Daily November 2019

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - 29.11.2019
by Daily end-of-shift report 29 Nov '19

29 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-11-2019 18:00 − Freitag 29-11-2019 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Sicherheitslücken: So einfach lassen sich SMS mitlesen ∗∗∗ --------------------------------------------- Mit dem SMS-Nachfolger RCS werden SMS und Telefonanrufe über das Internet abgewickelt - mit einem vorgegebenen Passwort. Mit diesem können auch klassische SMS unbemerkt mitgelesen werden. Eine entsprechende Konfigurationsdatei lässt sich von jeder App empfangen. (Joyn, Datenschutz) --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-so-einfach-lassen-sich-sms-mit… ∗∗∗ Smartwatch exposes locations and other data on thousands of children ∗∗∗ --------------------------------------------- A device that is supposed to help parents keep track of their children and give them a peace of mind can be turned into a surveillance device for bad actors The post Smartwatch exposes locations and other data on thousands of children appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2019/11/29/smartwatch-exposes-location-data-… ===================== = Vulnerabilities = ===================== ∗∗∗ Y2K-Bug-Variante trifft Splunk-Produkte – Lösungen verfügbar ∗∗∗ --------------------------------------------- Splunk-Admins sollten sich vor dem Jahreswechsel dringend mit einem "Jahr-2020-Problem" in der Software auseinandersetzen. Updates stehen bereit. --------------------------------------------- https://heise.de/-4599420 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libvpx and vino), Fedora (grub2 and nss), and SUSE (cloud-init, libarchive, libtomcrypt, ncurses, and ucode-intel). --------------------------------------------- https://lwn.net/Articles/805811/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.11.2019
by Daily end-of-shift report 28 Nov '19

28 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-11-2019 18:00 − Donnerstag 28-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Video: Abo-Falle Streaming-Plattformen ∗∗∗ --------------------------------------------- Streaming-Plattformen werben mit einer kostenlosen Registrierung. Nach fünf Tagen verlangen sie von BenutzerInnen für einen Premium-Status 358,80 Euro, 359,88 Euro bzw. 395,88 Euro. Für die Bezahlung der Rechnung gibt es keinen Grund. --------------------------------------------- https://www.watchlist-internet.at/news/video-abo-falle-streaming-plattforme… ∗∗∗ Adobe discloses security breach impacting Magento Marketplace users ∗∗∗ --------------------------------------------- Security breach was detected last week and traced back to a vulnerability in the Magento Marketplace website. --------------------------------------------- https://www.zdnet.com/article/adobe-discloses-security-breach-impacting-mag… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin - November 2019 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ DSA-4577 haproxy - security update ∗∗∗ --------------------------------------------- Tim Düsterhus discovered that haproxy, a TCP/HTTP reverse proxy, didnot properly sanitize HTTP headers when converting from HTTP/2 toHTTP/1. This would allow a remote user to perform CRLF injections. --------------------------------------------- https://www.debian.org/security/2019/dsa-4577 ∗∗∗ QNAP NAS: Hersteller fixt unter anderem kritische Schwachstelle in Photo Station ∗∗∗ --------------------------------------------- QTS-Updates beseitigen zahlreiche Angriffsmöglichkeiten aus der Ferne. --------------------------------------------- https://heise.de/-4598238 ∗∗∗ Security updates for (US) Thanksgiving ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (haproxy and libvorbis), Fedora (mod_auth_mellon and xen), Oracle (389-ds-base, kernel, and tcpdump), SUSE (bsdtar, java-11-openjdk, java-1_7_0-openjdk, and libxml2), and Ubuntu (nss and python-psutil). --------------------------------------------- https://lwn.net/Articles/805777/ ∗∗∗ WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN26838191/ ∗∗∗ Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-packe… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.11.2019
by Daily end-of-shift report 27 Nov '19

27 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 26-11-2019 18:00 − Mittwoch 27-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Almost 60% Of Malicious Ads Come from Three Ad Providers ∗∗∗ --------------------------------------------- In Confiants "Demand Quality Report for Q3 2019", the ad fraud and security company analyzed 120 billion ad impressions between January 1st and September 20th that flowed through their systems in order to provide a breakdown of different malicious ad campaigns. --------------------------------------------- https://www.bleepingcomputer.com/news/security/almost-60-percent-of-malicio… ∗∗∗ Top 25 Most Dangerous Vulnerabilities Refreshed After 8 Years ∗∗∗ --------------------------------------------- For the first time in eight years, the list with the most dangerous 25 software vulnerabilities received an update that promises to be relevant for current