at, fuehrungszeugnis.at und amtsweg.info können Konsument/innen Online-Wegweiser bzw. E-Books erwerben, die beschreiben, wie gewisse Anträge bei den zuständigen Ämtern online gestellt werden können. Für zahlreiche Interessent/innen ist aber nicht klar erkennbar, dass nur Anleitungen und nicht die amtlichen Dokumente selbst angeboten werden. --------------------------------------------- https://www.watchlist-internet.at/news/unklare-angebote-zu-strafregisteraus… ===================== = Vulnerabilities = ===================== ∗∗∗ Update WhatsApp now: Bug lets snoopers put spyware on your phone with just a call ∗∗∗ --------------------------------------------- WhatsApp has disclosed a serious vulnerability in the messaging app that gives snoops a way to remotely inject Israeli spyware on iPhone and Android devices simply by calling the target. The bug, detailed in a Monday Facebook advisory for CVE-2019-3568, is a buffer overflow vulnerability within WhatsApp's VOIP function. --------------------------------------------- https://www.zdnet.com/article/update-whatsapp-now-bug-lets-snoopers-put-spy… ∗∗∗ Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder ∗∗∗ --------------------------------------------- Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild. Out of 87 total flaws, a whopping number of vulnerabilities (i.e., --------------------------------------------- https://thehackernews.com/2019/05/adobe-software-updates.html ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Original release date: May 14, 2019 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:watchOS 5.2.1Safari 12.1.1Apple TV Software 7.3tvOS 12.3iOS 12.3macOS Mojave 10.14.5, --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/05/14/Apple-Releases-Mul… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (flatpak, ghostscript, and python-jinja2), Debian (cups-filters, imagemagick, qt4-x11, and samba), Fedora (httpd and wpa_supplicant), openSUSE (freeradius-server, nmap, python-Jinja2, signing-party, and webkit2gtk3), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), Scientific Linux (python-jinja2), SUSE (cf-cli, java-1_8_0-openjdk, and libxslt), and Ubuntu (isc-dhcp, openjdk-8, openjdk-lts, samba, and VCFtools). --------------------------------------------- https://lwn.net/Articles/788373/ ∗∗∗ Intel Desktop Firmware: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Intel Desktop Board products BIOS ist das BIOS welches mit Intel Motherboards ausgeliefert wird. Die Server Firmware stellt die Software-Grundbetriebskomponenten für Mainboards bereit. Ein lokaler Angreifer kann eine Schwachstelle in Intel Desktop Firmware und Intel Server Firmware ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0399 ∗∗∗ ASUS WebStorage abused to spy on users at the router level ∗∗∗ --------------------------------------------- ESET researcher Anton Cherepanov published a report detailing attack vectors related to WebStorage, ASUS's cloud storage service, on Tuesday. According to the team, the Plead malware may be being distributed through MiTM attacks taking place against ASUS software. Plead is a malware variant which specializes in data theft through a combination of the Plead backdoor and Drigo exfiltration tool. --------------------------------------------- https://www.zdnet.com/article/asus-webstorage-abused-to-spy-on-users-at-the… ∗∗∗ Cisco Secure Boot Hardware Tampering Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XE Software Web UI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud January 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in Liberty for Java for IBM Cloud (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ SSA-102144 (Last Update: 2019-05-14): Code Execution Vulnerability in LOGO! Soft Comfort ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf ∗∗∗ SSA-542701 (Last Update: 2019-05-14): Vulnerabilities in SIEMENS LOGO! ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf ∗∗∗ SSA-549547 (Last Update: 2019-05-14): Multiple Vulnerabilites in SCALANCE W1750D ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf ∗∗∗ SSA-606525 (Last Update: 2019-05-14): Denial-of-Service Vulnerability in SINAMICS PERFECT HARMONY GH180 Ethernet Modbus Interface (G28) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf ∗∗∗ SSA-697412 (Last Update: 2019-05-14): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf ∗∗∗ SSA-705517 (Last Update: 2019-05-14): Remote Code Execution Vulnerability in SIMATIC WinCC and SIMATIC PCS 7 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf ∗∗∗ SSA-804486 (Last Update: 2019-05-14): Multiple Vulnerabilities in SIMATIC Panels and SIMATIC WinCC (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf ∗∗∗ SSA-865156 (Last Update: 2019-05-14): Denial-of-Service Vulnerability in SINAMICS PERFECT HARMONY GH180 Fieldbus Network ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf ∗∗∗ SSA-902727 (Last Update: 2019-05-14): Multiple Vulnerabilities in Licensing Software for SISHIP Automation Solutions ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf ∗∗∗ HPESBMU03935 rev.1 - HPE Unified OSS Console Software Products using Apache CouchDB, Remote Code Execution, Remote Escalation of Privilege ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.05.2019
by Daily end-of-shift report 13 May '19

13 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-05-2019 18:00 − Montag 13-05-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Administration: Microsoft empfiehlt ein separat abgesichertes Gerät ∗∗∗ --------------------------------------------- Wer komplexe Systeme administriert, kann auch schnell zu einem attraktiven Angriffsziel werden. Microsoft gibt einige Tipps aus dem eigenen Hause, um diese Gefahr zu minimieren. Dazu gehört der Einsatz spezieller Geräte. --------------------------------------------- https://www.golem.de/news/administration-microsoft-empfiehlt-ein-separat-ab… ∗∗∗ Hashfunktion: Der nächste Nagel im Sarg von SHA-1 ∗∗∗ --------------------------------------------- Eigentlich wissen es alle: Die Hashfunktion SHA-1 ist tot. Forscher haben jetzt eine Methode gefunden, Angriffe auf das Verfahren noch praxisrelevanter zu machen. --------------------------------------------- https://www.golem.de/news/hashfunktion-der-naechste-nagel-im-sarg-von-sha-1… ∗∗∗ AR19-133A: Microsoft Office 365 Security Observations ∗∗∗ --------------------------------------------- Original release date: May 13, 2019 Summary As the number of organizations migrating email services to Microsoft Office 365 (O365) and other cloud services increases, the use of third-party companies that move organizations to the cloud is also increasing. Organizations and their third-party partners need to be aware of the risks involved in transitioning to O365 and other cloud services. --------------------------------------------- https://www.us-cert.gov/ncas/analysis-reports/AR19-133A ∗∗∗ Hackers are collecting payment details, user passwords from 4,600 sites ∗∗∗ --------------------------------------------- Hackers have breached analytics service Picreel and open-source project Alpaca Forms and have modified JavaScript files on the infrastructure of these two companies to embed malicious code on over 4,600 websites, security researchers have told ZDNet. The attack is ongoing, and the malicious scripts are still live, at the time of this articles publishing. --------------------------------------------- https://www.zdnet.com/article/hackers-are-collecting-payment-details-user-p… ∗∗∗ Microsoft erweitert BitLocker-Verwaltungsoptionen für Unternehmen ∗∗∗ --------------------------------------------- Microsoft plant zur Verwaltung der BitLocker-Verschlüsselung in Unternehmensumgebungen Erweiterungen für Intune und den System Center Configuration Manager. --------------------------------------------- https://heise.de/-4420137 ∗∗∗ Jetzt patchen: Angreifer nehmen ältere SharePoint-Server-Lücke ins Visier ∗∗∗ --------------------------------------------- Die schon im Februar/März gefixte Lücke CVE-2019-0604 wird aktiv ausgenutzt. Wer die Updates noch nicht installiert hat, sollte spätestens jetzt handeln. --------------------------------------------- https://heise.de/-4420747 ∗∗∗ Images Loading Credit Card Swipers ∗∗∗ --------------------------------------------- We’ve come across an interesting approach to injecting credit card swipers into Magento web pages. Instead of injecting a real script, attackers insert a seemingly benign, invisible image from the same site. The catch is, the tag has an "onload" event handler that loads the malicious script. --------------------------------------------- http://labs.sucuri.net/?note=2019-05-10 ∗∗∗ NVIDIA Patches High Severity Bugs in GPU Display Driver ∗∗∗ --------------------------------------------- NVIDIA has released patches to address High severity vulnerabilities in its NVIDIA GPU Display Driver that could allow an attacker to escalate privileges or execute code on vulnerable systems. read more --------------------------------------------- https://www.securityweek.com/nvidia-patches-high-severity-bugs-gpu-display-… ===================== = Vulnerabilities = ===================== ∗∗∗ SQLite: Schwachstelle in Programmbibliothek erlaubt Remote Code Execution ∗∗∗ --------------------------------------------- Seit April gibt es SQLite in Version 3.28.0. Angesichts einer kritischen Schwachstelle in früheren Versionen sollten Entwickler schleunigst umsteigen. --------------------------------------------- https://heise.de/-4421109 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (atftp, ghostscript, openjdk-7, and postgresql-9.4), Fedora (java-11-openjdk, mosquitto, and php), Mageia (bash, binutils, clamav, cronie, jasper, kernel, mxml, openexr, openssh, python, qt4, svgsalamander, sysstat, tar, and tcpreplay), openSUSE (openssl, python3, sqlite3, webkit2gtk3, and wireshark), Red Hat (bind, flatpak, freeradius:3.0, java-1.8.0-openjdk, python-jinja2, rh-ror42-rubygem-actionpack, rh-ror50-rubygem-actionpack, rh-ruby23-ruby, [...] --------------------------------------------- https://lwn.net/Articles/788266/ ∗∗∗ Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2019050121 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server April 2019 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ RDQM and IBM MQ Appliance are vulnerable to a denial of service attack (CVE-2018-1084) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-rdqm-and-ibm-m… ∗∗∗ IBM Security Bulletin: Rational DOORS Web Access is affected Cross-site scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-doors-web-ac… ∗∗∗ Linux kernel vulnerability CVE-2017-8824 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15526101 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in the Roav A1 Dashcam ∗∗∗ --------------------------------------------- https://blog.talosintelligence.com/2019/05/vulnerability-spotlight-multiple… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.05.2019
by Daily end-of-shift report 10 May '19

10 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-05-2019 18:00 − Freitag 10-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Drupal: Security-Release fürs CMS repariert sicherheitsanfällige Komponente ∗∗∗ --------------------------------------------- Drupal-Nutzer sollten den CMS-Core aktualisieren. Die Entwickler haben eine Schwachstelle gefixt, die als "moderately critical" gilt. --------------------------------------------- https://heise.de/-4420050 ∗∗∗ BSI stellt Open-Source-Prüfwerkzeug für Evidence Records bereit ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Pruefwerkzeug-Evi… ∗∗∗ Types of backup and five backup mistakes to avoid ∗∗∗ --------------------------------------------- What are the main types of backup operations and how to avoid the sinking feeling of realizing that you may not get your data back? The post Types of backup and five backup mistakes to avoid appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2019/05/10/types-backup-mistakes-avoid/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9, postgresql-9.6, qemu, and symfony), Fedora (kernel, kernel-tools, mod_cluster, rubygem-actioncable, rubygem-actionmailer, rubygem-actionpack, rubygem-actionview, rubygem-activejob, rubygem-activemodel, rubygem-activerecord, rubygem-activestorage, rubygem-activesupport, rubygem-rails, and rubygem-railties), openSUSE (wireshark), Red Hat (freeradius), Scientific Linux (freeradius), and Ubuntu (bind9 and wpa). --------------------------------------------- https://lwn.net/Articles/788066/ ∗∗∗ ZDI-19-459: (0Day) Hewlett Packard Enterprise Intelligent Management Center Standard ImcLoginMgrImpl Hard-coded Cryptographic Key Credentials Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-459/ ∗∗∗ ZDI-19-458: (0Day) Hewlett Packard Enterprise Intelligent Management Center dbman Use of Hard-coded Credentials Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-458/ ∗∗∗ ZDI-19-457: (0Day) Hewlett Packard Enterprise Intelligent Management Center AMF3 Externalizable Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-457/ ∗∗∗ ZDI-19-456: (0Day) Hewlett Packard Enterprise Intelligent Management Center AccessMgrServlet className Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-456/ ∗∗∗ ZDI-19-455: (0Day) Hewlett Packard Enterprise Intelligent Management Center TopoMsgServlet Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-455/ ∗∗∗ ZDI-19-454: (0Day) Hewlett Packard Enterprise Intelligent Management Center soapConfigContent Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-454/ ∗∗∗ ZDI-19-453: (0Day) Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-453/ ∗∗∗ ZDI-19-452: (0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectDevType Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-452/ ∗∗∗ Security Notice - Statement on the Suspected Huawei Issue in the U.S. DoDs 5G Ecosystem Report ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2019/huawei-sn-20190510-01-… ∗∗∗ IBM Security Bulletin: Security Vulnerability in IBM® Java SDK affect IBM Rational Team Concert Apr 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale with CES stack enabled that could allow sensitive data to be included with service snaps. This data could be sent to IBM during service engagements (CVE-2019-4259) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-has-b… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for ACH Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential cross-site request forgery vulnerability (CVE-2018-1790) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ Linux kernel vulnerability CVE-2018-13405 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00854051 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.05.2019
by Daily end-of-shift report 09 May '19

09 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-05-2019 18:00 − Donnerstag 09-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Samsung: Forscher konnte auf Entwicklungsumgebung zugreifen ∗∗∗ --------------------------------------------- Zugangsdaten, Zertifikate, Tokens, Schlüssel und Quellcode: Ein Sicherheitsforscher fand eine öffentlich zugängliche Gitlab-Installation von Samsung - und hätte selbst den Softwarecode ändern können. --------------------------------------------- https://www.golem.de/news/samsung-forscher-konnte-auf-entwicklungsumgebung-… ∗∗∗ Eggheads confirm: Rampant Android bloatware a privacy and security hellscape ∗∗∗ --------------------------------------------- Bundled software not just an annoyance, its also a risk The apps bundled with many Android phones are presenting threats to security and privacy greater than most users think. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/05/09/android_blo… ∗∗∗ Ongoing Credit Card Data Leak ∗∗∗ --------------------------------------------- Our DNSMon flagged an abnormal domain name magento-analytics[.]com, through continuous tracking, and correlation with various data, we found out that the domain name has been used to inject malicious JS script to various online shopping sites to steal the credit card owner / card number / expiration time / CVV information. --------------------------------------------- https://blog.netlab.360.com/ongoing-credit-card-data-leak/ ∗∗∗ Kritische Lücke: Docker-Images von Alpine Linux mit Root-Zugang ohne Passwort ∗∗∗ --------------------------------------------- Einige Versionen der offiziellen Docker-Images von Alpine Linux erlaubten das Einloggen als root mit leerem Passwortfeld. Jetzt ist das Problem behoben. --------------------------------------------- https://heise.de/-4418636 ∗∗∗ Vulnerabilities in financial mobile apps put consumers and businesses at risk ∗∗∗ --------------------------------------------- It’s good to know that your bank’s website boasts that little green padlock, promotes secure communication, and follows a two-factor authentication (2FA) scheme. But are their mobile apps equally secure? --------------------------------------------- https://blog.malwarebytes.com/101/2019/05/vulnerabilities-in-financial-mobi… ∗∗∗ Vulnerability Spotlight: Remote code execution bug in SQLite ∗∗∗ --------------------------------------------- SQLite contains an exploitable use-after-free vulnerability that could allow an attacker to gain the ability to remotely execute code on the victim machine. --------------------------------------------- https://blog.talosintelligence.com/2019/05/vulnerability-spotlight-remote-c… ∗∗∗ Finger weg von elektriker-mg.at ∗∗∗ --------------------------------------------- Beauftragen Sie elektriker-mg.at besser nicht bei Problemen, denn dieses Unternehmen ist betrügerisch. elektriker-mg.at wirbt auf seiner Website damit, 24 Stunden am Tag und 365 Tage im Jahr verfügbar und innerhalb kürzester Zeit bei Ihnen zu sein. Das freundliche Lächeln des Elektrikers trügt: Sie werden um viel Geld betrogen und Ihr Schaden wird nicht behoben! --------------------------------------------- https://www.watchlist-internet.at/news/finger-weg-von-elektriker-mgat/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (drupal7, exiv2, filezilla, and libfilezilla), openSUSE (gnutls, GraphicsMagick, hostinfo, supportutils, and ovmf), Scientific Linux (flatpak and ghostscript), SUSE (mutt and samba), and Ubuntu (Monit). --------------------------------------------- https://lwn.net/Articles/787943/ ∗∗∗ Phar Vulnerabilities Patched in Drupal, TYPO3 ∗∗∗ --------------------------------------------- Updates released this week for the Drupal and TYPO3 open source content management systems (CMSs) patch vulnerabilities related to how Phar archives are handled. The Phar (PHP Archive) package format enables developers to place all the files of a PHP application inside a single archive. --------------------------------------------- https://www.securityweek.com/phar-vulnerabilities-patched-drupal-typo3 ∗∗∗ Kaspersky Anti-Virus: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0387 ∗∗∗ IBM Security Bulletin: Cross-site scripting in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4204) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a message spoofing vulnerability (CVE-2019-6110) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Cloud App Management V2018 could allow an attacker to obtain sensitive configuration information ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Tomcat could affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site request forgery vulnerability (CVE-2018-1790) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.05.2019
by Daily end-of-shift report 08 May '19

08 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-05-2019 18:00 − Mittwoch 08-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hacker gesucht: "Auch Zehnjährige verstehen, was ein sicheres Passwort ist" ∗∗∗ --------------------------------------------- Ab sofort werden im Rahmen der Cyber Security Challenge wieder die besten Hacker Österreichs gesucht. --------------------------------------------- https://futurezone.at/digital-life/hacker-gesucht-auch-zehnjaehrige-versteh… ∗∗∗ Biometric Authentication Overview, Advantages & Disadvantages [Updated 2019] ∗∗∗ --------------------------------------------- What is biometric authentication? Biometric authentication is simply the process of verifying your identity using your measurements or other unique characteristics of your body, then logging you in a service, an app, a device and so on. What’s complicated is the technology behind it, so let’s see how it works. --------------------------------------------- https://heimdalsecurity.com/blog/biometric-authentication/ ∗∗∗ Researchers’ Evil Clippy cloaks malicious Office macros ∗∗∗ --------------------------------------------- A team of security researchers has exploited Microsoft’s patchy macro documentation to hide malicious code inside innocent-looking macros. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/08/researchers-cloak-malicious-off… ∗∗∗ Unternehmen aufgepasst: Bewerbungen mit Schadsoftware in Umlauf ∗∗∗ --------------------------------------------- Generisch gehaltene Mails mit dem Betreff „Bewerbung für Ihre Stellenausschreibung“ werden momentan von Kriminellen verbreitet. Die Nachrichten enthalten ein passwortgeschütztes und somit verschlüsseltes Word-Dokument. Das dazugehörige Passwort ist in der Mail zu finden. Empfänger/innen dürfen den Anhang nicht öffnen. Er enthält Schadsoftware! --------------------------------------------- https://www.watchlist-internet.at/news/unternehmen-aufgepasst-bewerbungen-m… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API.The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dovecot, kernel, linux-zen, munin, nautilus, perl-email-address, and tcpreplay), Debian (atftp), Fedora (perl-YAML and teeworlds), Mageia (java-1.8.0-openjdk, ldb, libsolv, and putty/filezilla/wxgtk), openSUSE (freeradius-server, libjpeg-turbo, pacemaker, rubygem-actionpack-5_1, wpa_supplicant, and yubico-piv-tool), Red Hat (chromium-browser, container-tools:rhel8, edk2, firefox, flatpak, ghostscript, httpd:2.4, mod_auth_mellon, openwsman, [...] --------------------------------------------- https://lwn.net/Articles/787842/ ∗∗∗ [20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/vyaXtvewK3I/781-20190502-c… ∗∗∗ [20190501] - Core - XSS in com_users ACL debug views ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/xio2qb8Db2U/780-20190501-c… ∗∗∗ TYPO3-PSA-2019-008: By-passing protection of Phar Stream Wrapper Interceptor ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-008/ ∗∗∗ TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-007/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Session Management vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4072) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-session-management-vu… ∗∗∗ IBM Security Bulletin: Potential CSV injection threat affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4071) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-csv-injecti… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Potential denial of service in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: IBM MQ Advanced Cloud Pak is vulnerable to a buffer overflow in the curl command (CVE-2018-16842) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planning ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.05.2019
by Daily end-of-shift report 07 May '19

07 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 06-05-2019 18:00 − Dienstag 07-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Confluence Servers Hacked to Install Miners and Rootkits ∗∗∗ --------------------------------------------- After getting pounded with ransomware and malware for deploying distributed denial-of-service (DDoS) attacks, unpatched Confluence servers are now compromised to mine for cryptocurrency. --------------------------------------------- https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to… ∗∗∗ "7 Tips For Planning ICS Plant Visits" ∗∗∗ --------------------------------------------- As you plan the next visit to your ICS plant(s) with your security team, consider these seven tips. They will maximize time on-site for accurate asset identification, effective cybersecurity awareness that will foster IT and OT relationships for smooth ICS incident response, and highlight new ways to ethically hack your digital and physical security perimeter. --------------------------------------------- http://ics.sans.org/blog/2019/05/06/7-tips-for-planning-ics-plant-visits ∗∗∗ Entschlüsselungstool für Erpressungstrojaner MegaLocker/NamPoHyu verfügbar ∗∗∗ --------------------------------------------- Sicherheitsforscher haben ein Gratis-Entschlüsselungstool für eine aktuelle Ransomware veröffentlicht. Der Malware-Entwickler findet das gar nicht witzig. --------------------------------------------- https://heise.de/-4415835 ∗∗∗ Turla LightNeuron: An email too far ∗∗∗ --------------------------------------------- ESET research uncovers Microsoft Exchange malware remotely controlled via steganographic PDF and JPG email attachments --------------------------------------------- https://www.welivesecurity.com/2019/05/07/turla-lightneuron-email-too-far/ ∗∗∗ WordPress GraphQL plugin exploit ∗∗∗ --------------------------------------------- Third-party plugins are often the security Achilles heel of Content Management Systems (CMS). It seems like not a month goes by without one security researcher or another uncovers a vulnerability in a plugin, undermining the security of the whole platform. --------------------------------------------- https://www.pentestpartners.com/security-blog/wordpress-graphql-plugin-expl… ∗∗∗ Surge of MegaCortex ransomware attacks detected ∗∗∗ --------------------------------------------- New MegaCortex ransomware strain detected targeting the enterprise sector. --------------------------------------------- https://www.zdnet.com/article/sudden-surge-of-megacortex-ransomware-infecti… ∗∗∗ WordPress finally gets the security features a third of the Internet deserves ∗∗∗ --------------------------------------------- WordPress 5.2 released with support for cryptographically-signed updates, a modern cryptographic library. --------------------------------------------- https://www.zdnet.com/article/wordpress-finally-gets-the-security-features-… ===================== = Vulnerabilities = ===================== ∗∗∗ [20190501] - Core - XSS in com_users ACL debug views ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 1.7.0 through 3.9.5 Exploit type: XSS Reported Date: 2019-April-29 Fixed Date: 2019-May-07 CVE Number: CVE-2019-11809 Description The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. Affected Installs Joomla! CMS versions 1.7.0 through 3.9.5 Solution Upgrade to version 3.9.6 Contact The JSST at the Joomla! Security Centre. Reported By: Jose Antonio --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/xio2qb8Db2U/780-20190501-c… ∗∗∗ Android Security Bulletin - May 2019 ∗∗∗ --------------------------------------------- [...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-05-01.html ∗∗∗ USN-3969-1: wpa_supplicant and hostapd vulnerability ∗∗∗ --------------------------------------------- wpa vulnerabilityA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 19.04Ubuntu 18.10Ubuntu 18.04 LTSUbuntu 16.04 LTSSummarywpa_supplicant and hostapd could be made to crash if they receivedspecially crafted network traffic. --------------------------------------------- https://usn.ubuntu.com/3969-1/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (389-ds-base, firefox-esr, and symfony), Fedora (poppler), SUSE (audit, ovmf, and webkit2gtk3), and Ubuntu (aria2, FFmpeg, gnome-shell, and sudo). --------------------------------------------- https://lwn.net/Articles/787732/ ∗∗∗ Security Bulletins for TYPO3 CMS ∗∗∗ --------------------------------------------- https://typo3.org/help/security-advisories/typo3-cms/ ∗∗∗ Security Bulletins for TYPO3 Extensions ∗∗∗ --------------------------------------------- https://typo3.org/help/security-advisories/typo3-extensions/ ∗∗∗ Public Services Announcements for TYPO3 ∗∗∗ --------------------------------------------- https://typo3.org/help/security-advisories/public-service-announcements/ ∗∗∗ IBM Security Bulletin: Multiple Java Vulnerabilities Impact IBM Control Center (CVE-2018-3180, CVE-2018-1890) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-java-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.05.2019
by Daily end-of-shift report 06 May '19

06 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 03-05-2019 18:00 − Montag 06-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Cronjob Backdoors ∗∗∗ --------------------------------------------- Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level of their backdoors. A good example of this is the shell_exec function which allows plain shell commands to be run directly through the web application, providing attackers with an increased level of control over the environment. --------------------------------------------- https://blog.sucuri.net/2019/05/cronjob-backdoors.html ∗∗∗ WLAN-Presenter-Systeme mit kritischen Sicherheitslücken ∗∗∗ --------------------------------------------- WLAN-Gateways, die in vielen Meeting-Räumen das kabellose Anzeigen von Folien ermöglichen, lassen sich kapern und mit Schadcode verseuchen. --------------------------------------------- https://heise.de/-4413258 ∗∗∗ Erpressungswelle zielt auf öffentliche Git-Repositorys ∗∗∗ --------------------------------------------- Seit einigen Tagen haben Erpresser zahlreiche Repositorys bei GitHub, GitLab und BitBucket gelöscht und fordern Bitcoins für die Wiederherstellung. --------------------------------------------- https://heise.de/-4413576 ∗∗∗ Betrügerische Job-Angebote verführen zur Geldwäsche ∗∗∗ --------------------------------------------- Auf der Suche nach dem neuen Job stoßen Konsument/innen häufig auf betrügerische Angebote, bei denen die Aufgabe aus der Weiterleitung von Geldbeträgen besteht. Nicht immer ist dies bereits in der entsprechenden Jobausschreibung erkennbar. So geschehen auch auf der von Kriminellen übernommenen Website bulldozer-sprachschule.at, wo Bewerber/innen zur Geldwäsche aufgefordert wurden. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-job-angebote-verfuehr… ===================== = Vulnerabilities = ===================== ∗∗∗ High-Severity PrinterLogic Flaws Enable Remote Code Execution ∗∗∗ --------------------------------------------- The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers. --------------------------------------------- https://threatpost.com/printerlogic-remote-code-execution/144383/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jquery, librecad, and phpbb3), Fedora (bubblewrap, java-11-openjdk, libvirt, openssh, and pacemaker), Mageia (virtualbox), openSUSE (chromium, ImageMagick, and java-11-openjdk), and SUSE (openssl-1_1). --------------------------------------------- https://lwn.net/Articles/787599/ ∗∗∗ HPESBHF03769 rev.2 - HPE Integrated Lights-out 4 (iLO 4), and Moonshot Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ IBM Security Bulletin: IBM TRIRIGA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data (CVE-2019-4208) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-is-vulner… ∗∗∗ IBM Security Bulletin: IBM TRIRIGA Application Platform may disclose sensitive information (CVE-2019-4207) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-applicati… ∗∗∗ IBM Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM TRIRIGA Application Platform (CVE-2018-15786) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-pivo… ∗∗∗ IBM Security Bulletin: IBM TRIRIGA Application Platform could disclose sensitive information (CVE-2018-2008) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-applicati… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains a cross-site request forgery vulnerability in the REST API (CVE-2018-2001) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-prog… ∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2018-1890, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-af… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Runtime Environment Java™ Version affect IBM Cloud Manager with OpenStack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gn… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.05.2019
by Daily end-of-shift report 03 May '19

03 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-05-2019 18:00 − Freitag 03-05-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Decryptor for MegaLocker and NamPoHyu Virus Ransomware Released ∗∗∗ --------------------------------------------- Emsisoft has released a decryptor for the MegaLocker and NamPoHyu Virus ransomware that has been targeting exposed Samba servers. Victims can now use this decryptor to recover their files for free. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/decryptor-for-megalocker-and… ∗∗∗ Informal Expert Group on EU Member States Incident Response Development ∗∗∗ --------------------------------------------- ENISA launches this Call for Participation to invite experts to participate in its expert group. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/informal-e-xpert-group-on-eu-ms… ∗∗∗ 2019: The Return of Retefe ∗∗∗ --------------------------------------------- Retefe is a banking Trojan that historically has routed online banking traffic intended for targeted banks through a proxy instead of the web injects more typical of other bankers. [...] Although Retefe only appeared infrequently in 2018, the banker returned to more regular attacks on Swiss and German victims in April of 2019 with both a Windows and macOS version. Retefes return to the landscape was marked by several noteworthy changes: [...] --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/2019-return-retefe ∗∗∗ Abus Funkalarmanlage: Sicherheitslücke erlaubt Klonen von RFID-Schlüsseln ∗∗∗ --------------------------------------------- Erst vergangene Woche enthüllten Sicherheitsforscher drei Sicherheitslücken in Abus Secvest Alarmanlagen. Nun folgt eine weitere. --------------------------------------------- https://heise.de/-4412282 ∗∗∗ D-Link schützt DNS-320 und weitere NAS mit Updates gegen Cr1ptTor-Ransomware ∗∗∗ --------------------------------------------- Die Netzwerkspeicher DNS-320L, DNS-325 und DNS-327L waren anfällig für Angriffe durch den Verschlüsselungstrojaner Cr1ptor. Firmware-Updates sollen das ändern. --------------------------------------------- https://heise.de/-4412656 ∗∗∗ Vulnerabilities Found in Over 100 Jenkins Plugins ∗∗∗ --------------------------------------------- A researcher has discovered vulnerabilities in more than 100 plugins designed for the Jenkins open source software development automation server and many of them have yet to be patched. read more --------------------------------------------- https://www.securityweek.com/vulnerabilities-found-over-100-jenkins-plugins ===================== = Vulnerabilities = ===================== ∗∗∗ Orpak SiteOmat ∗∗∗ --------------------------------------------- This advisory includes mitigations for use of hard-coded credentials, cross-site scripting, SQL injection, missing encryption of sensitive data, code injection, and stack-based buffer overflow vulnerabilities reported in Orpak’s SiteOmat, software for fuel station management. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01 ∗∗∗ GE Communicator ∗∗∗ --------------------------------------------- This advisory includes mitigations for uncontrolled search path, use of hard-coded credentials, and improper access control vulnerabilities reported in GEs Communicator software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02 ∗∗∗ Sierra Wireless AirLink ALEOS ∗∗∗ --------------------------------------------- This advisory includes mitigations for OS command injection, use of hard-coded credentials, unrestricted upload of file with dangerous type, cross-site scripting, cross-site request forgery, information exposure, and missing encryption of sensitive data vulnerabilities reported in the Sierra Wireless AirLink ALEOS products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (linux-4.9 and otrs2), Fedora (gradle, java-1.8.0-openjdk, jetty, kernel, ruby, and runc), openSUSE (dovecot23, jasper, libsoup, ntfs-3g_ntfsprogs, and webkit2gtk3), SUSE (openssl), and Ubuntu (python-gnupg). --------------------------------------------- https://lwn.net/Articles/787413/ ∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Releases 1801-w and 1801-y ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-s… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.05.2019
by Daily end-of-shift report 02 May '19

02 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 30-04-2019 18:00 − Donnerstag 02-05-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Phishing-Mail hat es auf Ihr Willhaben-Konto abgesehen ∗∗∗ --------------------------------------------- Erneut sind Phishing-Mails Krimineller im Umlauf. Die Mails erwecken den Anschein, von der Kleinanzeigenplattform Willhaben zu stammen und informieren über die Veröffentlichung einer Verkaufsanzeige für eine Samsung Waschmaschine. Empfänger/innen dürfen den Links in der Nachricht nicht folgen und keine Daten eingeben, ansonsten verlieren sie ihr Willhaben-Konto. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-mail-hat-es-auf-ihr-willhab… ∗∗∗ JavaScript card sniffing attacks spread to other e-commerce platforms ∗∗∗ --------------------------------------------- OpenCart, OSCommerce, WooCommerce, Shopify are also being targeted. --------------------------------------------- https://www.zdnet.com/article/javascript-card-sniffer-attacks-spread-to-oth… ∗∗∗ 50,000 enterprise firms running SAP software vulnerable to attack ∗∗∗ --------------------------------------------- 9 out of 10 SAP production systems are believed to be vulnerable to new exploits. --------------------------------------------- https://www.zdnet.com/article/50000-enterprise-firms-running-sap-software-v… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Treiberinstallation auf Dell-Laptops angreifbar ∗∗∗ --------------------------------------------- Eine auf Dell-Laptops vorinstallierte Windows-Software zur Installation von Treibern öffnet einen lokalen HTTP-Server. Ein Netzwerkangreifer kann das missbrauchen, um Schadsoftware zu installieren. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-treiberinstallation-auf-dell-la… ∗∗∗ Rockwell Automation CompactLogix 5370 ∗∗∗ --------------------------------------------- This advisory includes mitigations for uncontrolled resource consumption and stack-based buffer overflow vulnerabilities reported in Rockwell Automation’s CompactLogix 5370 controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01 ∗∗∗ Citrix SD-WAN Security Update ∗∗∗ --------------------------------------------- An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic. --------------------------------------------- https://support.citrix.com/article/CTX247735 ∗∗∗ Jetzt patchen: Cisco schließt Lücken in zahlreichen Produkten ∗∗∗ --------------------------------------------- Es ist mal wieder so weit: Netzwerkausrüster Cisco hat zahlreiche Aktualisierungen veröffentlicht. Eine der gepatchten Lücken gilt als kritisch. --------------------------------------------- https://heise.de/-4411599 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (libmediainfo, php-horde-horde, and php-horde-turba), SUSE (hostinfo, supportutils, libjpeg-turbo, and openssl), and Ubuntu (dovecot, libpng1.6, and memcached). --------------------------------------------- https://lwn.net/Articles/787232/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (proftpd-dfsg and signing-party), Fedora (php-horde-horde and php-horde-turba), and Ubuntu (php5). --------------------------------------------- https://lwn.net/Articles/787299/ ∗∗∗ Many Vulnerabilities Found in Wireless Presentation Devices ∗∗∗ --------------------------------------------- Researchers at Tenable have discovered a total of 15 vulnerabilities across eight wireless presentation systems, including flaws that can be exploited to remotely hack devices. read more --------------------------------------------- https://www.securityweek.com/many-vulnerabilities-found-wireless-presentati… ∗∗∗ Vuln: Microsoft Visual Studio asm Remote Memory Corruption Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108122 ∗∗∗ Vuln: Apache Archiva CVE-2019-0214 Arbitrary File Write Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108124 ∗∗∗ IBM Security Advisories ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Appliance mode vulnerability CVE-2019-6614 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K46524395 ∗∗∗ CGNAT/PPTP vulnerability CVE-2019-6611 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K47527163 ∗∗∗ DNS vulnerability CVE-2019-6612 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24401914 ∗∗∗ Appliance mode tmsh vulnerability CVE-2019-6615 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K87659521 ∗∗∗ Appliance mode tmsh vulnerability CVE-2019-6616 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K82814400 ∗∗∗ SNMP vulnerability CVE-2019-6613 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K27400151 ∗∗∗ BIG-IP Resource Administrator vulnerability CVE-2019-6618 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K07702240 ∗∗∗ BIG-IP Resource Administrator vulnerability CVE-2019-6617 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K38941195 ∗∗∗ HTTP/2 ALPN vulnerability CVE-2019-6619 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K94563344 ∗∗∗ NodeJS vulnerability CVE-2018-12120 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37111863 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.04.2019
by Daily end-of-shift report 30 Apr '19

30 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Montag 29-04-2019 18:00 − Dienstag 30-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ APT trends report Q1 2019 ∗∗∗ --------------------------------------------- This is our latest summary of APT activity, based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. It aims to highlight the significant events and findings that we feel people should be aware of. --------------------------------------------- https://securelist.com/apt-trends-report-q1-2019/90643/ ∗∗∗ Vorsicht vor Bestellungen auf cragoo.at und cragoo.de ∗∗∗ --------------------------------------------- Bei cragoo.de bzw. cragoo.at handelt es sich um einen Online-Shop der Firma TA Retail UG mit sehr breitem Sortiment. Es werden unter anderem Haushaltsgeräte, Technik, Autozubehör, Bauutensilien, Fahrräder, Möbel und Spielzeug angeboten. Doch Vorsicht: Uns erreichen laufend Meldungen verärgerter Konsument/innen, die einen Einkauf per Vorkasse bezahlt, aber keine Lieferung erhalten haben. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-bestellungen-auf-cragoo… ∗∗∗ Oracle Weblogic 0day ∗∗∗ --------------------------------------------- Several days ago, information about new Oracle Weblogic Server 0day vulnerability was published [... CVE-2019-2725]. ... One of the SISSDEN goals is to track such a vulnerabilities and answer following questions: How big was the volume of scanning/exploitation? Who is responsible for scanning/exploitation? How was the exploitation executed? --------------------------------------------- https://sissden.eu/blog/oracle-weblogic-0day ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: ImageMagick Multiple Heap Buffer Overflow Vulnerabilities ∗∗∗ --------------------------------------------- ImageMagick is prone to multiple heap-based buffer-overflow vulnerabilities. An attacker can exploit this issue to cause denial-of-service condition and obtain sensitive information. --------------------------------------------- http://www.securityfocus.com/bid/108102 ∗∗∗ Insufficient Privilege Validation in WooCommerce Checkout Manager ∗∗∗ --------------------------------------------- Due to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting over 60,000 sites. If you are using this plugin, we recommend that you update it to version 4.3 immediately. --------------------------------------------- https://blog.sucuri.net/2019/04/insufficient-privilege-validation-in-woocom… ∗∗∗ Schwachstelle in Revive Adserver kann Schadcode-Auslieferung ermöglichen ∗∗∗ --------------------------------------------- Der Werbeanzeigen-Server Revive Adserver ist über zwei Schwachstellen angreifbar; eine davon gilt als kritisch. Version 4.2.0 ist abgesichert. --------------------------------------------- https://heise.de/-4410423 ∗∗∗ Forscher finden Schwachstellen in E-Mail-Signaturprüfung ∗∗∗ --------------------------------------------- Sicherheitsforscher der Fachhochschule Münster und der Ruhr-Universität Bochum haben Schwachstellen in den Implementierungen der weitverbreiteten E-Mail-Verschlüsselungsstandards S/MIME und OpenPGP gefunden --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Signaturfae… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel, openwsman, and ovmf), Debian (gst-plugins-base1.0 and libvirt), Fedora (libX11, poppler, python-urllib3, samba, and wpewebkit), openSUSE (GraphicsMagick), SUSE (atftp, glibc, libssh2_org, and wpa_supplicant), and Ubuntu (wavpack). --------------------------------------------- https://lwn.net/Articles/787158/ ∗∗∗ Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im Foxit Reader und der Foxit Phantom PDF Suite ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0359 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2018-1902) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: A vulnerability affects the IBM FlashSystem 840 and 900 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-affec… ∗∗∗ IBM Security Bulletin: Security vulnerability affects Rational Engineering Lifecycle Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics (CVE-2018-3180, CVE-2013-1624, CVE-2018-1933, CVE-2015-1832, CVE-2018-15494) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ HPESBHF03929 rev.1 - HPE Superdome Flex Server, Local Denial of Service, Disclosure of Information, and Escalation of Privilege ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.04.2019
by Daily end-of-shift report 29 Apr '19

29 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 26-04-2019 18:00 − Montag 29-04-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores ∗∗∗ --------------------------------------------- Malicious actors compromised the Magento installations of a few hundred e-commerce websites and injected them with Magecart skimmer scripts hosted on GitHub. --------------------------------------------- https://www.bleepingcomputer.com/news/security/github-hosted-magecart-card-… ∗∗∗ Old Vulnerabilities Are Still Good Tricks for Todays Attacks ∗∗∗ --------------------------------------------- The value of a security vulnerability drops significantly the moment it gets patched but the bad guys will keep exploiting it for as long as they can find victims that are worth the effort. --------------------------------------------- https://www.bleepingcomputer.com/news/security/old-vulnerabilities-are-stil… ∗∗∗ Typo 3 Spam Infection ∗∗∗ --------------------------------------------- Here at Sucuri most of the malware that we deal with is on CMS platforms like: WordPress, Joomla, Drupal, Magento, and others. But every now and then we come across something a little different. Blackhat SEO Infection in Typo3 Just recently, I discovered a website using the Typo3 CMS that had been infected with a blackhat SEO spam infection: [...] --------------------------------------------- https://blog.sucuri.net/2019/04/typo-3-spam-infection.html ∗∗∗ Schwachstellen in P2P-Komponente: Zwei Millionen IoT-Geräte angreifbar ∗∗∗ --------------------------------------------- Angreifer könnten sich Fernzugriff auf IP-Kameras, smarte Türklingeln und Co. verschaffen. Ein Forscher rät zum Wegwerfen, nennt aber auch einen Workaround. --------------------------------------------- https://heise.de/-4409298 ∗∗∗ A Crash-Course in Card Shops ∗∗∗ --------------------------------------------- The notorious Joker's Stash is perhaps the best-known of many illicit shops in the deep & dark web (DDW) that specialize in, and serve as a primary means through which cybercriminals obtain, stolen payment card data. Commonly referred to as card shops, these shops can also be invaluable resources for those seeking to better understand and combat fraud and cybercrime. read more --------------------------------------------- https://www.securityweek.com/crash-course-card-shops ∗∗∗ So schützen Sie sich vor Phishing-Versuchen ∗∗∗ --------------------------------------------- Beim Phishing versuchen Kriminelle mittels gefälschter E-Mails, Websites und Chat-Nachrichten, sensible Daten von Internetuser/innen abzugreifen. Durch einfach zu treffende Vorkehrungen und ein wachsames Auge kann vermieden werden, auf derartige Betrugsmaschen hereinzufallen. Dies ist wichtig, denn durch falsches Handeln können mitunter hohe finzielle Verluste entstehen. --------------------------------------------- https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-phishing-v… ===================== = Vulnerabilities = ===================== ∗∗∗ Oracle patcht kritische Lücke in WebLogic Server außer der Reihe ∗∗∗ --------------------------------------------- Angreifer könnten WebLogic Server mit vergleichsweise wenig Aufwand attackieren und übernehmen. Nun hat Oracle Sicherheitsupdates veröffentlicht. --------------------------------------------- https://heise.de/-4409153 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, libpng, and openssh), Debian (checkstyle, evolution, gst-plugins-base0.10, gst-plugins-base1.0, imagemagick, libpng1.6, monit, and systemd), Fedora (aria2, php-symfony, php-symfony3, php-symfony4, and python-jinja2), openSUSE (ceph, libssh2_org, libvirt, php7, python3, samba, wget, and xerces-c), Red Hat (rh-python35-python), Slackware (bind), SUSE (libssh2_org), and Ubuntu (evince, gst-plugins-base0.10, gst-plugins-base1.0, and [...] --------------------------------------------- https://lwn.net/Articles/787052/ ∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by potential Host Header Injection (CVE-2019-4166) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storediq-is-affec… ∗∗∗ IBM Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-15756) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-spri… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin : IBM Storwize V7000 Unified is affected by denial of service vulnerability in GPFS (CVE-2018-1783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storwize-v7000-un… ∗∗∗ IBM Security Bulletin : IBM Storwize V7000 Unified is affected by arbitry file read vulnerability in GPFS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storwize-v7000-un… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affect Rational Method Composer March 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.04.2019
by Daily end-of-shift report 26 Apr '19

26 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 25-04-2019 18:00 − Freitag 26-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Getting in the Zone: dumping Active Directory DNS using adidnsdump ∗∗∗ --------------------------------------------- Zone transfers are a classical way of performing reconnaissance in networks (or even from the internet). They require an insecurely configured DNS server that allows anonymous users to transfer all records and gather information about host in the network. What not many people know however is that if Active Directory integrated DNS is used, any [...] --------------------------------------------- https://blog.fox-it.com/2019/04/25/getting-in-the-zone-dumping-active-direc… ∗∗∗ Service Accounts Redux - Collecting Service Accounts with PowerShell ∗∗∗ --------------------------------------------- Back in 2015 I wrote up a "find the service accounts" story - https://isc.sans.edu/forums/diary/Windows+Service+Accounts+Why+Theyre+Evil+… (yes, it really has been that long). The approach I wrote up then used WMIC. Those scripts saw a lot of use back in the day, but dont reflect the fastest or most efficient way to collect this information - I thought today was a good day to cover how to do this much quicker in PowerShell. --------------------------------------------- https://isc.sans.edu/forums/diary/Service+Accounts+Redux+Collecting+Service… ∗∗∗ Statistik: Deutlich mehr Malware für den Mac ∗∗∗ --------------------------------------------- Laut Angaben des Sicherheitsunternehmens Malwarebytes nehmen die Angriffe auf macOS-User zu. Besonders Adware wird zum Problem. --------------------------------------------- https://heise.de/-4408038 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450 ∗∗∗ --------------------------------------------- Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws present a number of attack vectors for a malicious actor, and could allow them to remotely execute code on the victim machine, change the administrator's password and expose user credentials, among [...] --------------------------------------------- https://blog.talosintelligence.com/2019/04/vulnerability-sierra-airlink.html ∗∗∗ Vorsicht vor Betrugs-Mails mit vermeintlichen Rechnungen ∗∗∗ --------------------------------------------- Konsument/innen und Unternehmen erhalten E-Mails, die auf Links zu angeblichen Rechnungen verweisen. Die Betroffenen werden beispielsweise aufgefordert die Rechnungen zu bezahlen oder deren Inhalt zu überprüfen. Wer den Links folgt landet auf betrügerischen Websites, die versuchen, Systeme mit Schadsoftware zu infizieren. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-betrugs-mails-mit-verme… ∗∗∗ An inside look at how credential stuffing operations work ∗∗∗ --------------------------------------------- Data breaches, custom software, proxies, IoT botnets, and hacking forums -- all play a role. --------------------------------------------- https://www.zdnet.com/article/an-inside-look-at-how-credential-stuffing-ope… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension ∗∗∗ --------------------------------------------- If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company - called "Plugin Vulnerabilities" - that recently gone rogue in order to protest against moderators of the WordPress's official support forum has once [...] --------------------------------------------- https://thehackernews.com/2019/04/wordpress-woocommerce-security.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gpac and mercurial), Fedora (kernel-headers and kernel-tools), openSUSE (GraphicsMagick, kauth, lxc, lxcfs, python, qemu, and xmltooling), SUSE (freeradius-server, ImageMagick, libvirt, samba, and wireshark), and Ubuntu (bind9). --------------------------------------------- https://lwn.net/Articles/786884/ ∗∗∗ Synology-SA-19:20 ISC BIND ∗∗∗ --------------------------------------------- CVE-2018-5743 allows remote attackers to conduct denial-of-service attacks via a susceptible version of DNS Server.DNS Server is not affected by CVE-2019-6947 and CVE-2019-6948 as these vulnerabilities only affect ISC BIND 9.10.5 and later. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_20 ∗∗∗ Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190424-… ∗∗∗ IBM Cognos Business Intelligence: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0354 ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2019 – Includes Oracle Jan 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technolo… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM® Java Runtime and Liberty affect IBM BigFix Remote Control ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2018-20346) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulneraqbility-in-s… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability GNU C Library (CVE-2018-16429) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-manager-wit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libtirpc (CVE-2018-14622 CVE-2018-14621) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSH ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSL (CVE-2018-0732 CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.04.2019
by Daily end-of-shift report 25 Apr '19

25 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 24-04-2019 18:00 − Donnerstag 25-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ ExtraPulsar backdoor based on leaked NSA code – what you need to know ∗∗∗ --------------------------------------------- A US security researcher has come up with an open-source Windows backdoor loosely based on NSA attack code that leaked back in 2017. --------------------------------------------- https://nakedsecurity.sophos.com/2019/04/25/extrapulsar-backdoor-based-on-l… ∗∗∗ Android-App "WiFi Finder" leakte private WLAN-Passwörter ∗∗∗ --------------------------------------------- Auf über 100.000 Handys half WiFi Finder beim Verbinden mit öffentlichen Hotspots. In vielen Fällen sammelte die App aber auch private Zugangsdaten. --------------------------------------------- https://heise.de/-4405783 ∗∗∗ Jetzt patchen! Erpressungstrojaner Gandcrab frisst sich durch Confluence-Lücke ∗∗∗ --------------------------------------------- Die Angriffe auf Confluence weiten sich aus. Derzeit versuchen Angreifer verwundbare Systeme mit der Ransomware Gandcrab zu infizieren. --------------------------------------------- https://heise.de/-4407102 ∗∗∗ JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan ∗∗∗ --------------------------------------------- Malware loaders are playing an increasingly important role in malware distribution. They give adversaries the ability to gain an initial foothold on a system and are typically used to deliver various malware payloads following successful compromise. These attacks are popping up more frequently, as we covered in July with Smoke Loader and Brushaloader earlier this year. --------------------------------------------- https://blog.talosintelligence.com/2019/04/jasperloader-targets-italy.html ∗∗∗ Erpressungs-E-Mail von mir selbst ∗∗∗ --------------------------------------------- Momentan versenden Kriminelle E-Mails, in denen Sie behaupten Ihre Webcam gehackt und Sie beobachtet zu haben. Sie hätten angeblich Videomaterial, das Sie beim Masturbieren zeigt. Ihnen droht eine Veröffentlichung des Films, wenn Sie nicht einen bestimmten Geldbetrag in Form von Bitcoins überweisen. Weiters scheint es so, als hätten die Kriminellen die E-Mail von Ihrem Account aus an Sie selbst versendet. Bleiben Sie ruhig, es handelt sich um einen Betrugsversuch! --------------------------------------------- https://www.watchlist-internet.at/news/erpressungs-e-mail-von-mir-selbst/ ===================== = Vulnerabilities = ===================== ∗∗∗ Unpatched Vulnerability Alert - WebLogic Zero Day, (Thu, Apr 25th) ∗∗∗ --------------------------------------------- The news today is full of a new deserialization vulnerability in Oracle WebLogic. This affects all current versions of the product (the POC is against 10.3, but 12.x versions are also affected). The vulnerability affects the wls9_async_response package (which is not included by default in all builds), so the workaround is to either ACL the Z/_async/* and /wls-wsat/* paths, or delete wls9_async_response.war. A successful attack gets the attacker remote code exec on the vulnerable server. --------------------------------------------- https://isc.sans.edu/diary/rss/24880 ∗∗∗ Technical Advisory: Private Key Extraction from Qualcomm Hardware-backed Keystores ∗∗∗ --------------------------------------------- Recent Android devices include a hardware-backed keystore, which developers can use to protect their cryptographic keys with secure hardware. On some devices, Qualcomms TrustZone-based keystore leaks sensitive information through the branch predictor and memory caches, enabling recovery of 224 and 256-bit ECDSA keys. --------------------------------------------- https://www.nccgroup.trust/us/our-research/private-key-extraction-qualcomm-… ∗∗∗ New security release versions of BIND are available: 9.11.6-P1, 9.12.4-P1, and 9.14.1 ∗∗∗ --------------------------------------------- CVE-2018-5743: Limiting simultaneous TCP clients is ineffective CVE-2019-6467: An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c CVE-2019-6468: BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used --------------------------------------------- https://lists.isc.org/pipermail/bind-announce/2019-April/001126.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (putty and systemd), Fedora (kernel, kernel-headers, and kernel-tools), Gentoo (ming and qemu), openSUSE (openexr and slurm), SUSE (ImageMagick, jasper, ntfs-3g_ntfsprogs, openssh, and webkit2gtk3), and Ubuntu (php5 and tcpflow). --------------------------------------------- https://lwn.net/Articles/786749/ ∗∗∗ TIBCO Security Advisories ∗∗∗ --------------------------------------------- https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-ap… https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-ap… https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-ap… https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-ap… https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-ap… https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-ap… ∗∗∗ BIND vulnerability CVE-2018-5743 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K74009656 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by information disclosure vulnerability (CVE-2019-6157) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integrated-manage… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2019-4047) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2018-2004) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by weak cryptographic algorithms (CVE-2018-2007) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-siteprot… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in GNU C Library (CVE-2017-15804 CVE-2017-15670 CVE-2015-5180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in xorg-x11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in cURL (CVE-2018-14618) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in GNU C Library (CVE-2018-11236) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integrated-manage… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.04.2019
by Daily end-of-shift report 24 Apr '19