times. --------------------------------------------- https://www.bleepingcomputer.com/news/security/top-25-most-dangerous-vulner… ∗∗∗ MITRE ATT&CK vulnerability spotlight: Credentials in registry ∗∗∗ --------------------------------------------- One of the attack stages as described in the MITRE ATT&CK tool is credential access, where a hacker tries to steal user credential information to gain access to new accounts or elevate privileges on a compromised system. One of the means by which an attacker can perform this stage of an attack is by extracting credentials from where they are stored in the Windows registry. --------------------------------------------- https://resources.infosecinstitute.com/mitre-attck-vulnerability-spotlight-… ∗∗∗ Insights from one year of tracking a polymorphic threat ∗∗∗ --------------------------------------------- We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general. --------------------------------------------- https://www.microsoft.com/security/blog/2019/11/26/insights-from-one-year-o… ∗∗∗ Exposed Firebase Database ∗∗∗ --------------------------------------------- An issue can arise in firebase when developers fail to enable authentication. This vulnerability is very similar to every other database misconfiguration, theres no authentication. Leaving a database exposed to the world unauthenticated is an open invite for malicious hackers. --------------------------------------------- http://ghostlulz.com/google-exposed-firebase-database/ ∗∗∗ Vorsicht vor Ping-Anrufen! ∗∗∗ --------------------------------------------- KonsumentInnen erhalten immer wieder sogenannte Ping-Calls. Sie werden dabei von unbekannten Nummern angerufen. Die Anrufe werden meist nach dem ersten oder zweiten Läuten wieder beendet. Wer aus Höflichkeit oder Neugierde zurückruft, tappt in die Kostenfalle. Bei unbekannten, verdächtigen Nummern gilt: Nicht abheben und nicht zurückrufen! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-ping-anrufen/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bsdiff, libvpx, tiff, and xmlrpc-epi), Fedora (freeimage, imapfilter, kernel, mingw-freeimage, and thunderbird), openSUSE (cups and djvulibre), Oracle (SDL), SUSE (ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud, freerdp, mailman, slurm) and Ubuntu (ruby2.3, ruby2.5). --------------------------------------------- https://lwn.net/Articles/805720/ ∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei Smart Speaker Myna ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Huawei Atlas Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-… ∗∗∗ Security Advisory - Information Disclosure Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-… ∗∗∗ Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qr… ∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2019-1547, CVE-2019-1563) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openss… ∗∗∗ Security Bulletin: Vulnerability CVE-2019-10218 in Samba affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-10… ∗∗∗ Security Bulletin: Python as used by IBM QRadar Network Packet Capture is vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers (CVE-2019-9947, CVE-2019-9948) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-python-as-used-by-ibm-qra… ∗∗∗ Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to a timing side channel attack (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qr… ∗∗∗ TMM vulnerability CVE-2019-6669 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11447758 ∗∗∗ BIG-IP AAM vulnerability CVE-2019-6666 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K92411323 ∗∗∗ BIG-IP FIX profile security advisory vulnerability CVE-2019-6667 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K82781208 ∗∗∗ BIG-IP TMM vulnerability CVE-2019-6671 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K39225055 ∗∗∗ BIG-IP AFM vulnerability CVE-2019-6672 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K14703097 ∗∗∗ BIG-IP ASM Bot Detection DNS cache does not expire security exposure ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K79240502 ∗∗∗ The BIG-IP system may fail to properly parse HTTP headers that are prepended by whitespace (non RFC2616 compliant) ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K39794285 ∗∗∗ BIG-IP ASM and BIG-IQ/Enterprise Manager/F5 iWorkflow device authentication and trust vulnerability CVE-2019-6665 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26462555 ∗∗∗ BIG-IP HTTP/2 vulnerability CVE-2019-6673 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K81557381 ∗∗∗ F5 SSL Orchestrator vulnerability CVE-2019-6674 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21135478 ∗∗∗ BIG-IP Edge Client for macOS vulnerability CVE-2019-6668 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K49827114 ∗∗∗ BIG-IP APM ignores the Restrict to Single Client IP option for Native RDP resources ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24241590 ∗∗∗ vCMP vulnerability CVE-2019-6670 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K05765031 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.11.2019
by Daily end-of-shift report 26 Nov '19