24 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 23-04-2019 18:00 − Mittwoch 24-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Malware Hosted in Google Sites Sends Data to MySQL Server ∗∗∗ --------------------------------------------- Security researchers found malware hosted on the Google Sites platform for building websites. The threat is a dropper for an information stealer that sends data to a MySQL server controlled by the attacker. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malware-hosted-in-google-sit… ∗∗∗ Qbot Malware Dropped via Context-Aware Phishing Campaign ∗∗∗ --------------------------------------------- A phishing campaign dropping the Qbot banking Trojan with the help of delivery emails camouflaging as parts of previous conversations was spotted during late March 2019 by the JASK Special Operations team. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qbot-malware-dropped-via-con… ∗∗∗ Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators ∗∗∗ --------------------------------------------- Ever been in an internal security assessment or penetration test, and need to list all domain admins? First of all, why would you need to do that? All to often, you'll find that way too many people have domain admins - you know, "just in case" --------------------------------------------- https://isc.sans.edu/forums/diary/Where+have+all+the+Domain+Admins+gone+Roo… ∗∗∗ Sighting of Mythical New Shadowserver Website Confirmed! ∗∗∗ --------------------------------------------- After over a decade over operations, the Shadowserver Foundation finally launches a shiny new website. The new site hopefully better explains to the public our values, free services and constituents, and what we continue to do to improve the overall security of the Internet. Our team, focus and mission remain otherwise unchanged. But we may hopefully spare ourselves the occasional embarrassing question! --------------------------------------------- https://www.shadowserver.org/news/sighting-of-mythical-new-shadowserver-web… ∗∗∗ DNSpionage brings out the Karkoff ∗∗∗ --------------------------------------------- Cisco Talos publishes new information about the still ongoing DNSpionage campaign. --------------------------------------------- https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.ht… ∗∗∗ BSI warnt vor gezielten Ransomware-Angriffen auf Unternehmen ∗∗∗ --------------------------------------------- Derzeit registriert das Bundesamt für Sicherheit in der Informationstechnik (BSI) verstärkt Netzwerkkompromittierungen bei Unternehmen, die mit der manuellen und gezielten Ausführung eines Verschlüsselungstrojaners (Ransomware) enden. Dabei verschaffen sich die Angreifer mittels breit angelegter Spam-Kampagnen wie Emotet zunächst Zugang zu einzelnen Unternehmensnetzwerken [...] --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/BSI_warnt_v… ∗∗∗ CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis ∗∗∗ --------------------------------------------- In the previous installment, we wrote about how string hashing was used in CARBANAK to manage Windows API resolution throughout the entire codebase. But the authors used this same string hashing algorithm for another task as well. In this installment, we’ll pick up where we left off and write about CARBANAK’s antivirus (AV) detection, AV evasion, authorship artifacts, exploits, secrets, and network-based indicators. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-two-… ∗∗∗ Honeypot types deployed in SISSDEN ∗∗∗ --------------------------------------------- The SISSDEN sensor network is composed of VPS provider hosted nodes (procured at a cost from the VPS providers) and nodes donated to the project by third-parties acting as endpoints. These VPS nodes are not the actual honeypots themselves. Instead, they act as transparent layer 2 tunnels to the [...] --------------------------------------------- https://sissden.eu/blog/honeypots-deployed ===================== = Vulnerabilities = ===================== ∗∗∗ Fujifilm FCR Capsula X/Carbon X ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for uncontrolled resource consumption and improper access control vulnerabilities reported in Fujifilm’s FCR Capsula X and Carbon X Computed Radiography cassette readers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-113-01 ∗∗∗ Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers ∗∗∗ --------------------------------------------- This advisory includes mitigations for an open redirect vulnerability reported in Rockwell Automation’s MicroLogix 1400 and CompactLogix 5370 controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dovecot, flashplugin, ghostscript, and jenkins), Fedora (glpi, hostapd, python-urllib3, and znc), openSUSE (apache2, audiofile, libqt5-qtvirtualkeyboard, php5, and SDL2), Scientific Linux (kernel), SUSE (curl and dovecot23), and Ubuntu (advancecomp and freeradius). --------------------------------------------- https://lwn.net/Articles/786629/ ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in cURL (CVE-2018-16840 CVE-2018-16842) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: API Connect V5 is impacted by vulnerabilities in Bootstrap (CVE-2018-14040 CVE-2018-14041 CVE-2018-14042) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-imp… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Multiple Websphere Vulnerabilities Impact IBM Control Center (CVE-2018-3169, CVE-2014-7810, CVE-2018-1767) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-websphere-vu… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Data Quality Exception Console is affected by a Reflected XSS (Cross-Site Scripting) vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-data-q… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, and Ruby on Rails affect BigFix Compliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Build Forge (CVE-2018-1890;CVE-2019-2426;CVE-2018-3139;CVE-2018-3180;CVE-2018-12547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libjpeg ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.04.2019
by Daily end-of-shift report 23 Apr '19

23 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 19-04-2019 18:00 − Dienstag 23-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Operation ShadowHammer: a high-profile supply chain attack ∗∗∗ --------------------------------------------- In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility. Now it is time to share more details about the research with our readers. --------------------------------------------- https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-a… ∗∗∗ IT Security Guidelines for Transport Layer Security (TLS) ∗∗∗ --------------------------------------------- These guidelines are intended to aid during procurement, set-up and review of configurations of the Transport Layer Security protocol (TLS). TLS is the most popular protocol to secure connections on the Internet. --------------------------------------------- https://www.ncsc.nl/english/current-topics/factsheets/it-security-guideline… ∗∗∗ Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and PowerShell Scripts ∗∗∗ --------------------------------------------- We recently discovered malicious Microsoft Software Installation (MSI) files that download and execute other files, and could bypass traditional security solutions. Malicious actors can abuse custom actions in these files to execute malicious scripts and drop malware that are either capable of initiating a system shutdown or targeting financial systems located in certain locations.The post Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/analysis-abuse-… ∗∗∗ CARBANAK Week Part One: A Rare Occurrence ∗∗∗ --------------------------------------------- It is very unusual for FLARE to analyze a prolifically-used, privately-developed backdoor only to later have the source code and operator tools fall into our laps. Yet this is the extraordinary circumstance that sets the stage for CARBANAK Week, a four-part blog series that commences with this post. CARBANAK is one of the most full-featured backdoors around. It was used to perpetrate millions of dollars in financial crimes, largely by the group we track as FIN7. In 2017, Tom Bennett and Barry --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-… ∗∗∗ So erkennen Sie Fake-Shops bevor es zu spät ist! ∗∗∗ --------------------------------------------- Auf der Schnäppchenjagd im Internet stoßen Konsument/innen häufig auf Online-Shops, die trotz Bezahlung keine Ware liefern. Kurz gesagt: Fake-Shops. Diese Webseiten werden von Kriminellen betrieben, die es ausschließlich auf das Geld ihrer Opfer abgesehen haben. Bezahlungen erfolgen per Vorkasse und die überwiesenen Beträge sind verloren. Das Erkennen von Fake-Shops ist oft schwierig, mit unseren Tipps aber nicht unmöglich! --------------------------------------------- https://www.watchlist-internet.at/news/so-erkennen-sie-fake-shops-bevor-es-… ∗∗∗ Trojanized TeamViewer used in government, embassy attacks across Europe ∗∗∗ --------------------------------------------- The remote desktop software is being weaponized to gain access to victim systems. --------------------------------------------- https://www.zdnet.com/article/trojanized-teamviewer-used-in-government-poli… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.8.0-openjdk and java-11-openjdk), Debian (clamav, debian-security-support, and drupal7), Fedora (egl-wayland, elementary-camera, elementary-code, elementary-terminal, ephemeral, geocode-glib, gnome-characters, gnome-shell-extension-gsconnect, group-service, libmodulemd, libxmlb, mate-user-admin, mesa, meson, mpris-scrobbler, reportd, switchboard-plug-display, switchboard-plug-pantheon-shell, wingpanel, and wireshark), openSUSE (blueman and glibc), Red Hat (java-1.7.0-openjdk). --------------------------------------------- https://lwn.net/Articles/786458/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.7.0-openjdk), Debian (ghostscript and wget), Gentoo (apache, glib, opendkim, and sqlite), Red Hat (kernel, kernel-alt, kernel-rt, ovmf, polkit, and python27-python), Scientific Linux (java-1.7.0-openjdk), and SUSE (php72). --------------------------------------------- https://lwn.net/Articles/786538/ ∗∗∗ BlackBerry Powered by Android Security Bulletin - April 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Malware-Verteiler werden immer jünger, infizieren sich oft selbst ∗∗∗ --------------------------------------------- https://heise.de/-4403823 ∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-v ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-s… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in GNU C Library (CVE-2017-15804) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integrated-manage… ∗∗∗ IBM Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise are affected by a Websphere Application Server Vulnerability (CVE-2014-7810) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-i… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (CVE-2019-0211 CVE-2019-0220) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential vulnerability related to Unsafe Deserialization in Apache Solr shipped with IBM Operations Analytics – Log Analysis (CVE-2019-0192) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-vulnerabili… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4146, CVE-2019-4222) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities CVE-2018-5744 CVE-2019-6465 and CVE-2018-5745. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM Content Navigator is affected by an open redirect vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-ibm… ∗∗∗ IBM Security Bulletin: Multiple Cross-Site Scripting Vulnerabilities Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-cross-site-s… ∗∗∗ IBM Security Bulletin: Public disclosed vulnerability from SQLite CVE-2018-20346 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-public-disclosed-vuln… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Weak Cryptographic Algorithm Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-1720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-cryptographic-al… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.04.2019
by Daily end-of-shift report 19 Apr '19

19 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 18-04-2019 18:00 − Freitag 19-04-2019 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Wipro Intruders Targeted Other Major IT Firms ∗∗∗ --------------------------------------------- The criminals responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, Indias third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant -- two other large technology consulting companies, new evidence suggests. --------------------------------------------- https://krebsonsecurity.com/2019/04/wipro-intruders-targeted-other-major-it… ∗∗∗ Threat Source (April 18): New attacks distribute Formbook, LokiBot ∗∗∗ --------------------------------------------- Newsletter compiled by Jonathan Munshaw.Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. --------------------------------------------- https://blog.talosintelligence.com/2019/04/threat-source-april-18-new-attac… ∗∗∗ DNS Hijacking Abuses Trust In Core Internet Service ∗∗∗ --------------------------------------------- Authors: Danny Adamitis, David Maynor, Warren Mercer, Matthew Olney and Paul Rascagneres.Update 4/18: A correction has been made to our research based on feedback from Packet Clearing House, we thank them for their assistancePrefaceThis blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and North Africa, and we do not want to overstate the [...] --------------------------------------------- https://blog.talosintelligence.com/2019/04/seaturtle.html ∗∗∗ What did Ransomware do in March? ∗∗∗ --------------------------------------------- According to the monitoring of 360 Brain of Safety, the overall attack trend of Ransomware in March is relatively stable. There is no new large-scale...The post What did Ransomware do in March? appeared first on 360 Total Security Blog. --------------------------------------------- https://blog.360totalsecurity.com/en/what-did-ransomware-do-in-march/ ∗∗∗ Daily Emotet IoCs and Notes for 04/17-18/19 ∗∗∗ --------------------------------------------- Emotet Malware Document links/IOCs for 04/17-18/19 as of 04/19/19 02:00 EDTNotes and Credits now at the bottom Follow us on twitter @cryptolaemus1 for more updates.Epoch 1 Document/Downloader links seen for [...] --------------------------------------------- https://paste.cryptolaemus.com/emotet/2019/04/18/18-emotet-malware-IoCs_04-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (atomic-reactor and osbs-client), openSUSE (libqt5-qtbase, lxc, tar, wget, and xmltooling), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (php5), and Ubuntu (znc). --------------------------------------------- https://lwn.net/Articles/786299/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2018-3180, CVE-2018-12547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Insight (CVE-2018-3180, CVE-2018-12547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.04.2019
by Daily end-of-shift report 18 Apr '19

18 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 17-04-2019 18:00 − Donnerstag 18-04-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ RevengeRAT Distributed via Bit.ly, BlogSpot, and Pastebin C2 Infrastructure ∗∗∗ --------------------------------------------- A malicious campaign targeting entities from North America, Europe, Asia, and the Middle East during March used a combination of pages hosted on Bit.ly, BlogSpot, and Pastebin to create a command-and-control (C2) infrastructure designed to avoid getting blocked by security solutions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/revengerat-distributed-via-b… ∗∗∗ Malware Sample Delivered Through UDF Image ∗∗∗ --------------------------------------------- So be careful with .img files! They should also be added to the list of prohibited file extensions in your mail relays or change the file association in your Windows environments to NOT open them Windowd Explorer. --------------------------------------------- https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Imag… ∗∗∗ keysmix.com stiehlt Steam-Accounts ∗∗∗ --------------------------------------------- Gamer/innen aufgepasst: Auf Steam kommt es momentan zu Phishing-Versuchen. Accounts aus dem eigenen Freundeskreis versenden Nachrichten, die ein gratis Spiel für Neuanmeldungen versprechen. Die Links führen zu keysmix.com. Wer sich auf der Website mit dem Steam-Login anmeldet, wird Opfer eines Datendiebstahls und verliert den eigenen Steam-Account. --------------------------------------------- https://www.watchlist-internet.at/news/keysmixcom-stiehlt-steam-accounts/ ∗∗∗ media-shopping.org – zu schön, um wahr zu sein ∗∗∗ --------------------------------------------- Im Online-Shop media-shopping.org finden Sie Elektroartikel zu unschlagbaren Preisen. Zusätzlich erhalten Sie auf Ihre Bestellung angeblich einen Rabatt von 30 Euro. Ein Angebot dieser Art ist leider zu schön, um wahr zu sein! media-shopping.org ist ein Fake-Shop, der keine Ware liefert. --------------------------------------------- https://www.watchlist-internet.at/news/media-shoppingorg-zu-schoen-um-wahr-… ===================== = Vulnerabilities = ===================== ∗∗∗ Broadcom WiFi chipset drivers contain multiple vulnerabilities ∗∗∗ --------------------------------------------- The Broadcom wl driver and the open-source brcmfmac driver for Broadcom WiFi chipsets contain multiple vulnerabilities. The Broadcom wl driver is vulnerable to two heap buffer overflows, and the open-source brcmfmac driver is vulnerable to a frame validation bypass and a heap buffer overflow. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, these vulnerabilities --------------------------------------------- https://www.kb.cert.org/vuls/id/166939/ ∗∗∗ OpenSSH 8.0 released ∗∗∗ --------------------------------------------- This release contains mitigation for a weakness in the scp(1) tool and protocol (CVE-2019-6111): when copying files from a remote system to a local directory, scp(1) did not verify that the filenames that the server sent matched those requested by the client. This could allow a hostile server to create or clobber unexpected local files with attacker-controlled content. --------------------------------------------- https://lwn.net/Articles/786236/ ∗∗∗ Sicherheitsupdates: Mehrere Lücken in Drupal geschlossen ∗∗∗ --------------------------------------------- In aktualisierten Versionen haben die Drupal-Entwickler Schwachstellen geschlossen. Der Bedrohungsgrad gilt als "mittelschwer". --------------------------------------------- https://heise.de/-4402364 ∗∗∗ Wichtige Sicherheitsupdates für Cisco Wireless LAN Controller & Co. ∗∗∗ --------------------------------------------- Cisco hat jede Menge Patches für verschiedene Netzwerkgeräte veröffentlicht. Nur eine Schwachstelle gilt als "kritisch". --------------------------------------------- https://heise.de/-4402425 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (polkit), Gentoo (dovecot, libseccomp, and patch), openSUSE (aubio, blktrace, flac, lxc, lxcfs, pspp, SDL, sqlite3, and xen), Red Hat (java-1.8.0-openjdk, java-11-openjdk, and rh-maven35-jackson-databind), Scientific Linux (java-1.8.0-openjdk), Slackware (libpng), SUSE (python, python3, sqlite3, and xerces-c), and Ubuntu (ntfs-3g). --------------------------------------------- https://lwn.net/Articles/786235/ ∗∗∗ BSRT-2019-002 Vulnerability in UEM Core Impacts BlackBerry UEM ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM Java Runtime could affect DB2 Query Management Facility (CVE-2018-12547, CVE-2019-2426, CVE-2018-1890, CVE-2018-12549, CVE-2018-11212) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM Java Runtime which affects DataQuant for z/OS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by vulnerability in OpenSSL (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-nextscale-fan-pow… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSL (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integrated-manage… ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in GNU glibc (CVE-2018-11236) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advan… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Information Exposure (CVE-2018-1729) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to publicly disclosed vulnerabilities from [All] Python (CVE-2018-1060, CVE-2018-1061) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-pa… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to a Publicly disclosed vulnerability from GNU glibc (CVE-2018-11237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-pa… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to publicly disclosed vulnerabilities from OpenSSL (CVE-2018-0739, CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-pa… ∗∗∗ BIG-IP URL classification vulnerability CVE-2019-6610 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42465020 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.04.2019
by Daily end-of-shift report 17 Apr '19

17 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 16-04-2019 18:00 − Mittwoch 17-04-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Microsoft Edge to Warn Users When in Administrator Mode ∗∗∗ --------------------------------------------- The upcoming Chromium-based Microsoft Edge browser will warn users when they launch the browser with administrative privileges and suggest that they relaunch the browser as a non-administrator. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-microsoft-edge-to-warn-u… ∗∗∗ Subdomain Takeover: Microsoft verliert Kontrolle über Windows-Kacheln ∗∗∗ --------------------------------------------- Mit einem Service von Microsoft konnten Webseiten Neuigkeiten auf Windows-Kacheln als sogenannte Windows Live Tiles darstellen. Den Service gibt es nicht mehr, die zugehörige Subdomain konnten wir übernehmen und eigene Kachelinhalte anzeigen. --------------------------------------------- https://www.golem.de/news/subdomain-takeover-microsoft-verliert-kontrolle-u… ∗∗∗ Angriffe auf Confluence - Patch-Stand checken ∗∗∗ --------------------------------------------- Das DFN-CERT warnt vor verstärkten Angriffen auf den Collaboration-Service Confluence. Die nutzen Lücken aus, für die es bereits Patches gibt --------------------------------------------- https://heise.de/-4401658 ∗∗∗ A third-party patch for Microsoft’s Internet Explorer zero-day vulnerability ∗∗∗ --------------------------------------------- Don’t want to wait for Microsoft to fix the problem in how Internet Explorer handles .MHT files? Other security researchers come to the rescue. --------------------------------------------- https://www.grahamcluley.com/third-party-patch-internet-explorer/ ∗∗∗ Betrügerische Job-Angebote führen zu Identitätsdiebstahl und Geldwäsche! ∗∗∗ --------------------------------------------- Immer wieder stoßen Konsument/innen auf verlockende Job-Angebote bei vermeintlichen Marktforschungsinstituten. Als solches stellte sich auch webspection.de dar. Für die Teilnahme an der ersten Umfrage – ein angeblicher Test des Video-Ident-Verfahrens IDnow – mussten Interessent/innen Ausweise und Dokumente an die kriminellen Betreiber/innen weiterleiten. Die Folge: Betrüger/innen verfügen über ein Konto im Namen der Betroffenen und nutzen dieses zur --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-job-angebote-fuehren-… ===================== = Vulnerabilities = ===================== ∗∗∗ Evernote Fixes Remote Code Execution Vulnerability in macOS App ∗∗∗ --------------------------------------------- A local file path traversal vulnerability which allows attackers to run arbitrary code on their targets Macs remotely was fixed by Evernote after receiving a report from security researcher Dhiraj Mishra. --------------------------------------------- https://www.bleepingcomputer.com/news/security/evernote-fixes-remote-code-e… ∗∗∗ Sicherheitslücke: EA Origin führte Schadcode per Link aus ∗∗∗ --------------------------------------------- Ein Klick auf den falschen Link konnte genügen: Die Spieleplattform EA Origin führte über präparierte Links beliebige Software oder Schadcode aus. Auch die Konten der Spieler konnten auf diese Weise übernommen werden. (Origin, Phishing) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-ea-origin-fuehrte-schadcode-per… ∗∗∗ Delta Industrial Automation CNCSoft ∗∗∗ --------------------------------------------- This advisory includes mitigations for heap-based buffer overflow, out-of-bounds read, and stack-based buffer overflow vulnerabilities reported in Delta Electronics Delta Industrial Automation CNCSoft ScreenEditor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01 ∗∗∗ Oracle Critical Patch Update Advisory - April 2019 ∗∗∗ --------------------------------------------- Java, MySQL, Solairs, VirtualBox uvam. --------------------------------------------- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html ∗∗∗ Security Advisory - Information Disclosure Vulnerability on Smartphones ∗∗∗ --------------------------------------------- There is an information disclosure vulnerability on certain Huawei smartphones. An attacker could view the photos after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190417-… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (mod_auth_mellon), Debian (ghostscript and ruby2.3), openSUSE (dovecot22, gnuplot, and openwsman), Scientific Linux (mod_auth_mellon), SUSE (krb5, openexr, python3, and wget), and Ubuntu (firefox and openjdk-lts). --------------------------------------------- https://lwn.net/Articles/786157/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2019-1559) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack within the TLS key renegotiation functions (CVE-2019-4055) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-and-ibm-mq-app… ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in OpenSSL (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advan… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.04.2019
by Daily end-of-shift report 16 Apr '19

16 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Montag 15-04-2019 18:00 − Dienstag 16-04-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Behavioural aspects of cybersecurity ∗∗∗ --------------------------------------------- Technical cybersecurity measures do not exist in a vacuum and need to operate in harmony with people. Against this backdrop, ENISA publishes a report comprising four evidence-based reviews of human aspects of cybersecurity: two based on the use and effectiveness of models from social science, one on qualitative studies, and one on current practice within organisations. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/behavioural-aspects-of-cybersec… ∗∗∗ The Outlook Winner is Dash ∗∗∗ --------------------------------------------- When trying to abuse the Office groups, I stepped on a single character group Dash “-”. At first, I reserved the group Dash for the mail -(a)example.com as it is somewhat uncommon to see a single “special” character mail address. The next morning (after the creation of this group), I had already received 5 mails. --------------------------------------------- https://blog.ettic.ca/the-outlook-winner-is-dash-ac15dbc4098d ∗∗∗ Adobe Flash security tool Flashmingo debuts in open source community ∗∗∗ --------------------------------------------- In order to maintain adequate levels of security for Flash until its demise, a balance has to be met between spending time and resources auditing the software and the need for analysis. To assist the cause, cybersecurity firm FireEye has released Flashmingo, a framework for the automatic analysis of SWF files. --------------------------------------------- https://www.zdnet.com/article/security-tool-for-flash-flashmingo-released-t… ∗∗∗ Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered ∗∗∗ --------------------------------------------- ... the malware gains persistence on infected machines by installing a digitally-signed rootkit driver. Researchers believe attackers obtained the valid digital code-signing certificate fraudulently, which was originally issued to Yun Yu Health Management Consulting (Shanghai) Co., Ltd. and has not been revoked at the time of writing. --------------------------------------------- https://thehackernews.com/2019/04/scranos-rootkit-spyware.html ===================== = Vulnerabilities = ===================== ∗∗∗ New Malicious Medical DICOM Image Files Cause HIPAA Headache ∗∗∗ --------------------------------------------- Malicious DICOM files can be crafted to contain both CT and MRI scan imaging data and potentially dangerous PE executables, a process which can be used by threat actors to hide malware inside seemingly harmless files. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-malicious-medical-dicom-… ∗∗∗ Adblock Plus Filters Can Be Exploited to Run Malicious Code ∗∗∗ --------------------------------------------- An exploit has been discovered that could allow ad blocking filter list maintainers for the Adblock Plus, AdBlock, and uBlocker browser extensions to create filters that inject remote scripts into web sites. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/adblock-plus-filters-can-be-… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cacti and libxslt), Fedora (pcsc-lite and samba), Gentoo (gnutls, phpmyadmin, and tiff), openSUSE (apache2, clamav, dovecot23, nodejs10, SDL, and webkit2gtk3), Red Hat (mod_auth_mellon and rh-python36-python), SUSE (firefox, nspr, nss and python), and Ubuntu (libxslt and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/786106/ ∗∗∗ IBM Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct for Microsoft Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: IBM Planning Analytics Local is affected by multiple vulnerabilities (CVE-2018-12116, CVE-2018-12121, CVE-2018-12122, CVE-2018-12123) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-planning-analytic… ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in GNU glibc (CVE-2017-15804 CVE-2017-15670 CVE-2015-5180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advan… ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in PHP (CVE-2018-14851 CVE-2017-9118) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advan… ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in python (CVE-2018-1061 CVE-2018-1060 CVE-2016-5636) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advan… ∗∗∗ IBM Security Bulletin: Security vulnerability in Apache FOP affects IBM® Rational® Quality Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ glibc vulnerability CVE-2019-9169 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54823184 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.04.2019
by Daily end-of-shift report 15 Apr '19

15 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 12-04-2019 18:00 − Montag 15-04-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers could read non-corporate Outlook.com, Hotmail for six months ∗∗∗ --------------------------------------------- Hackers and Microsoft seem to disagree on key details of the hack. --------------------------------------------- https://arstechnica.com/?p=1491071 ∗∗∗ Sicherheitslücken und mangelnder Datenschutz: Microsoft patzt bei Office 365 ∗∗∗ --------------------------------------------- Viele Unternehmen sind bereits auf Office 365 umgestiegen. Doch Microsoft schlampt beim Datenschutz und hält sich nicht an Sicherheitsstandards. --------------------------------------------- http://heise.de/-4398584 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPNs helper tool ∗∗∗ --------------------------------------------- Discovered by Tyler Bohan of Cisco Talos.OverviewCisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnerabilities were found in the "helper tool", a feature that Shimo VPN uses to accomplish some of its privileged work.These vulnerabilities are being released without a patch, per our disclosure policy, after [...] --------------------------------------------- https://blog.talosintelligence.com/2019/04/vulnerability-spotlight-multiple… ∗∗∗ Tic Toc Pwned ∗∗∗ --------------------------------------------- We were recently tipped off that the Australian Tic Toc Track watch was almost undoubtedly just a version of the Gator kids GPS tracking watch. That's the tracker watch which leaked real time kids position data to anyone, it also allowed anyone to silently listen to children through the watch. Creepy! It all started with [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/tic-toc-pwned/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (graphicsmagick, jasper, and libssh2), Fedora (kernel, kernel-headers, kernel-tools, nodejs-simple-markdown, and php), openSUSE (netpbm and xen), and SUSE (audiofile, firefox, java-1_7_0-openjdk, libvirt, openssh, and systemd). --------------------------------------------- https://lwn.net/Articles/786031/ ∗∗∗ Security Advisory - Digital Signature Verification Bypass Vulnerability in Some Huawei Routers ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-… ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2019-3880 in Samba affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-201… ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: IBM Algo Credit Manager Is Affected by a Denial of Service Vulnerability in WebSphere Liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-algo-credit-manag… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.04.2019
by Daily end-of-shift report 12 Apr '19

12 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 11-04-2019 18:00 − Freitag 12-04-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 0day im Internet Explorer: Dateidiebstahl auf Windows-PCs ∗∗∗ --------------------------------------------- Ein Problem im Internet-Explorer gefährdet alle Windows-Nutzer – auch wenn sie den Zombie-Browser nicht nutzen. Microsoft will das jedoch nicht patchen. --------------------------------------------- http://heise.de/-4398797 ∗∗∗ Messenger: Matrix.org-Server gehackt ∗∗∗ --------------------------------------------- Mit Matrix.org ist einer der am meisten genutzten Server des Messengers Matrix gehackt worden. Betroffene sollten umgehend ihr Passwört ändern. Auch der vermeintliche Angreifer gibt Sicherheitstipps auf Github. (Matrix, Instant Messenger) --------------------------------------------- https://www.golem.de/news/messenger-matrix-org-server-gehackt-1904-140655-r… ∗∗∗ Bad news, everyone! New [BGP] hijack attack in the wild ∗∗∗ --------------------------------------------- With this article, we want to show an example of the attack where not only the true attacker was under the question, but the whole list of affected prefixes. Moreover, it again raises concerns about the possible motives for the future attack of this type. --------------------------------------------- https://habr.com/en/company/qrator/blog/447776/ ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Multiple VMware Products CVE-2019-5516 Out of Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- VMWare Workstation, VMWare Fusion, VMWare Esxi Multiple VMware products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information or cause denial-of-service condition. --------------------------------------------- http://www.securityfocus.com/bid/107878 ∗∗∗ Vuln: Oracle April 2019 Critical Patch Update Multiple Vulnerabilities ∗∗∗ --------------------------------------------- Oracle has released advance notification regarding the April 2019 Critical Patch Update (CPU) to be released on April 16, 2019. The update addresses 296 vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/107875 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (freerdp, kernel, openssh, and python), Fedora (checkstyle), openSUSE (bluez, file, kernel, and libarchive), SUSE (apache2, curl, ghostscript, libvirt, openssh, and systemd), and Ubuntu (rssh). --------------------------------------------- https://lwn.net/Articles/785841/ ∗∗∗ WAGO Undocumented service access in Series 750-88x and 750-87x devices ∗∗∗ --------------------------------------------- CVE Identifier CVE-2019-10712 Severity 9.8 (CVSS:3.0:AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-008 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Algo Credit Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Algo Credit Manager Is Affected by a Pivotal Spring Framework Vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-algo-credit-manag… ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in cURL (CVE-2018-16840 CVE-2018-16842) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advan… ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in OpenSSH (CVE-2018-15473) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advan… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and IBM Watson Content Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in python (CVE-2018-14647) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advan… ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in PHP (CVE-2018-17082) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advan… ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in X.Org libx11 (CVE-2018-14599 CVE-2018-14598) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advan… ∗∗∗ Apache Thrift vulnerability CVE-2018-1320 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K36361684 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.04.2019
by Daily end-of-shift report 11 Apr '19

11 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 10-04-2019 18:00 − Donnerstag 11-04-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Introducing the security configuration framework: A prioritized guide to hardening Windows 10 ∗∗∗ --------------------------------------------- The security configuration framework is designed to help simplify security configuration while still allowing enough flexibility to allow you to balance security, productivity, and user experience. We are defining discrete prescriptive Windows 10 security configurations (levels 5 through 1) to meet many of the common device scenarios we see today in the enterprise. --------------------------------------------- https://www.microsoft.com/security/blog/2019/04/11/introducing-the-security… ∗∗∗ Selfie: reflections on TLS 1.3 with PSK ∗∗∗ --------------------------------------------- TLS 1.3 allows two parties to establish a shared session key from an out-of-band agreed Pre Shared Key (PSK). ... We identify a security vulnerability in this TLS 1.3 path, by showing a new reflection attack that we call ``Selfie. The Selfie attack breaks the mutual authentication. It leverages the fact that TLS does not mandate explicit authentication of the server and the client in every message. --------------------------------------------- https://eprint.iacr.org/2019/347 ∗∗∗ Amazon-Phishing-Mail im Umlauf ∗∗∗ --------------------------------------------- Kriminelle geben sich als amazon-Kundenservice aus und versuchen persönliche Daten abzugreifen. Angeblich arbeitet amazon derzeit daran, den Kundendatenschutz zu verbessern und bittet um die Überprüfung der persönlichen Kontodaten. Folgen Nutzer/innen den Anweisungen, übmittlen sie Betrüger/innen sämtliche Daten. --------------------------------------------- https://www.watchlist-internet.at/news/amazon-phishing-mail-im-umlauf/ ===================== = Vulnerabilities = ===================== ∗∗∗ VU#192371: Multiple VPN applications insecurely store session cookies ∗∗∗ --------------------------------------------- Virtual Private Networks(VPNs)are used to create a secure connection with another network over the internet. Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. CWE-311:Missing Encryption of Sensitive Data The following products and versions store the cookie insecurely in log files: - Palo Alto Networks GlobalProtect prior to 4.1.0(CVE-2019-15373)- Pulse Secure Connect Secure prior to 8.1R14,8.2,8.3R6,and 9.0R2 The following products [...] --------------------------------------------- https://kb.cert.org/vuls/id/192371 ∗∗∗ Dragonblood: Angreifer können bei WPA3 unter Umständen WLAN-Passwörter knacken ∗∗∗ --------------------------------------------- Mehrere Sicherheitslücken in der WPA3-Personal-Anmeldung von WLANs erlauben es Angreifern unter bestimmten Umständen, den Traffic von Geräten abzuhören. --------------------------------------------- http://heise.de/-4393108 ∗∗∗ Juniper Networks fixt teils kritische Schwachstellen ∗∗∗ --------------------------------------------- Zahlreiche Netzwerkgeräte von Juniper sind anfällig für Remote-Angriffe. Der Hersteller hat Sicherheitshinweise und Updates veröffentlicht. --------------------------------------------- http://heise.de/-4397797 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (apache, evolution, gnutls, and thunderbird), Debian (wpa), Gentoo (git), Mageia (dovecot, flash-player-plugin, gpac, gpsd, imagemagick, koji, libssh2, libvirt, mariadb, ming, mumble, ntp, python, python3, squirrelmail, and wget), openSUSE (apache2), Red Hat (httpd24-httpd and httpd24-mod_auth_mellon), SUSE (libqt5-qtbase, openldap2, tar, and xmltooling), and Ubuntu (ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 and wpa). --------------------------------------------- https://lwn.net/Articles/785676/ ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002 ∗∗∗ --------------------------------------------- https://webkitgtk.org/security/WSA-2019-0002.html ∗∗∗ IBM Security Bulletin: IBM API Connect’s Developer Portal(V5) is impacted by a critical local file Inclusion vulnerability (CVE-2019-4203) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-deve… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a CNI security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: IBM API Connect’s Developer Portal(V5) is vulnerable to command injection (CVE-2019-4202) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-deve… ∗∗∗ IBM Security Bulletin: Security vulnerability in FlexNet Publisher affects IBM Rational License Key Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Check Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A security vulnerabiltiy has been addressed in IBM Cognos Analytics (CVE-2019-4178) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow, IBM Business Process Manager, and IBM WebSphere Lombardi Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ BIG-IP APM URL classification vulnerability CVE-2019-6610 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42465020 ∗∗∗ HPESBHF03912 rev.2 - Certain HPE Servers with a UEFI-based BIOS, Multiple Local Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Apache Tomcat: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0306 ∗∗∗ Red Hat OpenShift: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0305 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.04.2019
by Daily end-of-shift report 10 Apr '19

10 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 09-04-2019 18:00 − Mittwoch 10-04-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability ∗∗∗ --------------------------------------------- A complex attack chain incorporating the CVE-2018-20250 exploit and multiple code execution techniques attempted to run a fileless PowerShell backdoor that could allow an adversary to take full control of compromised machines. --------------------------------------------- https://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-a… ∗∗∗ Pentesting: Nutzen, Rechtliches und Kosten ∗∗∗ --------------------------------------------- Immer mehr Schwachstellen in Produkten des täglichen Bedarfs wie intelligenten Appliances, Routern und anderen verbundenen Geräten werden publik und Benutzer beginnen die zugrunde liegenden Verfahren (oder deren Fehlen) zu hinterfragen, um ihre privaten Informationen zu schützen. Hier finden Sie eine wichtige und effiziente Methode zur Verbesserung des Sicherheitsniveaus von Netzwerken und diversen Anwendungen. --------------------------------------------- https://sec-consult.com/blog/2019/04/pentesting-nutzen-rechtliches-und-kost… ∗∗∗ A Peek Into the Toolkit of the Dangerous Triton Hackers ∗∗∗ --------------------------------------------- Security firm FireEye is naming a collection of tools it says might help identify more of the digital saboteurs intrusions. --------------------------------------------- https://www.wired.com/story/triton-hacker-toolkit-fireeye ∗∗∗ Umfrage: Unternehmen unterschätzen Gefahr durch Cyber-Sicherheitsvorfälle ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Cyber-Siche… ===================== = Vulnerabilities = ===================== ∗∗∗ Its raining patches, Hallelujah! Microsoft and Adobe put out their latest major fixes ∗∗∗ --------------------------------------------- Hefty patch Tuesday checks in at just under 100 CVEs. For Microsoft, the monthly flaw folder fixes for a total of 74 CVE-listed security bugs in Windows and Office. Of those, 33 are flaws which, if exploited, would allow the attacker to achieve remote code execution. Adobe, meanwhile, has kicked out updates for Acrobat and Reader that address 21 remote code execution flaws in the PDF app. Flash Player also got an update this month. For SAP, the month brings 11 security updates. --------------------------------------------- https://www.theregister.co.uk/2019/04/09/patch_tuesday_april/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (samba and spip), openSUSE (samba), Red Hat (flash-plugin), Scientific Linux (kernel and openssh), SUSE (clamav and xen), and Ubuntu (apache2). --------------------------------------------- https://lwn.net/Articles/785466/ ∗∗∗ Vuln: WordPress Wordfence Plugin Unspecified Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107804 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server in IBM Cloud January 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: BigFix WebUI is affected by vulnerabilities CVE-2019-4013 and CVE-2019-4012 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-webui-is-affec… ∗∗∗ IBM Security Bulletin: IBM MQ Console is vulnerable to a man in the middle attack (CVE-2018-1925) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-console-is-vul… ∗∗∗ IBM Security Bulletin: BigFix Platform 9.2.x affected by multiple vulnerabilities (CVE-2017-1231, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-2-x… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect for Workstations Central Administration Console (CVE-2014-7810, CVE-2018-8039, CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.04.2019
by Daily end-of-shift report 09 Apr '19

09 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Montag 08-04-2019 18:00 − Dienstag 09-04-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ ShadowHammer-Angriffe zielten auch auf die Gaming-Industrie ∗∗∗ --------------------------------------------- Die Shadowhammer-Attacken 2018 trafen neben ASUS mindestens drei asiatische Spielehersteller. Und damit auch die Rechner von mindestens 96.000 Gamern. --------------------------------------------- http://heise.de/-4367681 ∗∗∗ Duqu Remained Active After Operations Were Exposed in 2011 ∗∗∗ --------------------------------------------- The discovery of Duqu 1.5 shows that the threat actor behind the malware did not go dark — as previously believed — after their operations were exposed by security researchers in 2011. read more --------------------------------------------- https://www.securityweek.com/duqu-remained-active-after-operations-were-exp… ∗∗∗ Probleme bei Buchungen über galahotels.com ∗∗∗ --------------------------------------------- Vorsicht bei Hotelbuchungen über galahotels.com. Uns liegen zahlreiche Berichte zu ausbleibenden Rückzahlungen nach Stornierung und anderen Problemen vor. In den schlimmsten Fällen stehen Betroffene ohne Unterkunft am Zielort da. Da das Unternehmen den Sitz in der Türkei hat, ist eine Rechtsdurchsetzung oft schwierig und der einzige Weg zum eigenen Geld führt häufig über den Kreditkartenanbieter. --------------------------------------------- https://www.watchlist-internet.at/news/probleme-bei-buchungen-ueber-galahot… ∗∗∗ Betrügerische Billa- und Amazon-Umfragen locken in Abo-Falle! ∗∗∗ --------------------------------------------- Vorsicht vor gefälschten E-Mails im Namen von Amazon und Billa, die für die Teilnahme an einer Umfrage Belohnungen versprechen. Konsument/innen, die den Buttons in den Mails folgen, landen auf gefälschten Websites der Unternehmen. Wer die eigenen Daten bekanntgibt, rutscht in eine Abo-Falle und erhält die versprochenen iPhone XS, Samsung Galaxy S10+ oder Gutscheine nie! --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-billa-und-amazon-umfr… ∗∗∗ Aktuelle Malspam Kampagne ∗∗∗ --------------------------------------------- CERT.at möchte auf eine aktuelle Malspam-Kampagne hinweisen zu der wir aus ganz Österreich Anfragen erhalten haben. Beschreibung Der Betreff der E-Mails enhält einen Hinweis darauf, dass es sich um eine Rechnung oder einen Scan handelt. Der From-Header ist gefälscht und enthält als angezeigten Namen den lokalen Part der Domäne an die die E-Mail geht. Der Linktext scheint auf ein internes .doc-Dokument zu verweisen, de facto [...] --------------------------------------------- http://www.cert.at/services/blog/20190409151309-2416.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB19-17), Adobe Flash Player (APSB19-19), Adobe Shockwave player (APSB19-20), Adobe Dreamweaver (APSB19-21), Adobe XD (APSB19-22), Adobe InDesign (APSB19-23) ,Adobe Experience Manager Forms (APSB19-24) and Adobe Bridge CC (APSB19-25). --------------------------------------------- https://blogs.adobe.com/psirt/?p=1735 ∗∗∗ DLL injection in Go < 1.12.2 [CVE-2019-9634] ∗∗∗ --------------------------------------------- Golang before 1.12.2 linked against various DLLs that were same-directory injectable and generally its library loading mechanism did not use LoadLibraryEx, allowing the classic DLL injection attacks, especially with regards to executables saved to the Downloads/ folder --------------------------------------------- https://www.openwall.com/lists/oss-security/2019/04/09/1 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (poppler, proftpd-dfsg, suricata, and systemd), Fedora (kernel, kernel-headers, kernel-tools, and wget), Gentoo (clamav, emerge-delta-webrsync, and mailman), openSUSE (bash), Red Hat (kernel and openssh), Scientific Linux (python), SUSE (gnuplot, libtcnative-1-0, and sqlite3), and Ubuntu (clamav, lua5.3, openjdk-7, samba, systemd, and wget). --------------------------------------------- https://lwn.net/Articles/785367/ ∗∗∗ Synology-SA-19:15 Samba ∗∗∗ --------------------------------------------- CVE-2019-3880 allows remote authenticated users to create arbitrary files or obtain sensitive information via a susceptible version of DiskStation Manager (DSM) and Synology Router Manager (SRM).None of Synology products are affected by CVE-2019-3870 as the vulnerability only affect Samba 4.9.0 and later. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_15 ∗∗∗ [20190403] - Core - Object.prototype pollution in JQuery $.extend ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/779-20190403-core-object-proto… ∗∗∗ [20190402] - Core - Helpsites refresh endpoint callable for unauthenticated users ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/778-20190402-core-helpsites-re… ∗∗∗ [20190401] - Core - Directory Traversal in com_media ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/777-20190401-core-directory-tr… ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-5-x… ∗∗∗ SSA-141614 (Last Update: 2019-04-09): Denial-of-Service in SIMOCODE pro V EIP ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-141614.txt ∗∗∗ SSA-307392 (Last Update: 2019-04-09): Denial-of-Service in OPC UA in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt ∗∗∗ SSA-324467 (Last Update: 2019-04-09): OS Command Injection in Spectrum Power 4.7 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-324467.txt ∗∗∗ SSA-436177 (Last Update: 2019-04-09): Multiple Vulnerabilities in SINEMA Remote Connect ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-436177.txt ∗∗∗ SSA-451142 (Last Update: 2019-04-09): Multiple Vulnerabilities in RUGGEDCOM ROX II ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-451142.txt ∗∗∗ SSA-480230 (Last Update: 2019-04-09): Denial-of-Service in Webserver of Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-480230.txt ∗∗∗ GnuTLS vulnerability CVE-2015-0294 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54022413 ∗∗∗ GnuTLS vulnerability CVE-2014-8155 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K53330207 ∗∗∗ SAP Basic Components (BC): Mehrere Schwachstellen ermöglichen Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0279 ∗∗∗ Symantec Endpoint Encryption: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0281 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.04.2019
by Daily end-of-shift report 08 Apr '19

08 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 05-04-2019 18:00 − Montag 08-04-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ ThinkPHP 5.x - Remote Code Execution Actively Exploited In The Wild ∗∗∗ --------------------------------------------- Earlier this year, we noticed an increase in attacks aiming at ThinkPHP. ThinkPHP is a PHP framework that is very popular in Asia. If you keep track of your site’s activity, the following log may look familiar: ]]> --------------------------------------------- http://labs.sucuri.net/?note=2019-04-08 ===================== = Vulnerabilities = ===================== ∗∗∗ SQL Injection in Duplicate-Page WordPress Plugin ∗∗∗ --------------------------------------------- While investigating the Duplicate Page plugin we have discovered a dangerous SQL Injection vulnerability. It was not being abused externally and impacts over 800,000 sites. It’s urgency is defined by the associated DREAD score that looks at damage, reproducibility, exploitability, affected users, and discoverability. A key contributor to the criticality of this vulnerability is that it’s exploitable by any users with an account on the vulnerable site (regardless of the privileges --------------------------------------------- https://blog.sucuri.net/2019/04/sql-injection-in-duplicate-page-wordpress-p… ∗∗∗ Jetzt patchen: Sicherheitssoftware von Trend Micro birgt kritische Schwachstelle ∗∗∗ --------------------------------------------- Updates für Apex One, OfficeScan und Worry-Free Business Security schützen unter anderem vor Remote-Angriffen. Nutzer sollten die Software zügig aktualisieren. --------------------------------------------- http://heise.de/-4365964 ∗∗∗ Via Dovecot zu Root-Rechten ∗∗∗ --------------------------------------------- Die Entwickler des Linux-Mailservers Dovecot haben einen Fehler gefunden und beseitigt, über den sich ein Angreifer Root-Rechte verschaffen könnte. --------------------------------------------- http://heise.de/-4366806 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (roundup, samba, tryton-server, and wget), Fedora (evolution-data-server, evolution-ews, glpi, ntp, poppler, pspp, and wget), Mageia (advancecomp, cfitsio, firefox, ghostscript, gnutls, libjpeg, libpng, ocaml, python-yaml, ruby-ox, SDL12, and thunderbird), openSUSE (adcli, sssd, go1.11, liblouis, nodejs6, openssl, ovmf, sqlite3, sysstat, thunderbird, tiff, and znc), Red Hat (chromium-browser and python), Slackware (httpd, openjpeg, and wget), SUSE --------------------------------------------- https://lwn.net/Articles/785238/ ∗∗∗ Samba: Mehrere Schwachstellen ermöglichen Manipulation von Dateien ∗∗∗ --------------------------------------------- CB-K19/0277: Samba: Mehrere Schwachstellen ermöglichen Manipulation von Dateien --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0277 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Metadata Asset Manager is affected by an SQL Injection vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-metada… ∗∗∗ IBM Security Bulletin: IBM Sterling Connect:Direct for UNIX Allows a User with Sudo Access Restricted to Certain Connect:Direct Executable Files to Expand Access Beyond the Restriction (CVE-2018-1903) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sterling-connectd… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: A reflected cross-site scripting (XSS) vulnerability affects IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-reflected-cross-sit… ∗∗∗ HPESBHF03916 rev.1 - HPE Virtual Connect SE 16Gb Fibre Channel Module for Synergy, Local or Remote Unauthorized Elevation of Privilege ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.04.2019
by Daily end-of-shift report 05 Apr '19