26 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Montag 25-11-2019 18:00 − Dienstag 26-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Unsichere Tracking-Smartwatch: Angreifer könnten Tausende Kinder stalken ∗∗∗ --------------------------------------------- Billige Tracker-Uhren aus China sind recht häufig Gegenstand von Sicherheitswarnungen. Das aktuelle Kindermodell SMA-WATCH-M2 setzt den (Abhör-)Alptraum fort. --------------------------------------------- https://heise.de/-4596410 ∗∗∗ Vorsicht beim Black-Friday-Shopping ∗∗∗ --------------------------------------------- Zahlreiche Online-HändlerInnen locken im Zuge des Black Fridays mit sagenhaften Angeboten. Am Freitag können Sie Kleidung, Elektronik, Haushaltswaren und viel mehr deutlich günstiger erwerben. Seien Sie jedoch bei den unglaublichsten Schnäppchen doppelt vorsichtig, denn nicht jedes Angebot ist seriös. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-beim-black-friday-shopping/ ∗∗∗ A hacking group is hijacking Docker systems with exposed API endpoints ∗∗∗ --------------------------------------------- Its almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet. --------------------------------------------- https://www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-w… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-19-996: Dell EMC Storage Monitoring and Reporting Java RMI Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dell EMC Storage Monitoring and Reporting. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-996/ ∗∗∗ Xen Security Advisory XSA-306 - Device quarantine for alternate pci assignment methods ∗∗∗ --------------------------------------------- An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-306.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libxdmcp, nss, php-imagick, and ruby2.1), openSUSE (java-11-openjdk), Red Hat (389-ds-base, kernel, kernel-rt, python-jinja2, qemu-kvm-ma, and tcpdump), SUSE (bluez, clamav, cpio, cups, gcc9, libpng16, libssh2_org, mailman, sqlite3, squid, strongswan, tiff, and webkit2gtk3), and Ubuntu (redmine). --------------------------------------------- https://lwn.net/Articles/805650/ ∗∗∗ Paessler PRTG: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- PRTG Network Monitor ist eine Netzwerk Monitoring Werkzeug der Paessler AG. Ein Angreifer kann mehrere Schwachstellen in Paessler PRTG ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen oder beliebigen Programmcode mit Rechten des Dienstes auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-1019 ∗∗∗ Kaspersky Produkte: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Kaspersky Anti-Virus, Kaspersky Internet Security und Kaspersky Total Security ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service zu verursachen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-1018 ∗∗∗ Security Bulletin: Multiple IBM MQ Security Vulnerabilities Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-mq-security-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server on AIX (CVE-2019-4473, CVE-2019-11771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to Apache Commons Beanutils (CVE-2019-10086) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: SQL Injection Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4387) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerabili… ∗∗∗ Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2019-4057, CVE-2019-4101, CVE-2019-4154, CVE-2019-4386, CVE-2019-4322) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-vulnerabilit… ∗∗∗ BIG-IP Engineering Hotfix authentication bypass vulnerability CVE-2019-6675 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55655944 ∗∗∗ NodeJS vulnerability CVE-2018-7160 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K63025104 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.11.2019
by Daily end-of-shift report 25 Nov '19

25 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-11-2019 18:00 − Montag 25-11-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ A Short History of Juice Jacking ∗∗∗ --------------------------------------------- The days are now shorter, and the holiday season is upon us. Many of us have travel booked to bring our family together and will soon be uncomfortably sitting in the halls of airline terminals, desperate to escape the monotony of an international waiting room we will sit transfixed to our mobile devices. Breaking our mobile-mindfulness-zen like state, an alert graces the screen: 15% battery life remaining. --------------------------------------------- https://www.secjuice.com/history-of-juice-jacking/ ∗∗∗ Local Malware Analysis with Malice, (Sat, Nov 23rd) ∗∗∗ --------------------------------------------- This project (Malice) provides the ability to have your own locally managed multi-engine malware scanning system. The framework allows the owner to analyze files for known malware. It can be used both as a command tool to analyze samples and review the results via a Kibana web interface. The Command-Line Interface (CLI) is used to scan a file or directory or can be setup to watch and scan new files when copied into a write only directory. --------------------------------------------- https://isc.sans.edu/diary/rss/25544 ∗∗∗ Introducing Merlin - A cross-platform