05 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 04-04-2019 18:00 − Freitag 05-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ This Preinstalled Mobile Security App Delivered Vulnerabilities, Not Protection ∗∗∗ --------------------------------------------- No. 4 global phone maker, Xiaomi, preinstalled a security app called ‘Guard Provider’ that had a major flaw. --------------------------------------------- https://threatpost.com/this-preinstalled-mobile-security-app-delivered-vuln… ∗∗∗ Spammed PNG file hides LokiBot ∗∗∗ --------------------------------------------- Recently we came across a spam message from our traps that looked truly odd when viewed from our Secure Email Gateway console. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spammed-png… ∗∗∗ The evolution of phishing kits ∗∗∗ --------------------------------------------- Gone are the days when a phishing page was a single page designed to capture user credentials. Phishing kits have become sophisticated and advanced to evade detection and look more legitimate to the user. In this blog, .. --------------------------------------------- https://www.zscaler.com/blogs/research/evolution-phishing-kits ∗∗∗ Hiding in Plain Sight ∗∗∗ --------------------------------------------- Cisco Talos is continually working to ensure that our threat intelligence not only accounts for the latest threats but also new versions of old threats, such as spam. This often means pursuing cybercriminals wherever they congregate. However, instead of wheeling-and-dealing using hidden servers on .. --------------------------------------------- https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html ∗∗∗ Ongoing DNS hijacking campaign targeting consumer routers ∗∗∗ --------------------------------------------- Over the last three months, our honeypots have detected DNS hijacking attacks targeting various types of consumer routers. All exploit attempts have originated from hosts on the network of Google Cloud Platform (AS15169). In this campaign, we’ve identified four distinct rogue DNS servers being used to redirect .. --------------------------------------------- https://badpackets.net/ongoing-dns-hijacking-campaign-targeting-consumer-ro… ===================== = Vulnerabilities = ===================== ∗∗∗ Omron CX-Programmer ∗∗∗ --------------------------------------------- This advisory includes mitigations for a use after free vulnerability reported in Omrons CX-Programmer PLC software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01 ∗∗∗ Rockwell Automation Stratix 5400/5410 and ArmorStratix 5700 ∗∗∗ --------------------------------------------- This advisory includes mitigations for an uncontrolled resource consumption vulnerability reported in Rockwell Automations Stratix and ArmorStratix Ethernet switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02 ∗∗∗ Rockwell Automation Stratix 5400/5410/5700/8000/8300 and ArmorStratix 5700 ∗∗∗ --------------------------------------------- This advisory includes mitigations for resource management errors and improper input validation vulnerabilities reported in Rockwell Automations Stratix 5400/5410/5700/8000/8300 and ArmorStratix 5700 switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03 ∗∗∗ Rockwell Automation Stratix 5950 ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability reported in Rockwell Automations Stratix 5950 security appliance products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-094-04 ∗∗∗ ZDI-19-341: (0Day) Hewlett Packard Enterprise Intelligent Management Center navigationTo Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-341/ ∗∗∗ ZDI-19-339: (0Day) Hewlett Packard Enterprise Intelligent Management Center faultStatChooseFaultType Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-339/ ∗∗∗ ZDI-19-335: (0Day) Hewlett Packard Enterprise Intelligent Management Center perfSelectTask Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-335/ ∗∗∗ ZDI-19-334: (0Day) Hewlett Packard Enterprise Intelligent Management Center viewBatchTaskResultDetailFact Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-334/ ∗∗∗ HPESBHF03914 rev.1 - Certain HPE Servers with Intel Server Platform Services (SPS) Firmware, Multiple Local Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.04.2019
by Daily end-of-shift report 04 Apr '19

04 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 03-04-2019 18:00 − Donnerstag 04-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Betrügerische Phishing-Mails sollen Willhaben-Login stehlen ∗∗∗ --------------------------------------------- Kriminelle geben sich als die Kleinanzeigenplattform Willhaben aus und versenden wahllos Phishing-Nachrichten. Willhaben-Nutzer/innen, die die Nachricht in ihrem Posteingang finden, werden über die erfolgreiche Veröffentlichung einer Anzeige für ein Apple Iphone Xs Max informiert. Betroffene dürfen den gefälschten Links in der Nachricht nicht folgen und keine Login-Daten eingeben, ansonsten verlieren sie ihr Willhaben-Konto an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-phishing-mails-sollen… ===================== = Vulnerabilities = ===================== ∗∗∗ FortiGuard/FortiOS: Unprivileged, authenticated user can change the routing settings ∗∗∗ --------------------------------------------- An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component. --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-230 ∗∗∗ HPESBHF03912 rev.1 - Certain HPE Servers with a UEFI-based BIOS, Multiple Local Vulnerabilities ∗∗∗ --------------------------------------------- Security vulnerabilities in UEFI Open Source (EDK2)-based BIOS firmware may allow escalation of privilege, information disclosure or denial of service. Vendors are releasing firmware updates to mitigate these vulnerabilities. --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apache2, golang, and putty), Gentoo (xen), and SUSE (clamav, SM3.1, and SMS3.1). --------------------------------------------- https://lwn.net/Articles/784917/ ∗∗∗ Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV320 and RV325 Routers Weak Credential Encryption Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV320 and RV325 Routers Online Help Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is by Cross Site Scripting(XSS) in Drupal core (CVE-2019-6341) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by multiple PHP vulnerabilities (CVE-2019-9641 CVE-2019-9637 CVE-2019-9639 CVE-2019-9638) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by a cross site scripting vulnerability in Drupal ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by vulnerability in the Kubernetes API server (CVE-2019-1002100) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: Spoofing vulnerability in IBM Business Automation Workflow (CVE-2019-4045) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-vulnerabilit… ∗∗∗ IBM Security Bulletin: Cross-site request forgery vulnerability in IBM Business Automation Workflow (CVE-2018-2000) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-request-fo… ∗∗∗ IBM Security Bulletin: Information leakage in IBM Business Automation Workflow (CVE-2018-1999) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-leakage-i… ∗∗∗ IBM Security Bulletin: Denial of service vulnerability in IBM Business Automation Workflow (CVE-2018-1997) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-denial-of-service-vul… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by sensitive information disclosure (CVE-2019-4051) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: External Service invocation in IBM Business Space affects IBM Business Automation Workflow and IBM Business Process Manager family products (CVE-2018-1885) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-external-service-invo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.04.2019
by Daily end-of-shift report 03 Apr '19

03 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 02-04-2019 18:00 − Mittwoch 03-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Malware Campaigns Sharing Network Resources: r00ts.ninja ∗∗∗ --------------------------------------------- We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered when reviewing sources of the various malicious domains used in a recent WordPress plugin exploit wave. --------------------------------------------- https://blog.sucuri.net/2019/04/malware-campaigns-sharing-network-resources… ∗∗∗ Hijacked Email Reply Chains ∗∗∗ --------------------------------------------- Although phishing has been around in various forms since the 1980s, our research shows it continues to evolve—and remains a major threat. These days, phishing tactics have gotten so sophisticated, it can be difficult to spot a scam—particularly in the case of hijacked email reply chains. Let's look at a concrete example. --------------------------------------------- https://www.webroot.com/blog/2019/04/03/hijacked-email-reply-chains/ ∗∗∗ Xwo - A Python-based bot scanner ∗∗∗ --------------------------------------------- Recently, AT&T Alien Labs identified a new malware family that is actively scanning for exposed web services and default passwords. Based on our findings we are calling it "Xwo" - taken from its primary module name. It is likely related to the previously reported malware families Xbash and MongoLock. --------------------------------------------- https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scann… ∗∗∗ Vorsicht vor kostenpflichtigen Ping-Anrufen mit der Vorwahl +676! ∗∗∗ --------------------------------------------- Konsument/innen erhalten momentan gehäuft Ping-Anrufe von Nummern mit der Vorwahl +676 oder 00676. Wer verpasste Anrufe derartiger Nummern auf dem Mobiltelefon findet, darf nicht zurückrufen! Es handelt sich um die Ländervorwahl des Inselstaats Tonga und ein Rückruf kann hohe Kosten verursachen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-kostenpflichtigen-ping-… ∗∗∗ T-POT integration to SISSDEN ∗∗∗ --------------------------------------------- The primary data collection mechanism at the heart of the SISSDEN project is a sensor network of honeypots. The sensor network is composed of VPS provider hosted nodes and nodes donated to the project by third-parties acting as endpoints. These VPS nodes/endpoints are not the actual honeypots [...] --------------------------------------------- https://sissden.eu/blog/tpot-integration ∗∗∗ Bashlite IoT malware upgrade lets it target WeMo home automation devices ∗∗∗ --------------------------------------------- New Bashlite version not widely detected, but was spotted infecting devices in the wild. --------------------------------------------- https://www.zdnet.com/article/bashlite-iot-malware-upgrade-lets-it-target-w… ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess/SCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for command injection, stack-based buffer overflow, and improper access control vulnerabilities reported in Advantechs WebAccess SCADA software platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apache2), Fedora (edk2 and tomcat), openSUSE (ansible, ghostscript, lftp, libgxps, libjpeg-turbo, libqt5-qtimageformats, libqt5-qtsvg, libssh2_org, openssl-1_0_0, openwsman, pdns, perl-Email-Address, putty, python-azure-agent, python-cryptography, python-pyOpenSSL, python-Flask, thunderbird, tor, unzip, and wireshark), Scientific Linux (freerdp), Slackware (wget), SUSE (bluez, file, firefox, libsndfile, netpbm, thunderbird, and xen), and Ubuntu [...] --------------------------------------------- https://lwn.net/Articles/784806/ ∗∗∗ FortiSandbox reflected XSS in the file scan component ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-024 ∗∗∗ IBM Security Bulletin: Vulnerabilities affect NVIDIA GPU Display Drivers for Linux and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-affec… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – CVE-2019-4143 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2018-3139, CVE-2018-3180, CVE-2018-12457, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Backup-Archive Client on Windows and Macintosh (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901) affects IBM Security AppScan Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-privilege-e… ∗∗∗ IBM Security Bulletin: Password disclosure via trace file affects IBM Spectrum Protect for Space Management (CVE-2018-1882) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-disclosure-v… ∗∗∗ IBM Security Bulletin: Password disclosure via trace file affects IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-1882) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-disclosure-v… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server OpenID Connect affects IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.04.2019
by Daily end-of-shift report 02 Apr '19

02 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Montag 01-04-2019 18:00 − Dienstag 02-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ MXSS: Cross-Site-Scripting in der Google-Suche ∗∗∗ --------------------------------------------- Aufgrund subtiler Unterschiede beim Parsen von HTML-Code gelang es einem Sicherheitsforscher, gängige Filtermechanismen zu umgehen. Betroffen waren zwei Javascript-Bibliotheken und die Google-Suche. --------------------------------------------- https://www.golem.de/news/mxss-cross-site-scripting-in-der-google-suche-190… ∗∗∗ Splitting atoms in XNU ∗∗∗ --------------------------------------------- TL;DR A locking bug in the XNU virtual memory subsystem allowed violation of the preconditions required for the correctness of an optimized virtual memory operation. This was abused to create shared memory where it wasnt expected, allowing the creation of a time-of-check-time-of-use bug where one wouldnt usually exist. This was exploited to cause a heap overflow in XPC, which was used to trigger the execution of a jump-oriented payload which chained [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2019/04/splitting-atoms-in-xnu.html ∗∗∗ Information on open source vulnerabilities is as distributed as the community ∗∗∗ --------------------------------------------- [...] a sizable number of the open source vulnerabilities that we see out there are actually being posted and discussed on a wide range of different security advisories and issue trackers. This means that even for relatively popular projects, these red flags may fly beneath the radar. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/information-on-open-so… ∗∗∗ Studie: Angreifer lieben PowerShell ∗∗∗ --------------------------------------------- Microsofts Skript-Sprache ist die am meisten genutzte Angriffstechnik, warnt die Sicherheitsfirma Red Canary. Bei vielen Firmen besteht da noch Nachholbedarf. --------------------------------------------- http://heise.de/-4357396 ∗∗∗ Malware Actors Using New File Hosting Service to Launch Attacks ∗∗∗ --------------------------------------------- Bad actors are leveraging a new file hosting service in order to launch attack campaigns involving FormBook and other malware. Near the end of March, researchers at Deep Instinct observed a new FormBook attack. The infection chain for this campaign began with a phishing email that contains a malicious attachment. --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/cyber-s… ∗∗∗ Gefälschte card complete Nachricht zu Kreditkartensperre ∗∗∗ --------------------------------------------- Kriminelle versenden eine erfundene Nachricht im card complete Design. Darin informieren Sie die Empfänger/innen über eine angebliche Sperre des Kreditkartenkontos, die durch Aktualisierung der Daten über einen Link in der E-Mail aufgehoben werden kann. Die Anweisungen dürfen nicht befolgt werden! Andernfalls wird Schadsoftware auf dem Smartphone installiert und die Kreditkartendaten landen bei Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-card-complete-nachricht-… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Nutzer des Apache-Webservers können Root-Rechte erlangen ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im Apache-Webserver erlaubt es Nutzern, mit Hilfe von CGI- oder PHP-Skripten Root-Rechte zu erlangen. Ein Update steht bereit. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-nutzer-des-apache-webservers-ko… ∗∗∗ Security Patch: Google beseitigt im April Qualcomm-Sicherheitslücken ∗∗∗ --------------------------------------------- In einer Vorankündigung verweist Google auf ein neues Security Patch Level. Das April-Update schließt viele Lücken und sollte für einige, aber nicht alle aktuellen Android-Geräte erscheinen. Es gibt auch viele Sicherheitslücken, die Qualcomm-basierte Smartphones betreffen. --------------------------------------------- https://www.golem.de/news/security-patch-google-beseitigt-im-april-qualcomm… ∗∗∗ Zero-Day-Lücken in Edge und Internet Explorer – Patches stehen noch aus ∗∗∗ --------------------------------------------- Ein Forscher hat Angriffspunkte für Universal-Cross-Site-Scripting-Attacken in Microsofts Browsern gefunden. Der Konzern scheint desinteressiert. --------------------------------------------- http://heise.de/-4357840 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, libssh2, and thunderbird), Debian (firmware-nonfree, kernel, and libssh2), Fedora (drupal7, flatpak, and mod_auth_mellon), Gentoo (burp, cairo, glusterfs, libical, poppler, subversion, thunderbird, and unbound), openSUSE (yast2-rmt), Red Hat (freerdp), and SUSE (bash, ed, libarchive, ntp, and sqlite3). --------------------------------------------- https://lwn.net/Articles/784665/ ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow which could allow a local malicious user to execute arbitrary code (CVE-2019-4014). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-is-vulnerable… ∗∗∗ IBM Security Bulletin: API Connect is impacted by multiple nodeJS vulnerabilities (CVE-2018-12122 CVE-2018-12121 CVE-2018-12123 CVE-2018-12116) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-impact… ∗∗∗ IBM Security Bulletin: IBM API Connect is impacted by multiple open source software vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-im… ∗∗∗ IBM Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow which could allow a local malicious user to execute arbitrary code (CVE-2018-1936). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-is-vulnerable… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-master… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for cross-site scripting attack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ra… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.04.2019
by Daily end-of-shift report 01 Apr '19

01 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 29-03-2019 18:00 − Montag 01-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Mira Ransomware Decryptor ∗∗∗ --------------------------------------------- We investigated some recent Ransomware called Mira (Trojan:W32/Ransomware.AN) in order to check if it's feasible to decrypt the encrypted files. Most often, decryption can be very challenging because of missing keys that are needed for decryption. However, in the case of Mira ransomware, it appends all information required to decrypt an encrypted file into the [...] --------------------------------------------- https://labsblog.f-secure.com/2019/04/01/mira-ransomware-decryptor/ ∗∗∗ Zero-Day-Lücke in Smart-Home-Router SR20 von TP-Link ∗∗∗ --------------------------------------------- Unter gewissen Umständen könnte ein Angreifer Schadcode mit Root-Rechten auf dem TP-Link-Router SR20 ausführen. --------------------------------------------- http://heise.de/-4356942 ∗∗∗ Sicherheitsupdates: Nagios XI für vielfältige Angriffe anfällig ∗∗∗ --------------------------------------------- Die Serverüberwachungssoftware Nagios IX ist über mehrere Sicherheitslücken attackierbar. Abgesicherte Ausgaben sind verfügbar. --------------------------------------------- http://heise.de/-4357207 ∗∗∗ Peculiar PHP Present In Popular Pipdig Power Pack (P3) Plugin ∗∗∗ --------------------------------------------- This week, our team was notified of suspicious code present in a plugin offered alongside themes sold by Pipdig, a UK-based web development team. The user, who wishes to remain anonymous, reached out to us with concerns that the plugin's developer can grant themselves administrative access to sites using the plugin, or even delete affected [...] --------------------------------------------- https://www.wordfence.com/blog/2019/03/peculiar-php-present-in-popular-pipd… ∗∗∗ Hilfreiche Infos zu Finanzbetrug der Finanzmarktaufsicht ∗∗∗ --------------------------------------------- Bei Investments, die hohe Gewinne versprechen, ist Vorsicht geboten. Insbesondere im Bereich Bitcoins und Kryptowährungen kursieren zahlreiche betrügerische Angebote im Netz, bei denen Inverstor/innen ihr eingesetztes Geld verlieren. Die Finanzmarktaufsicht Österreich stellt mit ihrem Finanz ABC nun Hilfreiches rund um Finanzen, Geldanlagen sowie dem Erkennen von Finanzbetrug zur Verfügung. --------------------------------------------- https://www.watchlist-internet.at/news/hilfreiche-infos-zu-finanzbetrug-der… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2019-9193: Authenticated Arbitrary Command Execution on PostgreSQL 9.3 > Latest ∗∗∗ --------------------------------------------- PostgreSQL, commonly known as Postgres is one of the largest and most popular database systems in the world. It is the primary database of Mac OSX but also has Linux and Windows versions available. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2019-91… ∗∗∗ Pydio 8 Multiple Vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities were found in Pydio 8 (latest version 8.2.2), which allows an attacker with regular user access to the application and by tricking an administrator account to open a shared URL bookmark through the application, to obtain the victims session identifiers in order to impersonate him/her and to perform actions such as create a new user administrator account. --------------------------------------------- https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, drupal7, gpsd, libav, libdatetime-timezone-perl, php5, rails, thunderbird, twig, tzdata, and wordpress), Fedora (edk2, flatpak, fuse, ghostscript, gnutls, golang-googlecode-go-crypto, grub2, mxml, poppler, and systemd), Mageia (file, kernel, live, mplayer, vlc, openjpeg2, pdns, and poppler), openSUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, runc, kernel, ovmf, and ucode-intel), SUSE (adcli, sssd, GraphicsMagick, [...] --------------------------------------------- https://lwn.net/Articles/784563/ ∗∗∗ Vuln: Redhat Atomic OpenShift CVE-2019-3884 Spoofing Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107649 ∗∗∗ Apple Mac OS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0243%20UPDATE%201 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2019-1559 in OpenSSL affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-201… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Go vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Watson Compare and Comply on IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is affected by an Information Disclosure vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is affected by an Improper Authentication vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2014-7810, CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: XML External Entity Injection Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4043) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-xml-external-entity-i… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.03.2019
by Daily end-of-shift report 29 Mar '19

29 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-03-2019 18:00 − Freitag 29-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Schwere Sicherheitslücke in SSL/TLS-Bibliothek axTLS ∗∗∗ --------------------------------------------- Webserver, die die Transportverschlüsselung über axTLS realisieren, sind für Angriffe empfänglich. --------------------------------------------- http://heise.de/-4355704 ∗∗∗ World Backup Day: Is your data in safe hands? ∗∗∗ --------------------------------------------- World Backup Day is a reminder that organizations and individuals need to make data backup and protection a priority --------------------------------------------- https://www.welivesecurity.com/2019/03/29/world-backup-day-data-safe-hands/ ∗∗∗ TLS CBC Padding Oracles in 2019 ∗∗∗ --------------------------------------------- Since August, I've spent countless hours studying CBC padding oracle attacks toward the development of a new scan tool called padcheck. Using this tool, I was able to identify thousands of popular domains which could be targeted by an active network adversary (i.e. MiTM) to hijack authenticated HTTPS sessions. The underlying vulnerabilities break down into [...] --------------------------------------------- https://www.tripwire.com/state-of-security/vert/tls-cbc-padding-oracles/ ∗∗∗ Researchers discover and abuse new undocumented feature in Intel chipsets ∗∗∗ --------------------------------------------- Researchers find new Intel VISA (Visualization of Internal Signals Architecture) debugging technology. --------------------------------------------- https://www.zdnet.com/article/researchers-discover-and-abuse-new-undocument… ∗∗∗ Researchers publish list of MAC addresses targeted in ASUS hack ∗∗∗ --------------------------------------------- Most of the targeted MAC addresses are used by ASUStek, Intel, and AzureWave devices. --------------------------------------------- https://www.zdnet.com/article/researchers-publish-list-of-mac-addresses-tar… ===================== = Vulnerabilities = ===================== ∗∗∗ Rockwell Automation PowerFlex 525 AC Drives ∗∗∗ --------------------------------------------- This advisory includes mitigations for a resource exhaustion vulnerability reported in Rockwell Automations PowerFlex 525 AC drive. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-087-01 ∗∗∗ Magento 2.3.1, 2.2.8 and 2.1.17 Security Update ∗∗∗ --------------------------------------------- Magento Commerce and Open Source 2.3.1, 2.2.8 and 2.1.17 contain multiple security enhancements that help close Remote Code Execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities. --------------------------------------------- https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-securit… ∗∗∗ VMSA-2019-0004 ∗∗∗ --------------------------------------------- VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0004.html ∗∗∗ VMSA-2019-0005 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation and Fusion updates address multiple security issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0005.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dovecot and imagemagick), Debian (dovecot, libraw, pdns, and ruby2.1), Fedora (mingw-podofo, openwsman, podofo, qemu, and svgsalamander), openSUSE (chromium, ffmpeg-4, firefox, libssh2_org, nodejs4, and qemu), Red Hat (libssh2), Scientific Linux (libssh2 and thunderbird), SUSE (kernel, liblouis, ntp, openssl-1_1, and tiff), and Ubuntu (firefox, freeimage, libapache2-mod-auth-mellon, and thunderbird). --------------------------------------------- https://lwn.net/Articles/784370/ ∗∗∗ Vuln: Apache HBase CVE-2019-0212 Authorization Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107624 ∗∗∗ Vuln: Apache ActiveMQ CVE-2019-0222 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107622 ∗∗∗ GnuTLS: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0253 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by vulnerabilities in the shipped Node runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2019-0190; CVE-2018-17189; CVE-2018-17199) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-build-forge-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Alpine vulnerability CVE-2018-1000849 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by gettext vulnerability CVE-2018-18751 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.03.2019
by Daily end-of-shift report 28 Mar '19

28 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-03-2019 18:00 − Donnerstag 28-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Analysis of LockerGoga Ransomware ∗∗∗ --------------------------------------------- We recently observed a new ransomware variant (which our products detect as Trojan.TR/LockerGoga.qnfzd) circulating in the wild. In this post, we’ll provide some technical details of the new variant’s functionalities, as well as some Indicators of Compromise (IOCs). Overview Compared to other ransomware variants that use Window’s CRT library functions, this new variant relies heavily […] --------------------------------------------- https://labsblog.f-secure.com/2019/03/27/analysis-of-lockergoga-ransomware/ ∗∗∗ [SANS ISC] Running your Own Passive DNS Service ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: “Running your Own Passive DNS Service“: Passive DNS is not new but remains a very interesting component to have in your hunting arsenal. As defined by CIRCL, a passive DNS is “a database storing historical DNS records from various resources. --------------------------------------------- https://blog.rootshell.be/2019/03/28/sans-isc-running-your-own-passive-dns-… ∗∗∗ Unseriöse Installateur- und Elektrodienste erkennen ∗∗∗ --------------------------------------------- Bei Problemen mit verstopften Abflüssen, kaputten Heizungen oder anfälligen Wartungen wenden Sie sich besser nicht an sanitaerhilfe.at oder installateur-top1.at. Es handelt sich um unseriöse Unternehmen, die sich weder an ihre Versprechungen halten noch Schäden beheben. Obendrein wird ein überteuerter Betrag kassiert. --------------------------------------------- https://www.watchlist-internet.at/news/unserioese-installateur-und-elektrod… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Botches Fix for RV320, RV325 Routers, Just Blocks curl User Agent ∗∗∗ --------------------------------------------- Ciscos RV320 and RV325 router models for small offices and small businesses remain vulnerable to two high-severity flaws two months after the vendor announced the availability of patches. The fixes failed their purpose and attackers can still chain the bugs to take control of the devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisco-botches-fix-for-rv320-… ∗∗∗ Multiple "0day" Verwundbarkeiten in HPE Intelligent Management Center ∗∗∗ --------------------------------------------- Die Zero Day Iniative (ZDI) hat heute über mehrere ungepatchte Verwundbarkeiten in HPE Intelligent Management Center berichtet. Es wird empfohlen, Kommunikation mit HPE Intelligent Management Center entsprechend nur von vertrauenswürdigen Geräten aus zu ermöglichen. --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-19-294/ https://www.zerodayinitiative.com/advisories/ZDI-19-295/ https://www.zerodayinitiative.com/advisories/ZDI-19-296/ https://www.zerodayinitiative.com/advisories/ZDI-19-297/ https://www.zerodayinitiative.com/advisories/ZDI-19-298/ https://www.zerodayinitiative.com/advisories/ZDI-19-299/ https://www.zerodayinitiative.com/advisories/ZDI-19-300/ https://www.zerodayinitiative.com/advisories/ZDI-19-301/ https://www.zerodayinitiative.com/advisories/ZDI-19-302/ https://www.zerodayinitiative.com/advisories/ZDI-19-303/ ∗∗∗ Apple watchOS 5.2 ∗∗∗ --------------------------------------------- This document describes the security content of watchOS 5.2. --------------------------------------------- https://support.apple.com/kb/HT209602 ∗∗∗ Sicherheitsupdates: Kritische Lücken in Onlineshop-Software Magento ∗∗∗ --------------------------------------------- Viele Magento-Versionen weisen Schlupflöcher für Schadcode auf und gefährden so Onlineshops. Abgesicherte Ausgaben schließen die Schwachstellen. --------------------------------------------- http://heise.de/-4354925 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel and wpa), Fedora (firefox and pdns), Gentoo (apache, cabextract, chromium, gd, nasm, sdl2-image, and zeromq), openSUSE (GraphicsMagick and lftp), Red Hat (thunderbird), Scientific Linux (firefox), Slackware (gnutls), and SUSE (ImageMagick). --------------------------------------------- https://lwn.net/Articles/784251/ ∗∗∗ ZDI-19-293: Advantech WebAccess Node tv_enua Improper Access Control Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-293/ ∗∗∗ ZDI-19-292: Advantech WebAccess Node spchapi Improper Access Control Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-292/ ∗∗∗ IBM Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench affected by Spring vulnerability (CVE-2018-15756) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-test-control… ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2018-19591) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventi… ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventi… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventi… ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventi… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.03.2019
by Daily end-of-shift report 27 Mar '19

27 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 26-03-2019 18:00 − Mittwoch 27-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ UC Browser for Android, Desktop Exposes 500+ Million Users to MiTM Attacks ∗∗∗ --------------------------------------------- The extremely popular UC Browser and UC Browser Mini Android applications with a total of over 600 million installs expose their users to MiTM attacks by downloading and installing extra modules from their own servers using unprotected channels and bypassing Google Plays servers altogether. --------------------------------------------- https://www.bleepingcomputer.com/news/security/uc-browser-for-android-deskt… ∗∗∗ Abuse of hidden "well-known" directory in HTTPS sites ∗∗∗ --------------------------------------------- WordPress and Joomla are among the most popular Content Management Systems (CMSs). They have also become popular for malicious actors, as cybercriminals target sites on these platforms for hacking and injecting malicious content. During the past few weeks, ThreatLabZ researchers have detected several WordPress and Joomla sites that were serving Shade/Troldesh ransomware, backdoors, redirectors, and a variety of phishing pages. --------------------------------------------- https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-ht… ∗∗∗ Sicherheitsforscher entdecken 36 neue Sicherheitslücken im LTE-Standard ∗∗∗ --------------------------------------------- Aufgrund von Lücken sollen Angreifer in der Lage sein, Verbindungen im LTE-Netz zu stören oder sogar zu manipulieren. Das geht aber mit viel Aufwand einher. --------------------------------------------- http://heise.de/-4352711 ∗∗∗ What Is Access Control? A Key Component Of Data Security ∗∗∗ --------------------------------------------- Who should be able to access a company's data? Under what circumstances do organisations deny access to a user with access privileges? To adequately protect data, an organisation's access control [...] --------------------------------------------- https://blog.schneider-electric.com/building-management/2019/03/27/what-is-… ∗∗∗ Rechnungen betrügerischer Streaming-Websites nicht bezahlen! ∗∗∗ --------------------------------------------- Die Welle betrügerischer Streaming-Plattformen mit Namen wie nolistream.de, someflix.de, daftstream.de oder savaflix.de reißt nicht ab. Die Websites verfolgen nur ein Ziel: Internetuser/innen zu unberechtigten Zahlungen zu drängen. Durch gefälschte Rechnungen, Mahnungen und Inkassoschreiben sollen Betroffene eingeschüchtert werden. Die geforderten 358,80, 359,88 oder 479,16 Euro dürfen nicht bezahlt werden! --------------------------------------------- https://www.watchlist-internet.at/news/rechnungen-betruegerischer-streaming… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SCALANCE X ∗∗∗ --------------------------------------------- This advisory includes mitigations for an expected behavior violation vulnerability reported in the Siemens SCALANCE X products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-085-01 ∗∗∗ ENTTEC Lighting Controllers ∗∗∗ --------------------------------------------- This advisory includes mitigations for a missing authentication for critical function vulnerability reported in ENTTEC’s lighting controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-085-03-0 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openjdk-7), Fedora (cfitsio, firefox, librsvg2, and pdns), openSUSE (firefox), Red Hat (firefox), Scientific Linux (firefox), SUSE (gd, grub2, ImageMagick, kernel, libcaca, libmspack, ntp, ovmf, w3m, and wavpack), and Ubuntu (php7.0, php7.2, qemu, and xmltooling). --------------------------------------------- https://lwn.net/Articles/784114/ ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-71135 https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml ∗∗∗ XML vulnerability CVE-2017-9233 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K03244804 ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei AP Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190327-… ∗∗∗ IBM Security Bulletin: Potential denial of service in WebSphere Application Server Admin Console (CVE-2019-4080) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in xorg-x11-libX11 (CVE-2018-14598 CVE-2018-14599 CVE-2018-14600) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in GNU C Library (CVE-2015-5180 CVE-2017-15670 CVE-2017-15804) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in cURL (CVE-2018-14618 CVE-2018-16840 CVE-2018-16842) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY IBM WebSphere Application Server Deserialization ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2018-17082 CVE-2018-14883 CVE-2018-14851 CVE-2017-9118) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY CSRF and OOB-XXE Vulnerabilities in WebSphere Web Application Server’s Integrated Solutions Console 9.0.0.8, 8.5.5.13, and 8.5.5.9 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2017-6464, CVE-2017-6463, CVE-2017-6462, CVE-2015-3331, CVE-2014-2523) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Manager Virtual Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.03.2019
by Daily end-of-shift report 26 Mar '19

26 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Montag 25-03-2019 18:00 − Dienstag 26-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitslücken: Abus Alarmanlage kann per Funk ausgeschaltet werden ∗∗∗ --------------------------------------------- Gleich drei Sicherheitslücken erlauben verschiedene Angriffe auf die Funkalarmanlage Secvest von Abus. Ein Sicherheitsupdate gibt es nicht. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-abus-alarmanlage-kann-per-funk… ∗∗∗ Coding Error Could Enable Users to Halt LockerGoga Ransomware ∗∗∗ --------------------------------------------- Users could potentially use a coding error in some variants of LockerGoga to halt the ransomware's encryption routine in its tracks. In its analysis of LockerGoga, Alert Logic Threat Research found that the ransomware performs an initial reconnaissance scan through which it collects file lists once it's infected a machine. The malware may come in [...] --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/coding-… ∗∗∗ Business banking fraud. Keep your eggs in TWO baskets. Here’s why… ∗∗∗ --------------------------------------------- This post has a cautionary tale all about spreading your business banking fraud risk. So, does your business have two bank accounts, with different banks? No? Then you would be well advised to do so, or risk being left unable to trade. WHY? --------------------------------------------- https://www.pentestpartners.com/security-blog/business-banking-fraud-keep-y… ∗∗∗ Amazon Phishing-Mails mit betrügerischem Inhalt ∗∗∗ --------------------------------------------- Unzählige Internetnutzer/innen finden momentan gefälschte Amazon-Mails im Posteingang. Sie werden darin informiert, dass das Amazon-Konto vorläufig deaktiviert wurde. Um es wieder freizuschalten, sollen die Empfänger/innen ihre Daten über den angegeben Link verifizieren. Der Aufforderung darf nicht gefolgt werden! Die eingegebenen Daten gelangen in die Hände Krimineller und das Amazon-Konto wurde nie gesperrt. --------------------------------------------- https://www.watchlist-internet.at/news/amazon-phishing-mails-mit-betruegeri… ===================== = Vulnerabilities = ===================== ∗∗∗ Betriebssysteme und iTunes: Apple schließt viele Sicherheitslücken ∗∗∗ --------------------------------------------- Mit der Veröffentlichung von iOS 12.2, Mojave 10.14.4 sowie der neuen iTunes-Version für Windows schließt Apple zahlreiche Sicherheitslücken. Einige davon sind kritisch, da sie Angriffe mit Kernelprivilegien oder hohen Rechten ermöglichen. --------------------------------------------- https://www.golem.de/news/betriebssysteme-und-itunes-apple-schliesst-viele-… ∗∗∗ ASUS Releases Security Update for Live Update Software ∗∗∗ --------------------------------------------- ASUS has released Live Update version 3.6.8. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. These vulnerabilities were detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ASUS article for more information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/03/26/ASUS-Releases-Secu… ∗∗∗ rt-sa-2019-007 ∗∗∗ --------------------------------------------- Code Execution via Insecure Shell Function getopt_simple --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2019-007.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript), Debian (libssh2 and wireshark), openSUSE (aubio, blueman, and kauth), Red Hat (kernel-rt and openwsman), Scientific Linux (openwsman), Slackware (mozilla), and SUSE (ovmf and ucode-intel). --------------------------------------------- https://lwn.net/Articles/784031/ ∗∗∗ Synology-SA-19:13 Drupal ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Drupal. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_13 ∗∗∗ IBM Security Bulletin: Incorrect permissions on restored files and directories using IBM Spectrum Protect Backup-Archive Client web user interface on Windows (CVE-2019-4093) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-incorrect-permissions… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by OpenSSL vulnerabilities (CVE-2018-0732 and CVE-2018-0739) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2018-14647 in Python affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-201… ∗∗∗ IBM Security Bulletin: Apache Axis as used in IBM QRadar SIEM is vulnerable to a possible man in the middle attack. (CVE-2012-5784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-axis-as-used-i… ∗∗∗ Binutils vulnerabilities CVE-2018-20002 and CVE-2018-20657 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62602089 ∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0240 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0244 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.03.2019
by Daily end-of-shift report 25 Mar '19

25 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-03-2019 18:00 − Montag 25-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers ∗∗∗ --------------------------------------------- The Taiwan-based tech giant ASUS is believed to have pushed the malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the companys server and used it to push the malware to machines. --------------------------------------------- https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-sof… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, libssh2, and powerdns), Debian (bash, firefox-esr, libapache2-mod-auth-mellon, ntfs-3g, openssh, passenger, rsync, and wireshark), Fedora (filezilla, libarchive, libssh2, mxml, php-twig, php-twig2, qemu, and tcpreplay), Slackware (mozilla), SUSE (ghostscript, kernel, libgxps, libjpeg-turbo, libqt5-qtimageformats, libqt5-qtsvg, openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas, [...] --------------------------------------------- https://lwn.net/Articles/783953/ ∗∗∗ PHOENIX CONTACT command injection on RAD-80211-XD(/HP-BUS) ∗∗∗ --------------------------------------------- A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-007 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A security vulnerability in IBM Java Runtime affects IBM Rational ClearQuest (CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ GNU C Library vulnerability CVE-2009-5155 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K64119434 ∗∗∗ xpdf: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0236 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.03.2019
by Daily end-of-shift report 22 Mar '19

22 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-03-2019 18:00 − Freitag 22-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Analysis of SeroMiner Trojan, combine multiple anti-analytic techniques ∗∗∗ --------------------------------------------- Foreword Recently, 360 security brain intercepted a mining Trojan 'SeroMiner'. The Trojan behavior is too concealed to be discovered its mining behavior from the security [...] --------------------------------------------- https://blog.360totalsecurity.com/en/analysis-of-serominer-trojan-combine-m… ∗∗∗ SigSpoof 4: Bypassing signature verification in Yarn package manager (CVE-2018-12556) ∗∗∗ --------------------------------------------- This attack on GnuPG signature verification is specific to yarn, thepackage manager. It can give a powerful attacker the ability toreplace the Yarn installation with arbitrary code. There areadditional protections in place, so if you are using Yarn, youprobably do not need to worry too much about it. --------------------------------------------- https://neopg.io/blog/yarn-signature-bypass/ ∗∗∗ Over 100,000 GitHub repos have leaked API or cryptographic keys ∗∗∗ --------------------------------------------- Thousands of new API or cryptographic keys leak via GitHub projects every day. --------------------------------------------- https://www.zdnet.com/article/over-100000-github-repos-have-leaked-api-or-c… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (cron and ntfs-3g), Fedora (firefox, ghostscript, libzip, python2-django1.11, PyYAML, tcpflow, and xen), Mageia (ansible, firefox, and ImageMagick/GraphicsMagick), Red Hat (ghostscript), Scientific Linux (firefox and ghostscript), SUSE (libxml2, unzip, and wireshark), and Ubuntu (firefox, ghostscript, libsolv, ntfs-3g, p7zip, and snapd). --------------------------------------------- https://lwn.net/Articles/783757/ ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Potential denial of service in Liberty for Java for IBM Cloud (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ ICMP PMTU messages are forwarded to the server side when the TCP proxy-mss setting is enabled in the associated profile ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52510343 ∗∗∗ The BIG-IP SMTPS virtual server may fail to properly restrict I/O buffering, allowing attackers to insert commands into encrypted SMTP sessions ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23284054 ∗∗∗ BIG-IP SNMPD vulnerability CVE-2019-6608 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K12139752 ∗∗∗ REST Framework vulnerability CVE-2019-6602 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11818407 ∗∗∗ BIG-IP snmpd vulnerability CVE-2019-6606 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35209601 ∗∗∗ TMM vulnerability CVE-2019-6603 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K14632915 ∗∗∗ When authentication is set to require, the Client SSL or Server SSL profile does not report an error when it has an associated invalid CRL ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15732489 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.03.2019
by Daily end-of-shift report 21 Mar '19

21 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-03-2019 18:00 − Donnerstag 21-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mac-Focused Malvertising Campaign Abuses Google Firebase DBs ∗∗∗ --------------------------------------------- Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan. --------------------------------------------- https://threatpost.com/mac-focused-malvertising-campaign-abuses-google-fire… ∗∗∗ Kritische Lücken im Git-Client Sourcetree gefährden Computer ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Sourcetree von Atlassian. MacOS- und Windows-Nutzer sollten die abgesicherten Ausgaben zügig installieren. --------------------------------------------- http://heise.de/-4341489 ∗∗∗ D-Link wappnet ältere NAS-Systeme gegen Erpressungstrojaner Cr1ptTor ∗∗∗ --------------------------------------------- D-Link hat Sicherheitsupdates für NAS-Systeme angekündigt. Bis zur Veröffentlichung sollten sie nicht online sein. Für einige Geräte gibt es schon Patches. --------------------------------------------- http://heise.de/-4341586 ∗∗∗ Ransomware or Wiper? LockerGoga Straddles the Line ∗∗∗ --------------------------------------------- Executive SummaryRansomware attacks have been in the news with increased frequency over the past few years. This type of malware can be extremely disruptive and even cause operational impacts in critical systems that may be infected. LockerGoga is yet another example of this sort of malware. It is a ransomware variant that, while lacking in sophistication, can still cause extensive damage when leveraged against organizations or individuals. --------------------------------------------- https://blog.talosintelligence.com/2019/03/lockergoga.html ∗∗∗ Many Vulnerabilities Found in Oracles Java Card Technology ∗∗∗ --------------------------------------------- Poland-based cybersecurity research firm Security Explorations claims to have identified nearly 20 vulnerabilities in Oracle’s Java Card, including flaws that could be exploited to compromise the security of chips using this technology. --------------------------------------------- https://www.securityweek.com/many-vulnerabilities-found-oracles-java-card-t… ∗∗∗ Remote command injection through an endpoint security product ∗∗∗ --------------------------------------------- TL;DR? We discovered command injection in a popular endpoint security product, Heimdal Thor. By using the product, customers PCs were exposed to compromise. Irony++ Heimdal fixed the issue quickly and responded well, but it appears that the vulnerability had been present in ~650,000 PCs for around one year! Heimdal blogged about it today, but er... [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/remote-command-injection-thro… ∗∗∗ Gefälschte Apple-Rechnungen im Umlauf ∗∗∗ --------------------------------------------- Internetnutzer/innen finden vermehrt gefälschte Apple-Rechnungen in ihrem E-Mail-Postfach. Angeblich wurde etwas im App-Store per Kreditkartenzahlung gekauft. Für weitere Details werden Empfänger/innen aufgefordert, einem Link zu folgen oder eine Datei herunterzuladen. Folgen Sie nicht dem Link oder laden Anhänge herunter, denn es handelt sich um einen Phishing-Versuch! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-apple-rechnungen-im-umla… ∗∗∗ Zero-day in WordPress SMTP plugin abused by two hacker groups ∗∗∗ --------------------------------------------- Hacker groups are creating backdoor admin accounts on vulnerable sites and redirecting users to tech support scams. --------------------------------------------- https://www.zdnet.com/article/zero-day-in-wordpress-smtp-plugin-abused-by-t… ===================== = Vulnerabilities = ===================== ∗∗∗ Medtronic Conexus Radio Frequency Telemetry Protocol ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper access control and cleartext transmission of sensitive information vulnerabilities reported in Medtronics proprietary Conexus telemetry system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01 ∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004 ∗∗∗ --------------------------------------------- Project: Drupal coreDate: 2019-March-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.Solution: If you are using Drupal 8.6, update to Drupal 8.6.13.If you are using Drupal 8.5 or earlier, update to Drupal 8.5.14.If you are using Drupal 7, [...] --------------------------------------------- https://www.drupal.org/sa-core-2019-004 ∗∗∗ RESTful - Critical - Remote code execution - SA-CONTRIB-2019-041 ∗∗∗ --------------------------------------------- Project: RESTfulVersion: 7.x-2.x-dev7.x-1.x-devDate: 2019-March-20Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Remote code executionDescription: This resolves issues described in SA-CORE-2019-003 for this module.Solution: If you use the RESTful module for Drupal 7.x, upgrade to RESTful 7.x-1.10 or RESTful 7.x-2.17 [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2019-041 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7, firefox-esr, and openjdk-8), Fedora (ghostscript, python2-django1.11, and SDL), Red Hat (firefox), Scientific Linux (firefox), SUSE (nodejs4 and openssl-1_1), and Ubuntu (gdk-pixbuf). --------------------------------------------- https://lwn.net/Articles/783652/ ∗∗∗ IBM Security Bulletin: Vulnerability in Python affects IBM OS Images for Red Hat Linux Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-pyth… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by information leak (CVE-2019-4052) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a spoofing vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH (CVE-2018-15473 CVE-2018-15919) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in NTP (CVE-2018-12327) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.03.2019
by Daily end-of-shift report 20 Mar '19

20 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-03-2019 18:00 − Mittwoch 20-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Videos für mehr Cyber-Sicherheit: BSI startet YouTube-Kanal ∗∗∗ --------------------------------------------- Ab sofort ist das BSI auch bei der Videoplattform YouTube zu finden. Unter dem Namen "Bundesamt für Sicherheit in der Informationstechnik" finden Interessierte zunächst Tipps und Hinweise für Privatanwender sowie spannende Karriereinformationen oder Neuigkeiten über das BSI. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Youtube-200319.ht… https://www.youtube.com/channel/UC_VgLyJQsChxKfDJcdI-Tcg ∗∗∗ SilkETW: Because Free Telemetry is...Free! ∗∗∗ --------------------------------------------- In the following example, we will collect process event data from the Kernel provider and use image loads to identify Mimikatz execution. We can collect the required data with this command: SilkETW.exe -t kernel -kk ImageLoad -ot file -p C:\Users\b33f\Desktop\mimikatz.json With data in hand it is easy to sort, grep and filter for the properties we are interested in (Figure 2). --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/03/silketw-because-free-te… ∗∗∗ Fake-Shop btckraken.de stielt Daten und liefert nicht! ∗∗∗ --------------------------------------------- Die Suche nach günstiger Technik führt manche Konsument/innen zu btckraken.de. Aus angeblichen Sicherheitsgründen werden bei einer Bestellung Ausweisdokumente verlangt. Eine Zahlung erfolgt vorab. Hier darf nicht bestellt werden: Es handelt sich um schweren Identitätsdiebstahl für weitere Verbrechen unter fremden Namen und die Waren werden nie geliefert! --------------------------------------------- https://www.watchlist-internet.at/news/fake-shop-btckrakende-stielt-daten-u… ∗∗∗ Ransomware is not dead - a light analysis of LockerGoga ∗∗∗ --------------------------------------------- Despite many reports saying that the number of Ransomware samples is on the decrease, we see again and again big multinational companies suffering from these attacks.Just two days ago, Norway based Norsk Hydro - one of the Worlds largest Aluminium producers - was hit by a severe Ransomware attack: [...] --------------------------------------------- http://blog.joesecurity.org/2019/03/ransomware-is-not-dead-light-analysis.h… ∗∗∗ Severe security bug found in popular PHP library for creating PDF files ∗∗∗ --------------------------------------------- Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years. --------------------------------------------- https://www.zdnet.com/article/severe-security-bug-found-in-popular-php-libr… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IP Phone 7800 Series and 8800 Series Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libelf and wordpress), CentOS (cloud-init, cockpit, openssl, and tomcat), Gentoo (openssh), openSUSE (ovmf), Scientific Linux (cloud-init), and SUSE (go1.11, ldb, lftp, libssh2_org, and openwsman). --------------------------------------------- https://lwn.net/Articles/783566/ ∗∗∗ Security Advisory - Digital Signature Verification Bypass Vulnerability in Some Huawei Routers ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-… ∗∗∗ Security Advisory - Signature Verification Bypass Vulnerability in Some Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-… ∗∗∗ OpenSSL vulnerability CVE-2019-1559 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18549143 ∗∗∗ HPESBST03915 rev.1 - HPE CVAE products, and Hitachi Infrastructure Analytics Advisor(HIAA) using JDK, Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ IBM Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cloudant-local-apache… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE 2018-1992 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator (CVE-2018-2800, CVE-2018-2783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in deserialization of openid connect cookie ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-de… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache CXF ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Vulnerabilities in WAS traditional and liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-wa… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM SDK, Java Technology Edition Quarterly CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in 3RD PARTY XSS in IBM WebSphere CacheMonitor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-3r… ∗∗∗ IBM Security Bulletin: Publicly Disclosed Vulnerability Found By vFinder (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.03.2019
by Daily end-of-shift report 19 Mar '19

19 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Montag 18-03-2019 18:00 − Dienstag 19-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Assessing Internal Network with JavaScript, Despite Same-Origin Policy ∗∗∗ --------------------------------------------- Researchers are warning about a hacking technique that enables attacks on the local network using JavaScript on a public website. Using the victims browser as a proxy, the code can reach internal hosts and do reconnaissance activity or even compromise vulnerable services. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/assessing-internal-network-w… ∗∗∗ Business Email Compromise (BEC) Attacks Moving to Mobile ∗∗∗ --------------------------------------------- As text messaging has become a common form of communication within a business, Business Email Compromise (BEC) scammers have started to go mobile by utilizing SMS messaging to direct their targets. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/business-email-compromise-be… ∗∗∗ Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception ∗∗∗ --------------------------------------------- The practice of HTTPS interception continues to be commonplace on the Internet. This blog post discusses types of monster-in-the-middle devices and software, and how to detect them. --------------------------------------------- https://blog.cloudflare.com/monsters-in-the-middleboxes/ ∗∗∗ What Is a Credential Stuffing Attack and How to Protect Yourself from One ∗∗∗ --------------------------------------------- You probably heard of at least one credential stuffing attack lately, as major companies become targets of this new hacking technique. Credential stuffing is not actually new as part of hackers’ repertoire, but lately, the method started being employed more often. I’ll explain the reasons for this surge in popularity down below. Did you notice […]The post What Is a Credential Stuffing Attack and How to Protect Yourself from One appeared first on Heimdal Security Blog. --------------------------------------------- https://heimdalsecurity.com/blog/credential-stuffing-attack-protection/ ∗∗∗ Protecting Against Social Engineering Attacks ∗∗∗ --------------------------------------------- Most people think of hacking as using malware and coding to bypass security defenses and steal data or money. Social engineers take a different approach, targeting the human instead of the software to achieve their goals. How Social Engineering Works Social engineers take advantage of knowledge of human behavior to perform their attacks. A person’s […]The post Protecting Against Social Engineering Attacks appeared first on InfoSec Resources.Protecting Against Social Engineering --------------------------------------------- https://resources.infosecinstitute.com/protecting-against-social-engineerin… ∗∗∗ Vulnerability hunting with Semmle QL, part 2 ∗∗∗ --------------------------------------------- The first part of this series introduced Semmle QL, and how the Microsoft Security Response Center (MSRC) are using it to investigate variants of vulnerabilities reported to us. This post discusses an example of how we’ve been using it proactively, covering a security audit of an Azure firmware component. This was part of a wider... --------------------------------------------- https://blogs.technet.microsoft.com/srd/2019/03/19/vulnerability-hunting-wi… ∗∗∗ Arbitrary Directory Deletion in WP-Fastest-Cache ∗∗∗ --------------------------------------------- The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org: “A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and directories will be deleted recursively. The vulnerable code path extracts the path portion of the referrer header and then uses string concatenation to build an absolute path. --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/dJRlgHKTUzY/arbitrary-directo… ∗∗∗ Discovering a zero day and getting code execution on Mozillas AWS Network ∗∗∗ --------------------------------------------- [...] Although basic authentication can be enabled by modifying the settings.ini file, and is recommended to prevent any anonymous access. Most deployments of WebPageTest that Assetnote CS identifies are unauthenticated, and the array of testing tools provided by WebPageTest can be used offensively to gain access to internal resources by server-side request forgery (commonly known as SSRF, but for WebPageTest, it is a feature). --------------------------------------------- https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-web… ∗∗∗ BGP Hijacking is a RIPE Policy Violation ∗∗∗ --------------------------------------------- This proposal aims to clarify that BGP hijacking is not accepted as normal practice within the RIPE NCC service region, primarily because it negates the core purpose of running a (Regional Internet) Registry. The proposal is not concerned with simple operational mistakes - it is intended to address deliberate BGP hijacking events. --------------------------------------------- https://www.ripe.net/participate/policies/proposals/2019-03 ∗∗∗ Thunderclap ∗∗∗ --------------------------------------------- Vor kurzer Zeit produzierte das O.MG Kabel Schlagzeilen. In dieses harmlos wirkende USB-Kabel ist eine versteckte Hardware eingebaut, die sich beim Anschließen gegenüber dem Betriebssystem als Eingabegerät ausgibt und einem Angreifer die Fernsteuerung eines Rechners über WLAN ermöglicht. Jetzt haben Sicherheitsforscher nach einer zwei Jahre dauernden Zusammenarbeit des Department of Computer Science and Technology at the University of Cambridge, der Rice University und [...] --------------------------------------------- https://www.dfn-cert.de/aktuell/Thunderclap.html ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA InduSoft Web Studio and InTouch Edge HMI ∗∗∗ --------------------------------------------- This advisory includes mitigations for an uncontrolled search path element vulnerability in AVEVAs InduSoft Web Studio and InTouch Edge human machine interface software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-078-01 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel), Debian (libjpeg-turbo, liblivemedia, neutron, and otrs2), Fedora (SDL), Gentoo (ntp), openSUSE (java-1_8_0-openjdk), Red Hat (cloud-init), Slackware (libssh2), SUSE (libssh2_org, nodejs10, and nodejs8), and Ubuntu (tiff). --------------------------------------------- https://lwn.net/Articles/783473/ ∗∗∗ Synology-SA-19:12 Calendar ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary commands via a susceptible version of Calendar. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_12 ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-5391 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-12384 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ ENDRESS+HAUSER WIFI enabled products utilising WPA2 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-005 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.03.2019
by Daily end-of-shift report 18 Mar '19