post-exploitation HTTP/2 Command & Control Tool ∗∗∗ --------------------------------------------- Merlin is a cross-platform post-exploitation framework that leverages HTTP/2 communications to evade inspection. HTTP/2 is a relatively new protocol that requests Perfect Forward Secrecy (PFS) encryption cipher suites are used. ... Additionally, many security technologies are not equipped with HTTP/2 protocol dissectors and are therefore not able to evaluate traffic even if keying material is provided. --------------------------------------------- https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a ∗∗∗ Trickbot Updates Password Grabber Module ∗∗∗ --------------------------------------------- Trickbot is a modular malware, and one of its modules is a password grabber. In November 2019, we started seeing indicators of Trickbot's password grabber targeting data from OpenSSH and OpenVPN applications. --------------------------------------------- https://unit42.paloaltonetworks.com/trickbot-updates-password-grabber-modul… ∗∗∗ PC-Fernwartung: Sicherheitsforscher warnen vor angreifbarer VNC-Software ∗∗∗ --------------------------------------------- Angreifer könnten Clients und Server mit verschiedener VNC-Software attackieren und unter bestimmten Voraussetzungen Malware platzieren. --------------------------------------------- https://heise.de/-4595718 ∗∗∗ Kauf von Konzertkarten auf eventtickets24.com birgt Gefahren ∗∗∗ --------------------------------------------- Die Smartfox Media b.v. aus den Niederlanden bietet auf eventtickets24.com Konzert- und Veranstaltungskarten an. Zahlreiche KundInnen berichten von groben Problemen nach dem Ticketkauf. So kommt es u.U. zu Schwierigkeiten bei der Beschaffung und Lieferung oder ausbleibenden Rückerstattungen nach Nichtlieferung. Wir raten zu großer Vorsicht bei diesem Angebot. --------------------------------------------- https://www.watchlist-internet.at/news/kauf-von-konzertkarten-auf-eventtick… ===================== = Vulnerabilities = ===================== ∗∗∗ Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps ∗∗∗ --------------------------------------------- CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the underlying problem lies in the library called libpl_droidsonroids_gif.so, which is part of the android-gif-drawable package. While this flaw has also been patched, many [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/sBAf9Ks1I8Y/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, enigmail, isc-dhcp, libice, libofx, and pam-python), Fedora (chromium, ghostscript, mingw-cfitsio, mingw-gdal, mingw-libidn2, and rsyslog), Gentoo (adobe-flash, chromium, expat, and firefox), openSUSE (apache2-mod_perl, haproxy, java-11-openjdk, and ncurses), Oracle (ghostscript, kernel, php:7.2, php:7.3, and sudo), Red Hat (chromium-browser, python27-python, and SDL), and Ubuntu (dpdk and libvpx). --------------------------------------------- https://lwn.net/Articles/805527/ ∗∗∗ Weak encryption cipher and hardcoded cryptographic keys in Fortinet products ∗∗∗ --------------------------------------------- https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardc… ∗∗∗ Security Bulletin: Incorrect permissions on CIT files in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-2025) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-permissions-on-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Enterprise Resource Planning on AIX (CVE-2019-4473, CVE-2019-11771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Denial of Service vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnera… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot on AIX (CVE-2019-4473, CVE-2019-11771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: SMB signing not required in IBM Spectrum Protect Plus (CVE-2016-2115) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-smb-signing-not-required-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.11.2019
by Daily end-of-shift report 22 Nov '19

22 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-11-2019 18:00 − Freitag 22-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Securing Portable Electronic Devices During Travel ∗∗∗ --------------------------------------------- Holiday travelers often use portable electronic devices (PEDs) because they offer a range of conveniences, for example, enabling the traveler to order gifts on-the-go, access to online banking, or download boarding passes. However, these devices are vulnerable to cyberattack or theft, resulting in exposure of personal information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/11/22/securing-portable-… ∗∗∗ Abusing Web Filters Misconfiguration for Reconnaissance ∗∗∗ --------------------------------------------- Yesterday, an interesting incident was detected while working at a customer SOC. They use a “next-generation” firewall that implements a web filter based on categories. This is common in many organizations today: Users web traffic is allowed/denied based on an URL categorization database (like “adult content”, “hacking”, “gambling”, …). How was it detected? --------------------------------------------- https://isc.sans.edu/diary/rss/25538 ∗∗∗ ENISA: How to implement security by design for IoT ∗∗∗ --------------------------------------------- ENISA, the European Union Agency for Cybersecurity releases ‘Good Practices for Security of IoT’, a significant report to promote security by design for IoT. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/how-to-implement-security-by-de… ∗∗∗ A guidebook to open-source OT reconnaissance ∗∗∗ --------------------------------------------- An attacker targeting OT needs to perform reconnaissance on the targeted system and learn how it is connected to the IT network. This often involves old-fashioned or digital espionage, but a lot of such information is actually available out there in the open. ... how open source intelligence (OSINT) can be used to learn crucial details of the inner workings of many a system. An important lesson from Daniels paper and talk is that security by obscurity is dead and ... --------------------------------------------- https://www.virusbulletin.com/blog/2019/11/vb2019-paper-fantastic-informati… ∗∗∗ Introducing Flan Scan: Cloudflare’s Lightweight Network Vulnerability Scanner ∗∗∗ --------------------------------------------- Today, we’re excited to open source Flan Scan, Cloudflare’s in-house lightweight network vulnerability scanner. Flan Scan is a thin wrapper around Nmap that converts this popular open source tool into a vulnerability scanner with the added benefit of easy deployment. --------------------------------------------- https://blog.cloudflare.com/introducing-flan-scan/ ∗∗∗ Ransomware: A free tool can decrypt this malware variant that puts a ransom note on you desktop wallpaper ∗∗∗ --------------------------------------------- Emsisoft, which has build the decryption tool, said that the Hakbit ransomware has hit home users and businesses in the US and Europe, demanding $300 in bitcoin from victims, while warning them how many files they stand to lose. --------------------------------------------- https://www.zdnet.com/article/ransomware-a-free-tool-can-decrypt-this-malwa… ===================== = Vulnerabilities = ===================== ∗∗∗ ClamAV: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in ClamAV ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/11/warn… ∗∗∗ Nodequeue - Critical - Cross Site Scripting - SA-CONTRIB-2019-085 ∗∗∗ --------------------------------------------- Nodequeues JavaScript can be leveraged to insert HTML from attacker-controlled JSON data. This is exploitable if user-submitted "Filtered HTML" content is displayed on a page where nodequeue.js is loaded. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "manipulate queues". --------------------------------------------- https://www.drupal.org/sa-contrib-2019-085 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (dpdk, mingw-djvulibre, mingw-hunspell, mingw-ilmbase, mingw-OpenEXR, php-symfony, php-symfony3, and rsyslog), openSUSE (chromium and squid), SUSE (aspell, cups, djvulibre, and dpdk), and Ubuntu (djvulibre). --------------------------------------------- https://lwn.net/Articles/805367/ ∗∗∗ Asterisk: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Asterisk ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder einen Denial of Service Zustand herbeizuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-1011 ∗∗∗ New bypass disclosed in Microsoft PatchGuard (KPP) ∗∗∗ --------------------------------------------- After GhostHook and InfinityHook, we now have ByePg. No patch out yet. --------------------------------------------- https://www.zdnet.com/article/new-bypass-disclosed-in-microsoft-patchguard-… ∗∗∗ Security Bulletin: Information disclosure vulnerability in IBM Tivoli Netcool Impact (CVE-2019-4570) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: Log Analysis is vulnerable to a client side scripting attack due to missing HTTPOnly and Secure attribute in the cookie ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-log-analysis-is-vulnerabl… ∗∗∗ Security Bulletin: Stored cross site scripting vulnerability in IBM Tivoli Netcool Impact (CVE-2019-4569) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-stored-cross-site-scripti… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.11.2019
by Daily end-of-shift report 21 Nov '19

21 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-11-2019 18:00 − Donnerstag 21-11-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin ∗∗∗ --------------------------------------------- Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability present since Jetpack 5.1. --------------------------------------------- https://www.bleepingcomputer.com/news/security/millions-of-sites-exposed-by… ∗∗∗ New RIPlace Bypass Evades Windows 10, AV Ransomware Protection ∗∗∗ --------------------------------------------- A new ransomware bypass technique called RIPlace requires only a few lines of code to bypass ransomware protection features built into many security products and Windows 10. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-riplace-bypass-evades-wi… ∗∗∗ Gnip Banking Trojan Shows Ongoing, Aggressive Development ∗∗∗ --------------------------------------------- The mobile malware, which incorporates Anubis source code, could evolve