18 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-03-2019 18:00 − Montag 18-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ RFC8482 - Saying goodbye to ANY ∗∗∗ --------------------------------------------- Ladies and gentlemen, I would like you to welcome the new shiny RFC8482, which effectively deprecates DNS ANY query type. DNS ANY was a "meta-query" - think about it as a similar thing to the common A, AAAA, MX or SRV query types, but unlike these it wasnt a real query type - it was special. --------------------------------------------- https://blog.cloudflare.com/rfc8482-saying-goodbye-to-any/ ∗∗∗ Secure Coding — Top 15 Code Analysis Tools ∗∗∗ --------------------------------------------- Keeping code secure is a top objective for any software company. And to ensure secure coding, you need to perform code analysis during the development life cycle. While manual review of code was once the only option, now there are plenty of tools that can take care of this in an automated fashion. --------------------------------------------- https://resources.infosecinstitute.com/secure-coding-top-15-code-analysis-t… ∗∗∗ Lenovo Patches Intel Firmware Flaws in Multiple Product Lines ∗∗∗ --------------------------------------------- Lenovo has issued patches for several serious vulnerabilities in its products stemming from Intel technology fixes. --------------------------------------------- https://threatpost.com/lenovo-patches-high-severity-arbitrary-code-executio… ∗∗∗ Cryptojacking of businesses' cloud resources still going strong ∗∗∗ --------------------------------------------- In the past year or so, many cybercriminals have turned to cryptojacking as an easier and more low-key approach for "earning" money. While the value of cryptocurrencies like Bitcoin and Monero has been declining for a while now and Coinhive, the most popular in-browser mining service, has stopped working, cryptojacking is still a considerable threat. After all, attackers need to expand very little effort and are using someone else's resources for free. --------------------------------------------- https://www.helpnetsecurity.com/2019/03/18/cryptojacking-cloud-resources/ ∗∗∗ IPv6 unmasking via UPnP ∗∗∗ --------------------------------------------- With tools such as ZMap and Masscan and general higher bandwidth availability, exhaustive internet-wide scans of full IPv4 address space have become the norm after it was once impractical. Projects like Shodan and Scans.io aggregate and publish frequently updated datasets of scan results for public analysis, giving researchers greater insight into the current state of the internet. While IPv4 is the norm, the use of IPv6 [...] --------------------------------------------- https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html ∗∗∗ Gefälschte CIA-Mails fordern Bitcoins wegen Kinderpornografie ∗∗∗ --------------------------------------------- Internetnutzer/innen erhalten gefälschte Nachrichten der CIA mit dem Betreff „Central Intelligence Agency – Case #12345678“. In der Nachricht wird behauptet, dass die Empfänger/innen im Rahmen von Ermittlungen gegen Kinderpornografie als Verdächtige aufscheinen. Um eine Verhaftung zu verhindern, sollen 10,000 Dollar in Bitcoins an die Absender/innen überwiesen werden. Der Inhalt der Nachrichten ist frei erfunden und die Zahlungen dürfen nicht [...] --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-cia-mails-fordern-bitcoi… ∗∗∗ New Mirai Variant Targets Enterprise Wireless Presentation & Display Systems ∗∗∗ --------------------------------------------- Unit 42 has discovered a new Mirai variant that targets business video display systems. It uses additional exploits, boosts the number of credentials for brute-force attacks and hosts payload on the compromised website of a Colombian security firm. --------------------------------------------- https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wi… ∗∗∗ Microsoft releases Application Guard extension for Chrome and Firefox ∗∗∗ --------------------------------------------- Extensions only available for Windows Insiders for now. To work for everyone once Windows 10 19H1 is live. --------------------------------------------- https://www.zdnet.com/article/microsoft-releases-application-guard-extensio… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Funktastatur nimmt Befehle von Angreifern entgegen ∗∗∗ --------------------------------------------- Die Verschlüsselung der kabellosen Fujitsu-Tastatur LX901 lässt sich von Angreifern auf gleich zwei Arten umgehen - und für Angriffe aus der Distanz nutzen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-funktastatur-nimmt-befehle-von-… ∗∗∗ SSH-Software: Kritische Sicherheitslücken in Putty ∗∗∗ --------------------------------------------- In der SSH-Software Putty sind im Rahmen eines von der EU finanzierten Bug-Bounty-Programms mehrere schwerwiegende Sicherheitslücken entdeckt worden. Der verwundbare Code wird auch von anderen Projekten wie Filezilla und WinSCP verwendet. --------------------------------------------- https://www.golem.de/news/ssh-software-kritische-sicherheitsluecken-in-putt… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ikiwiki, liblivemedia, linux-4.9, rdflib, and sqlalchemy), Fedora (advancecomp, kubernetes, mingw-poppler, and php), Mageia (ikiwiki), openSUSE (chromium, file, and sssd), Red Hat (ansible, openstack-ceilometer, and openstack-octavia), Scientific Linux (kernel), SUSE (galera-3, mariadb, mariadb-connector-c, java-1_8_0-ibm, kernel, nodejs10, openwsman, wireshark, and yast2-rmt), and Ubuntu (file, linux, linux-aws, linux-kvm, linux-raspi2, [...] --------------------------------------------- https://lwn.net/Articles/783370/ ∗∗∗ [webapps] Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password) ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/46541 ∗∗∗ Security Advisory - Double Free Vulnerability on Bastet Module of Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer and IBM Watson Content Analytics (CVE-2018-2579, CVE-2018-2588, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.03.2019
by Daily end-of-shift report 15 Mar '19

15 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-03-2019 18:00 − Freitag 15-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Threatlist: IMAP-Based Attacks Compromising Accounts at ‘Unprecedented Scale’ ∗∗∗ --------------------------------------------- Attackers are increasingly targeting insecure legacy protocols, like IMAP, to avoid running into multi-factor authentication in password-spraying campaigns. --------------------------------------------- https://threatpost.com/imap-attacks-compromise-accounts/142824/ ∗∗∗ DNS Tunneling: how DNS can be (ab)used by malicious actors ∗∗∗ --------------------------------------------- DNS is a critical foundation of the Internet that makes it possible to get to websites without entering numerical IP addresses. The power that makes DNS beneficial for everyone also creates potential for abuse. Unit 42 researchers explain how attackers can abuse DNS to hide their tracks and steal data using a technique known as "DNS Tunneling". This research can help organizations understand DNS-based threats and the risks they pose to their environment. --------------------------------------------- https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2019-0804 | Azure Linux Agent Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks. An authenticated attacker who successfully exploited this vulnerability could view data in swap that is normally hidden. --------------------------------------------- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019… ∗∗∗ VMSA-2019-0003 ∗∗∗ --------------------------------------------- VMware Horizon update addresses Connection Server information disclosure vulnerability. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0003.html ∗∗∗ VMSA-2019-0002 ∗∗∗ --------------------------------------------- VMware Workstation update addresses elevation of privilege issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0002.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (mingw-poppler and php), Mageia (apache, gnome-keyring, gnupg2, hiawatha, and rsyslog), openSUSE (libcomps and obs-service-tar_scm), and Ubuntu (libvirt and linux-lts-trusty). --------------------------------------------- https://lwn.net/Articles/783140/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2018-1890, CVE-2018-12547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ Console has inadequate input validation (CVE-2018-1836) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-console-has-in… ∗∗∗ HPESBNS03910 rev.1 - HPE NonStop SafeGuard, Local Disclosure of Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03911 rev.1 - HPE Command View AE (CVAE) Products, multiple vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.03.2019
by Daily end-of-shift report 14 Mar '19

14 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-03-2019 18:00 − Donnerstag 14-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Schadcode per Wordpress-Kommentar ∗∗∗ --------------------------------------------- Gleich mehrere Sicherheitslücken kombinierte ein Sicherheitsforscher, um Schadcode in Wordpress ausführen zu können. Die Wordpress-Standardeinstellungen und ein angemeldeter Administrator reichten als Voraussetzung. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-schadcode-per-wordpress-komment… ∗∗∗ GlitchPOS Malware Appears to Steal Credit-Card Numbers ∗∗∗ --------------------------------------------- A new malware targeting point of sale systems, GlitchPOS, has been spotted on a crimeware forum. --------------------------------------------- https://threatpost.com/glitchpos-malware-credit-card/142804/ ∗∗∗ Further attack surface of Wordpress PHAR injection ∗∗∗ --------------------------------------------- In August 2018, Sam Thomas presented a new vulnerability of Wordpress at Black Hat USA 2018. The PHP object injection vulnerability is not new, but the way attacker can trigger this error is worth mentioning. In this article, I will go over the detail of this exploit and inspect further impact of this vulnerability to the Wordpress community. A list of more than 300 Wordpress plugins that could be used to exploit this bug is also included. --------------------------------------------- https://blog.cystack.net/wordpress-phar/ ∗∗∗ Jetzt updaten: Cisco patcht gegen eine von zwei Remote-Attacken ∗∗∗ --------------------------------------------- Zwei Cisco-Produkte sind aus der Ferne angreifbar. Updates gibt es aber wohl nur für Common Services Platform Collector – das IP-Telefon SPA514G ist zu alt. --------------------------------------------- http://heise.de/-4335459 ∗∗∗ Viele Intel-Rechner brauchen wieder BIOS-Updates ∗∗∗ --------------------------------------------- Gleich 17 neue Firmware-Sicherheitslücken meldet Intel, die sich allerdings auf mehrere Systeme verteilen und nur lokal am Rechner nutzbar sind. --------------------------------------------- http://heise.de/-4335118 ∗∗∗ Multiple Security Flaws Discovered in Visitor Management Systems ∗∗∗ --------------------------------------------- Vulnerabilities discovered by IBM security researchers in five different visitor management systems could be abused for data exfiltration or for access to the underlying machines. --------------------------------------------- https://www.securityweek.com/multiple-security-flaws-discovered-visitor-man… ∗∗∗ Netflix-Phishing-Mail im Umlauf ∗∗∗ --------------------------------------------- Netflix Nutzer/innen aufgepasst: Momentan sind wieder Phishing-Mails im Umlauf. Betrüger/innen fordern Sie im Namen von Netflix auf, Ihre Kontoinformationen zu überprüfen. Klicken Sie auf den Button in der E-Mail, werden Sie auf eine betrügerische Seite weitergeleitet. Folgen Sie den Anweisungen, erspähen Kriminelle Ihre Zugangs- und Kreditkartendaten. --------------------------------------------- https://www.watchlist-internet.at/news/netflix-phishing-mail-im-umlauf/ ∗∗∗ Magecart Isn't Just a Security Problem; It's Also a Business Problem ∗∗∗ --------------------------------------------- Magecart is more than just a security problem—it's also a business problem. When threat actors breached British Airways in September resulting in the compromise of thousands of customers’ credit cards, the world got a look at what the fallout of a modern security breach looks like. Immediately afterward, a law firm launched a £500 million[...] --------------------------------------------- https://www.riskiq.com/blog/external-threat-management/magecart-business-pr… ∗∗∗ New BitLocker attack puts laptops storing sensitive data at risk ∗∗∗ --------------------------------------------- New Zealand security researcher details never-before-seen attack for recovering BitLocker keys. --------------------------------------------- https://www.zdnet.com/article/new-bitlocker-attack-puts-laptops-storing-sen… ===================== = Vulnerabilities = ===================== ∗∗∗ Gemalto Sentinel UltraPro ∗∗∗ --------------------------------------------- This advisory includes mitigations for an uncontrolled search path element in Gemaltos Sentinel UltraPro encryption keys. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-073-02 ∗∗∗ PEPPERL+FUCHS WirelessHART-Gateways ∗∗∗ --------------------------------------------- This advisory includes mitigations for a path traversal vulnerability in PEPPERL+FUCHS WirelessHART-Gateways network products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03 ∗∗∗ Video - Critical - Remote Code Execution - SA-CONTRIB-2019-037 ∗∗∗ --------------------------------------------- Project: Video Date: 2019-March-13 Security risk: Critical 19∕25 AC:None/A:Admin/CI:All/II:All/E:Theoretical/TD:All Vulnerability: Remote Code Execution Description: This module provides a field where editors can add videos to their content and this module offers functionality to transcode these videos to different sizes and formats.The module doesnt sufficiently sanitize some user input on administrative forms. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-037 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium), Debian (libsdl1.2 and libsdl2), Fedora (firefox), Gentoo (bind, glibc, openssl, oracle-jdk-bin, webkit-gtk, and xrootd), Mageia (kernel), openSUSE (freerdp, mariadb, and obs-service-tar_scm), Oracle (openssl), Red Hat (kernel, kernel-rt, openstack-ceilometer, openstack-octavia, and tomcat), Scientific Linux (cockpit, openssl, and tomcat), and SUSE (java-1_7_1-ibm and mariadb). --------------------------------------------- https://lwn.net/Articles/783046/ ∗∗∗ BlackBerry powered by Android Security Bulletin - March 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Ruby on Rails: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0221 ∗∗∗ IBM Security Bulletin: IBM® Db2® is vulnerable to privilege escalation via loading libraries from an untrusted path (CVE-2019-4094). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-is-vulnerable… ∗∗∗ IBM Security Bulletin: Security vulnerability in the IBM HTTP Server (CVE-2018-17199) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud Transformation Advisor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.03.2019
by Daily end-of-shift report 13 Mar '19

13 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-03-2019 18:00 − Mittwoch 13-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Zertifizierungsstellen: Millionen TLS-Zertifikate mit fehlendem Zufallsbit ∗∗∗ --------------------------------------------- Viele TLS-Zertifikate wurden nicht nach den geltenden Regeln ausgestellt. Sie müssten eine zufällige 64-Bit-Seriennummer haben, es sind aber real nur 63 Bit. Ein Risiko ist praktisch nicht vorhanden, trotzdem müssen die Zertifikate zurückgezogen werden. --------------------------------------------- https://www.golem.de/news/zertifizierungsstellen-millionen-tls-zertifikate-… ∗∗∗ E-Learnings Digitale Sicherheit ∗∗∗ --------------------------------------------- Informationssicherheit hat für die Stadt Wien einen sehr hohen Stellenwert. Deshalb wurde ein aus sechs Modulen aufgebauter Kompakt-Kurs entwickelt, der den bewussten Umgang mit dem Thema Informationssicherheit in verschiedenen Lebenssituationen ermöglicht. [...] Am Ende kann man das erlangte Wissen bei einem kurzen Quiz überprüfen. --------------------------------------------- https://digitales.wien.gv.at/site/storyboard-e-learning/ ∗∗∗ Augen auf beim Online-Gebrauchtwagenkauf ∗∗∗ --------------------------------------------- Konsument/innen, die im Internet nach Gebrauchtwagen suchen, müssen sich vor folgender Betrugsmasche in Acht nehmen: Laut Verkaufsanzeigen befindet sich das Auto in Österreich. Später wird behauptet, dass es mittlerweile im Ausland ist und daher keine Besichtigung möglich ist. Bezahlung und Lieferung sollen versichert über erfundene Transport- und Zahlungsdienstleister erfolgen. Überwiesene Beträge sind verloren und die kommen nie an. --------------------------------------------- https://www.watchlist-internet.at/news/augen-auf-beim-online-gebrauchtwagen… ∗∗∗ Neue PGP-Keys ∗∗∗ --------------------------------------------- Nachdem unsere "alten" PGP-Keys nahe ihres Ablaufdatums sind, haben wir einen Satz neue Keys generiert. Diese sind wie üblich über den CERT.at PGP keyring verfügbar. --------------------------------------------- http://www.cert.at/services/blog/20190313150627-2400.html ===================== = Vulnerabilities = ===================== ∗∗∗ BSRT 2019 -001 Vulnerability in Management System Impacts BlackBerry AtHoc ∗∗∗ --------------------------------------------- This advisory addresses an XML External Entity Injection (XXE) vulnerability in the Management System (console) of affected versions of BlackBerry AtHoc that could potentially allow a successful attacker to read arbitrary local files from the application server or make requests on the network. BlackBerry is not aware of any exploitation of this vulnerability. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ WordPress 5.1.1 Security and Maintenance Release ∗∗∗ --------------------------------------------- WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. --------------------------------------------- https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance… ∗∗∗ Microsoft March 2019 Patch Tuesday ∗∗∗ --------------------------------------------- This month we got patches for 64 vulnerabilities. Two of them have been exploited and four have been made public before today. Both exploited vulnerabilities (CVE-2019-0808 and CVE-2019-0797) affects win32k component on multiple Windows versions, from Windows 7 to 2019, and may lead to privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. --------------------------------------------- https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/ ∗∗∗ March 2019 Office Update Release ∗∗∗ --------------------------------------------- The March 2019 Public Update releases for Office are now available! This month, there are 6 security updates and 28 non-security updates. All of the security and non-security updates are listed in KB article 4491754. A new version of Office 2013 Click-To-Run is available: 15.0.5119.1000 A new version of Office 2010 Click-To-Run is available: 14.0.7230.5000 --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2019/03/12… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libsndfile, systemd, waagent, and xmltooling), Fedora (guacamole-server, postgresql-jdbc, and xen), Oracle (cockpit and kernel), Red Hat (cockpit, docker, kernel-alt, and openssl), SUSE (ceph, java-1_7_0-ibm, java-1_7_1-ibm, openssl-1_0_0, python-azure-agent, python-numpy, and supportutils), and Ubuntu (kernel, php5, and walinuxagent). --------------------------------------------- https://lwn.net/Articles/782926/ ∗∗∗ Vuln: Wibu Systems WibuKey DRM Multiple Input Validation Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107005 ∗∗∗ Cisco Common Services Platform Collector Static Credential Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ ZDI: Hewlett Packard Enterprise Intelligent Management Center Vulnerabilities ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-271/ http://www.zerodayinitiative.com/advisories/ZDI-19-270/ http://www.zerodayinitiative.com/advisories/ZDI-19-269/ http://www.zerodayinitiative.com/advisories/ZDI-19-268/ http://www.zerodayinitiative.com/advisories/ZDI-19-267/ http://www.zerodayinitiative.com/advisories/ZDI-19-266/ http://www.zerodayinitiative.com/advisories/ZDI-19-265/ http://www.zerodayinitiative.com/advisories/ZDI-19-264/ http://www.zerodayinitiative.com/advisories/ZDI-19-263/ http://www.zerodayinitiative.com/advisories/ZDI-19-262/ http://www.zerodayinitiative.com/advisories/ZDI-19-261/ http://www.zerodayinitiative.com/advisories/ZDI-19-260/ http://www.zerodayinitiative.com/advisories/ZDI-19-259/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.03.2019
by Daily end-of-shift report 12 Mar '19

12 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Montag 11-03-2019 18:00 − Dienstag 12-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Serverbetreiber könnte Schweizer Onlinewahlen manipulieren ∗∗∗ --------------------------------------------- Eine schwere Sicherheitslücke im Onlinewahl-Code der Schweizer Post ermöglicht es dem Betreiber einer Wahl, das Ergebnis zu manipulieren. Die Schweizer Post weiß angeblich schon seit 2017 von dem Problem, der Hersteller hat es jedoch versäumt, den Fehler zu beheben. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-serverbetreiber-koennte-schweiz… ∗∗∗ Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes ∗∗∗ --------------------------------------------- Microsoft wont be patching the bug, but a proof of concept shows the potential for successful malware implantation. --------------------------------------------- https://threatpost.com/windows-bug-spoof-dialog-boxes/142711/ ∗∗∗ Identitätsdiebstahl durch Stellenangebote auf ebay Kleinanzeigen ∗∗∗ --------------------------------------------- Wer auf ebay Kleinanzeigen oder ähnlichen Portalen nach Jobs sucht, muss sich vor betrügerischen Angeboten in Acht nehmen. Gute Bezahlung und Arbeit von zu Hause locken zahlreiche Interessent/innen an. So geschehen auch bei der angeblichen CEBIT GmbH: Jobsuchende, die sich hier bewerben und die geforderten Unterlagen versenden, werden Opfer eines Identitätsdiebstahls und eröffnen im Extremfall Bankkonten im eigenen Namen, die später missbraucht werden. --------------------------------------------- https://www.watchlist-internet.at/news/identitaetsdiebstahl-durch-stellenan… ∗∗∗ WordPress shopping sites under attack ∗∗∗ --------------------------------------------- Hackers using cross-site scripting (XSS) flaw in abandoned cart plugin to take over vulnerable sites. --------------------------------------------- https://www.zdnet.com/article/wordpress-shopping-sites-under-attack/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Digital Editions (APSB19-16) and Adobe Photoshop CC (APSB19-15). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided "AS IS" with no warranties [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1724 ∗∗∗ Siemens Security Advisories ∗∗∗ --------------------------------------------- New: SSA-557804: Mirror Port Isolation Vulnerability in SCALANCE X switches Updated: SSA-168644: Spectre and Meltdown Vulnerabilities in Industrial Products SSA-170881: Vulnerabilities in SINUMERIK Controllers SSA-203306: Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families SSA-254686: Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products SSA-346262: Denial-of-Service in Industrial Products SSA-348629: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software SSA-584286: Denial-of-Service Vulnerability in SIMATIC S7-1200 CPU and SIMATIC S7-1500 CPU SSA-824231: Unauthenticated Firmware Upload Vulnerability in Desigo PX Controllers SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP --------------------------------------------- https://new.siemens.com/global/en/products/services/cert.html ∗∗∗ SAP Security Patch Day - March 2019 ∗∗∗ --------------------------------------------- On 12th of March 2019, SAP Security Patch Day saw the release of 9 Security Notes. Additionally, there were 3 updates to previously released security notes. We would like to inform that the vulnerability fixed by security note 2764283 is expected to be presented by a researcher at a security conference in March 2019. Therefore, we recommend our Customers to apply the SAP Security Note on priority. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 ∗∗∗ BIG-IP Configuration utility vulnerability CVE-2019-6598 ∗∗∗ --------------------------------------------- BIG-IP Configuration utility vulnerability CVE-2019-6598 Security Advisory Security Advisory Description Malformed requests to the Traffic Management User Interface (TMUI), also referred to as the [...] --------------------------------------------- https://support.f5.com/csp/article/K44603900 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (pacman), CentOS (java-1.7.0-openjdk), Debian (zabbix), Fedora (kernel-headers), openSUSE (libcomps), Oracle (kernel), Red Hat (chromium-browser), SUSE (ovmf and qemu), and Ubuntu (tiff). --------------------------------------------- https://lwn.net/Articles/782842/ ∗∗∗ [20190301] - Core - XSS in com_config JSON handler ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/JvJtucwH0Xs/772-20190301-c… ∗∗∗ [20190304] - Core - Missing ACL check in sample data plugins ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/yevVdAyNRRI/775-20190304-c… ∗∗∗ [20190303] - Core - XSS in media form field ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/-7y5ceiY85g/774-20190303-c… ∗∗∗ [20190302] - Core - XSS in item_title layout ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/uD680RYCbkk/773-20190302-c… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a code execution vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Storage – GlusterFS and Minio ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kiali Istio addon ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Certificate Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerability in Kerberos affects Power Hardware Management Console ( CVE-2018-5730 CVE-2018-5729) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-kerb… ∗∗∗ IBM Security Bulletin: Vulnerability in GnuTLS affects Power Hardware Management Console ( CVE-2018-10845 CVE-2018-10844) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-gnut… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects Power Hardware Management Console ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Rational Engineering Lifecycle Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple Cross-site scripting vulnerabilities affect IBM® Rational® Team Concert ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-cross-site-s… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Rational® Quality Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.03.2019
by Daily end-of-shift report 11 Mar '19

11 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 08-03-2019 18:00 − Montag 11-03-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ E-Mail-Marketing: Datenbank mit 800 Millionen E-Mail-Adressen online ∗∗∗ --------------------------------------------- Wozu sammelt ein völlig unbekanntes Unternehmen Hunderte Millionen E-Mail-Adressen und weitere Nutzerdaten? Dahinter steckt eine Dienstleistung, die für Spammer nützlich ist. --------------------------------------------- https://www.golem.de/news/e-mail-marketing-datenbank-mit-800-millionen-e-ma… ∗∗∗ Free decrypters for BigBobRoss ransomware released ∗∗∗ --------------------------------------------- Here’s some good news for users whose files have been encrypted by the BigBobRoss ransomware: both Avast and Emsisoft have released decrypters. How do you know that you've been hit with BigBobRoss? The ransomware gets its name from the email address included in the ransom note, which comes in a file named Read Me.txt. Another indication that the user's files have been encrypted by this particular malware is the .obfuscated extension added to the encrypted [...] --------------------------------------------- https://www.helpnetsecurity.com/2019/03/11/decrypt-bigbobross-ransomware/ ∗∗∗ A quick lesson in confirmation bias ∗∗∗ --------------------------------------------- In my experience, hacking investigations are driven by ignorance and confirmation bias. We regularly see things we cannot explain. We respond by coming up with a story where our pet theory explains it. Since there is no alternative explanation, this then becomes evidence of our theory, where this otherwise inexplicable thing becomes proof.For example, take that "Trump-AlfaBank" theory. One of the oddities noted by researchers is lookups for [...] --------------------------------------------- https://blog.erratasec.com/2019/03/a-quick-lesson-in-confirmation-bias.html ∗∗∗ Vorsicht vor überteuerten Einreisegenehmigungen und E-Visa ∗∗∗ --------------------------------------------- Momentan stecken viele Konsument/innen mitten in der Planung ihrer nächsten Reise. Bei einigen Urlaubszielen, beispielsweise den USA, Kanada, der Türkei oder Ägypten, ist die Beantragung eines E-Visums oder einer Einreisegenehmigung vorab notwendig. Hierbei ist Vorsicht geboten, denn neben den offiziellen behördlichen Websites sind auch zahlreiche Dienstleister im Internet zu finden, die für die gleiche Leistung stark überhöhte Gebühren verrechnen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-ueberteuerten-einreiseg… ∗∗∗ The Hitchhiker's Guide To Initial Access ∗∗∗ --------------------------------------------- Abusing Bias - Part 2 --------------------------------------------- https://posts.specterops.io/the-hitchhikers-guide-to-initial-access-57b66aa… ===================== = Vulnerabilities = ===================== ∗∗∗ NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution ∗∗∗ --------------------------------------------- BEopt suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (sdl2.dll and libegl.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file .BEopt located on a remote WebDAV or SMB share. --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5513.php ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (polkit), Debian (chromium, openjpeg2, php7.0, poppler, and symfony), Fedora (evolution, kernel, and kernel-headers), Gentoo (curl, firefox, keepalived, rdesktop, systemd, tar, wget, and zsh), openSUSE (gdm and hiawatha), Slackware (ntp), SUSE (audit, containerd, docker, docker-runc, golang-github-docker-libnetwork, runc, file, java-1_8_0-openjdk, mariadb, openssl-1_0_0, and sssd), and Ubuntu (poppler). --------------------------------------------- https://lwn.net/Articles/782780/ ∗∗∗ Vuln: NTP CVE-2019-8936 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107337 ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Metering ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities have been identified in FasterXML Jackson library shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-1000873) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Service Catalog ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ glibc vulnerability CVE-2016-10739 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35040315 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.03.2019
by Daily end-of-shift report 08 Mar '19

08 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-03-2019 18:00 − Freitag 08-03-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Serious Security: When randomness isn’t – and why it matters ∗∗∗ --------------------------------------------- The password ji32k7au4a83 looks pretty random and feels as though it should be unique - read this article to find out why its neither! --------------------------------------------- https://nakedsecurity.sophos.com/2019/03/08/serious-security-when-randomnes… ∗∗∗ Google warnt vor Zero-Day-Lücke in Windows 7 ∗∗∗ --------------------------------------------- Angreifer nutzten eine Kombination aus Lücken in Chrome und Windows 7, um Rechner mit Spionage-Software zu infizieren. Nur eine von beiden ist geschlossen. --------------------------------------------- http://heise.de/-4329796 ∗∗∗ Jetzt updaten: Kritische Lücke in Apache Solr ∗∗∗ --------------------------------------------- Einige Versionen der Open-Source-Suchplattform Solr weisen ein mögliches Einfallstor für entfernte Angreifer auf. Updates sind verfügbar. --------------------------------------------- http://heise.de/-4329895 ∗∗∗ From Fake Updates to Unwanted Redirects ∗∗∗ --------------------------------------------- At the end of February, we wrote about a massive wave of site infections that pushed fake browser updates. In the beginning of March, the attack evolved into redirecting site visitors to sketchy ad URLs. --------------------------------------------- http://labs.sucuri.net/?note=2019-03-08 ∗∗∗ Smart unhackable car alarms open the doors of 3 million vehicles to hackers ∗∗∗ --------------------------------------------- The moment you call a product "unhackable" you are asking for trouble. --------------------------------------------- https://www.zdnet.com/article/smart-car-alarms-opened-the-doors-of-3-millio… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2019-02: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- March 08, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. --------------------------------------------- https://community.otrs.com/security-advisory-2019-02-security-update-for-ot… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (php-typo3-phar-stream-wrapper2), Mageia (gnutls, nagios, openssl, and python-gnupg), openSUSE (apache2, ceph, chromium, openssh, and webkit2gtk3), and Ubuntu (nvidia-graphics-drivers-390). --------------------------------------------- https://lwn.net/Articles/782653/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2019 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-12547 and CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-ident… ∗∗∗ IBM Security Bulletin: FileNet CMIS (FNCMIS) leveraging Spring Framework is vulnerable to a denial of service caused by improper handling of range request by the ResourceHttpRequestHandler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-filenet-cmis-fncmis-l… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Vulnerability Advisor Kafka and Notification Dispatcher ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private MongoDB ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Logging ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ could allow a local user to inject code that could be executed with root privileges. (CVE-2018-1998) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-could-allow-a-… ∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack when using multiplexed channels (CVE-2018-1974) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-… ∗∗∗ IBM Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2018-1922, CVE-2018-1923, CVE-2018-1978, CVE-2018-1980, CVE-2019-4015, CVE-2019-4016). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-buffer-overf… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.03.2019
by Daily end-of-shift report 07 Mar '19

07 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-03-2019 18:00 − Donnerstag 07-03-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Emotet: Eine Übersicht über die Schadsoftware ∗∗∗ --------------------------------------------- Emotet ist bereits 2014 entdeckt worden, unterscheidet sich allerdings in vielen Facetten von anderer Schadsoftware. An dieser Stelle fassen wir die Facetten und Eigenschaften zusammen, die diese Schadsoftware so besonders macht und geben eine kurze Übersicht, wie man sich schützen kann. --------------------------------------------- https://www.dfn-cert.de/aktuell/emotet-beschreibung.html ∗∗∗ Financial Cyberthreats in 2018 ∗∗∗ --------------------------------------------- The presented report continues the series of Kaspersky Lab reports that provide an overview of how the financial threat landscape has evolved over the years. It covers the common phishing threats that users encounter, along with Windows-based and Android-based financial malware. --------------------------------------------- https://securelist.com/financial-cyberthreats-in-2018/89788/ ∗∗∗ Keine Schnäppchen bei cws-elektro.com ∗∗∗ --------------------------------------------- Bei cws-elektro.com finden Konsument/innen jegliche Elektroartikel zu teils günstigeren Preisen als bei anderen Händler/innen. Der Online-Shop ist jedoch nicht seriös. Berichten zufolge bleibt eine Lieferung aus. Sie verlieren Ihr Geld. --------------------------------------------- https://www.watchlist-internet.at/news/keine-schnaeppchen-bei-cws-elektroco… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-19-257: (0Day) Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-257/ ∗∗∗ Weak Configuration File Encryption in AVAYA One-X communicator ∗∗∗ --------------------------------------------- SEC Consult found a vulnerability within the encryption process used for configuration files of the Avaya One-X communicator. Being able to encrypt arbitrary plaintext by abusing the client, it was possible to decrypt sensitive passwords stored in configuration files. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/weak-configuration-file-encr… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (amavisd-new, apache2, and containerd, docker, docker-runc,), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), and Ubuntu (linux, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, linux-azure, and php5, php7.0). --------------------------------------------- https://lwn.net/Articles/782572/ ∗∗∗ xpdf: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- Mit Xpdf können PDF-Dokumente betrachtet werden. Dieser PDF-Betrachter ist zudem auch für Microsoft Windows verfügbar. Ein lokaler Angreifer kann mehrere Schwachstellen in xpdf ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0193 ∗∗∗ Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a Denial of Service vulnerability in Kubernetes API server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: API Connect is affected by an information disclosure vulnerability in the consumer API (CVE-2018-2009) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-affect… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Apache Tomcat Publicly disclosed vulnerability (CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Publicly disclosed Samba vulnerabilities (CVE-2018-10858, CVE-2018-1139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for PHP (CVE-2018-19518) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability from GNU glibc (CVE-2018-11237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affects Optim Data Growth, Test Data Management and Application Retirement ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.03.2019
by Daily end-of-shift report 06 Mar '19

06 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-03-2019 18:00 − Mittwoch 06-03-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ FIRST releases DDoS mitigation training course ∗∗∗ --------------------------------------------- The Forum of Incident Response and Security Teams (FIRST), which brings together incident responders from around the world, invested in the creation of a new training course “DDoS Mitigation Fundamentals”. Authored by Krassimir T. Tzvetanov, a recognized expert in the field, the training teaches incident responders to handle attacks and securing their organisations. --------------------------------------------- https://www.first.org/newsroom/releases/20190305 ∗∗∗ Sicherheitsupdate: Chrome-Schwachstelle wird aktiv genutzt ∗∗∗ --------------------------------------------- Google hat in Chrome eine Sicherheitslücke behoben, die offenbar bereits aktiv ausgenutzt wird. Details gibt es bislang wenige, aber alle Nutzer von Chrome und dessen Derivaten sollten schnellstmöglich ihren Browser aktualisieren. (Chrome, Google) --------------------------------------------- https://www.golem.de/news/sicherheitsupdate-chrome-schwachstelle-wird-aktiv… ∗∗∗ Spotlight on Troldesh ransomware, aka ‘Shade’ ∗∗∗ --------------------------------------------- Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows its been successful against businesses in the first few months of 2019.Categories: MalwareThreat analysisTags: decryptordecryptorsransom.troldeshransomwareransomware remediationshadethreat spotlightTroldesh(Read more...)The post Spotlight on Troldesh ransomware, aka ‘Shade’ appeared first on Malwarebytes Labs. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2019/03/spotlight-troldesh-ra… ∗∗∗ Phishing-Versuch durch gefälschte Bawag-Sicherheits-App ∗∗∗ --------------------------------------------- Zahlreiche Konsument/innen melden eine gefälschte Bawag P.S.K. Mail an uns. Kriminelle versuchen darin, potenzielle Opfer zur Installation einer vermeintlichen Sicherheits-App zu bewegen. Die Applikation darf nicht installiert werden, denn ansonsten gelangen die Kriminellen an die Online-Banking-Daten Ihrer Opfer und es kann zu großen finanziellen Schäden kommen. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-versuch-durch-gefaelschte-b… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: SAP NetWeaver J2EE Engine CVE-2018-17861 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. SAP NetWeaver J2EE Engine 7.01 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/107269 ∗∗∗ Vuln: NetApp SnapCenter CVE-2017-15515 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, gain sensitive information, cause denial-of-service conditions and launch other attacks. NetApp SnapCenter prior to 4.0 is vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/107272 ∗∗∗ Vuln: Apache Mesos CVE-2018-11793 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. Apache Mesos version 1.4.0 through 1.7.0 are vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/107281 ∗∗∗ Default Privileged Account Vulnerability in the NetApp Service Processor (CVE-2019-5490) ∗∗∗ --------------------------------------------- Certain versions of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. --------------------------------------------- https://security.netapp.com/advisory/ntap-20190305-0001/ ∗∗∗ OpenSSL Security Advisory: ChaCha20-Poly1305 with long nonces (CVE-2019-1543) ∗∗∗ --------------------------------------------- Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. --------------------------------------------- https://www.openssl.org/news/secadv/20190306.txt ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.7.0-openjdk and java-11-openjdk), Debian (mumble and sox), Fedora (drupal7, drupal7-link, firefox, gpsd, ignition, ming, php-erusev-parsedown, and php-Smarty), openSUSE (hiawatha, python, and supportutils), Oracle (java-1.7.0-openjdk), Red Hat (java-1.7.0-openjdk), Scientific Linux (java-1.7.0-openjdk), and Ubuntu (linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 and linux-hwe, linux-aws-hwe, linux-azure, --------------------------------------------- https://lwn.net/Articles/782462/ ∗∗∗ Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software ∗∗∗ --------------------------------------------- Patches released by Rockwell Automation for its RSLinx Classic software address a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly for remote code execution. --------------------------------------------- https://www.securityweek.com/rockwell-automation-patches-critical-dosrce-fl… ∗∗∗ PEPPERL+FUCHS Path traversal in WirelessHART Gateway ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-002 ∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Image Signature Verification Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Netstack Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software NX-API Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Action Recommended to Secure the Cisco Nexus PowerOn Auto Provisioning Feature ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by arbitrary PHP code execution vulnerability in Drupal (CVE-2019-6340) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a critical vulnerability in Kubernetes via runc (CVE-2019-5736) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to publicly disclosed vulnerabilities from OpenSSL (CVE-2018-0739, CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.03.2019
by Daily end-of-shift report 05 Mar '19

05 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Montag 04-03-2019 18:00 − Dienstag 05-03-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes ∗∗∗ --------------------------------------------- The flaw allows attackers to hide exploits in weaponized Word documents in a way that won’t trigger most antivirus solutions, the researchers said. In a recent spam campaign observed by Mimecast, attached Word attachments contained a hidden exploit for an older vulnerability in Microsoft Equation Editor (CVE-2017-11882). --------------------------------------------- https://threatpost.com/zero-day-exploit-microsoft/142327/ ∗∗∗ SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability ∗∗∗ --------------------------------------------- Leakage ... is visible in all Intel generations starting from 1st-gen Intel Core CPUs Further demonstrating the computational risks of looking into the future, boffins have found another way to abuse speculative execution in Intel CPUs to leak secrets and other data from running applications.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/03/05/spoiler_int… ∗∗∗ Keine Alibis und Urkundenfälschungen auf dokumenten-guru.de bestellen! ∗∗∗ --------------------------------------------- Auf dokumenten-guru.de finden Konsument/innen ein höchst zwielichtiges Angebot. Gegen Zahlung per Vorkasse werden gefälschte Alibis, Scheinrechnungen, Dokumente sowie die Fälschung von Zeugnissen und Zertifikaten angeboten. Die Dienste sollten auf keinen Fall in Anspruch genommen werden, denn während Lieferungen Erfahrungsberichten zufolge ohnedies ausbleiben, machen sich Konsument/innen durch die Nutzung gefälschter Urkunden und Zeugnisse strafbar! --------------------------------------------- https://www.watchlist-internet.at/news/keine-alibis-und-urkundenfaelschunge… ∗∗∗ Keine Dienste von installateur-24.info nutzen ∗∗∗ --------------------------------------------- Bei der Google-Suche nach Installateursunternehmen stoßen Konsument/innen auf installateur-24.info. Die Betreiber/innen der Seite werben mit einem rund um die Uhr Notservice, fairen Preisen und viel Erfahrung. Wer die Dienste in Anspruch nimmt, wird böse überrascht, denn die Preise fallen extrem hoch aus und die erbrachten Leistungen lassen zu wünschen übrig. --------------------------------------------- https://www.watchlist-internet.at/news/keine-dienste-von-installateur-24inf… ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - March 2019 ∗∗∗ --------------------------------------------- [...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-03-01.html ∗∗∗ VMSA-2018-0023 ∗∗∗ --------------------------------------------- The AirWatch Agent for iOS devices contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted. The VMware Content Locker for iOS devices contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0023.html ∗∗∗ Xen XSA-294 ∗∗∗ --------------------------------------------- Malicious 64bit PV guests may be able to cause a host crash (Denial of Service). Additionally, vulnerable configurations are unstable even in the absence of an attack. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-294.html ∗∗∗ Xen XSA-293 ∗∗∗ --------------------------------------------- A malicious unprivileged guest userspace process can escalate its privilege to that of other userspace processes in the same guest, and potentially thereby to that of the guest operating system. Additionally, some guest software which attempts to use this CPU feature may trigger the bug accidentally, leading to crashes or corruption of other processes in the same guest. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-293.html ∗∗∗ Xen XSA-292 ∗∗∗ --------------------------------------------- Malicious PV guests may be able to cause a host crash (Denial of Service) or to gain access to data pertaining to other guests. Privilege escalation opportunities cannot be ruled out. Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-292.html ∗∗∗ Xen XSA-291 ∗∗∗ --------------------------------------------- Malicious or buggy x86 PV guest kernels can mount a Denial of Service (DoS) attack affecting the whole system. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-291.html ∗∗∗ Xen XSA-290 ∗∗∗ --------------------------------------------- Malicious or buggy x86 PV guest kernels can mount a Denial of Service (DoS) attack affecting the whole system. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-290.html ∗∗∗ Xen XSA-288 ∗∗∗ --------------------------------------------- An untrusted PV domain with access to a physical device can DMA into its own pagetables, leading to privilege escalation. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-288.html ∗∗∗ Xen XSA-287 ∗∗∗ --------------------------------------------- A single PV guest can leak arbitrary amounts of memory, leading to a denial of service. A cooperating pair of PV and HVM/PVH guests can get a writable pagetable entry, leading to information disclosure or privilege escalation. Privilege escalation attacks using only a single PV guest or a pair of PV guests have not been ruled out. Note that both of these attacks require very precise timing, which may be difficult to exploit in practice. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-287.html ∗∗∗ Xen XSA-285 ∗∗∗ --------------------------------------------- Malicious PV guests can escalate their privilege to that of the hypervisor. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-285.html ∗∗∗ Xen XSA-284 ∗∗∗ --------------------------------------------- The primary impact is a memory leak. Malicious or buggy guests with passed through PCI devices may also be able to escalate their privileges, crash the host, or access data belonging to other guests. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-284.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nss), openSUSE (procps), Red Hat (redhat-virtualization-host, rhvm-appliance, and vdsm), SUSE (freerdp, kernel, and obs-service-tar_scm), and Ubuntu (openssh). --------------------------------------------- https://lwn.net/Articles/781363/ ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190305-… ∗∗∗ IBM Security Bulletin: A vulnerability in Spice affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-sp… ∗∗∗ IBM Security Bulletin: A vulnerability in Polkit affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-po… ∗∗∗ IBM Security Bulletin: A vulnerability in Bind affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-bi… ∗∗∗ IBM Security Bulletin: Vulnerabiliies in systemd affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-sys… ∗∗∗ IBM Security Bulletin: A vulnerability in Perl affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-pe… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4030) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: A vulnerability in keepalived affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ke… ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ IBM Security Bulletin: Vulnerabiliies in libmspack affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-lib… ∗∗∗ IBM Security Bulletin: A vulnerability in NetworkManager affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ne… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.03.2019
by Daily end-of-shift report 04 Mar '19

04 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-03-2019 18:00 − Montag 04-03-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ The Overlooked Security Threat of Sign-In Kiosks ∗∗∗ --------------------------------------------- New research from IBM shows that several visitor management systems had a rash of vulnerabilities. --------------------------------------------- https://www.wired.com/story/visitor-management-system-vulnerabilities ∗∗∗ Cisco-Router: Forscher melden Hinweise auf aktive Angriffe ∗∗∗ --------------------------------------------- Eine vergangene Woche gepatchte Sicherheitslücke in mehreren Cisco-Geräten scheint nun aktiv von Angreifern ausgenutzt zu werden. Nutzer sollten zügig handeln. --------------------------------------------- http://heise.de/-4325072 ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Adobe veröffentlicht Sicherheitsupdate für Coldfusion ∗∗∗ --------------------------------------------- Adobe hat für die Coldfusion-Versionen 11, 2016 und 2018 ein wichtiges Sicherheitsupdate veröffentlicht. Anwender sollten es möglichst schnell installieren. Der Grund sind laufende Angriffe. (Adobe, Sicherheitslücke) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-adobe-veroeffentlicht-sicherhei… ∗∗∗ Frist verstrichen: Google enthüllt ungepatchte Schwachstelle im macOS-Kernel ∗∗∗ --------------------------------------------- Apple hat einen Bug in XNU nach 90 Tagen nicht beseitigt, nun wurden Details veröffentlicht. Googles Project Zero stuft die Schwere der Lücke als "hoch" ein. --------------------------------------------- http://heise.de/-4325636 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, file, gdm, lib32-openssl-1.0, openssl-1.0, and pcre), Debian (advancecomp, ceph, jackson-databind, openssh, and openssl), Fedora (community-mysql, distcc, freerdp, gdm, gnome-boxes, libexif, openocd, pidgin-sipe, remmina, SDL, and xpdf), openSUSE (kernel-firmware and php5), Oracle (java-1.8.0-openjdk and java-11-openjdk), Slackware (infozip and python), and SUSE (caasp-container-manifests, changelog-generator-data-sles12sp3-velum, --------------------------------------------- https://lwn.net/Articles/781243/ ∗∗∗ Vuln: EMC RSA Authentication Manager CVE-2019-3711 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107210 ∗∗∗ IBM Security Bulletin: Potential WebSphere Application Server weakness in security affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1996) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-websphere-a… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by a jackson-core open source library vulnerability (CVE-2018-0125) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-change… ∗∗∗ IBM Security Bulletin: InfoSphere Data Replication is affected by a Guava open source library vulnerability (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-infosphere-data-repli… ∗∗∗ IBM Security Bulletin: OpenSSL DSA signature algorithm security vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-dsa-signature… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-privilege-escalation-… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-change… ∗∗∗ IBM Security Bulletin: IBM Cloud Private middleware is vulnerable to attack from redirect calls ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-mid… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – CVE-2018-1938 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – CVE-2018-1937 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in runc ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ HPESBHF03913 rev.1 - HPE OneSphere, Container Breakout ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.03.2019
by Daily end-of-shift report 01 Mar '19

01 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-02-2019 18:00 − Freitag 01-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Netzwerkanalyse: Wireshark 3.0 nutzt Paketsniffer von Nmap ∗∗∗ --------------------------------------------- Die aktuelle Version 3.0 des Werkzeugs zur Netzwerkanalyse, Wireshark, nutzt unter Windows den proprietären Paketsniffer von Nmap. Das Projekt entfernt außerdem alte Abhängigkeiten und unterstützt einige 5G-Protokolle. --------------------------------------------- https://www.golem.de/news/netzwerkanalyse-wireshark-3-0-nutzt-paketsniffer-… ∗∗∗ eBay-Phishing auf eBay-Seite ∗∗∗ --------------------------------------------- Betrügern ist es gelungen, eine gefälschte Login-Seite auf einem SSL-gesicherten eBay-Server abzulegen. Der Phishing-Versuch ist für Nutzer schwer erkennbar. --------------------------------------------- http://heise.de/-4324266 ∗∗∗ A Case Study in Wagging the Dog: Computer Takeover ∗∗∗ --------------------------------------------- Last month, Elad Shamir released a phenomenal, in depth post on abusing resource-based constrained delegation (RBCD) in Active Directory. One of the big points he discusses is that if the TrustedToAuthForDelegation UserAccountControl flag is not set, the S4U2self process will still work but the resulting TGS is not FORWARDABLE. This resulting service ticket will fail for traditional constrained delegation, but will still work in the S4U2proxy process for resource-based constrained delegation. --------------------------------------------- https://posts.specterops.io/a-case-study-in-wagging-the-dog-computer-takeov… ∗∗∗ Finding Perpetrators behind DDoS Attacks ∗∗∗ --------------------------------------------- Reflective Amplification Denial-of-Service attacks continue to be a serious threat.We measured roughly 10,000 attacks per day in a post last year, and the numbers have not gone down since:In the first two months of 2019 our honeypot network already saw [...] --------------------------------------------- https://sissden.eu/blog/finding-perpetrators-behind-ddos-attacks ===================== = Vulnerabilities = ===================== ∗∗∗ PSI GridConnect Telecontrol ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in PSI GridConnects Telecontrol compact DIN rail device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-059-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9, file, ikiwiki, ldb, openssl1.0, php7.0, uw-imap, and wordpress), Fedora (ansible, file, flatpak, kernel, kernel-headers, and python-django), openSUSE (kernel and systemd), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (openssl-1_1 and webkit2gtk3), and Ubuntu (libgd2). --------------------------------------------- https://lwn.net/Articles/781083/ ∗∗∗ IBM Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4063) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential SQL Injection vulnerability (CVE-2019-4032) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Multiple Cross-Site Scripting Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4027, CVE-2019-4028, CVE-2019-4029) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-cross-site-s… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – Node.js ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is affected by an Improper Access Control vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-govern… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is vulnerable to an Open Redirection vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-govern… ∗∗∗ IBM Security Bulletin: IBM Security Identity Adapters affected by OpenSSL RSA Key vulnerability (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM Java SDK ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM WebSphere Liberty Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily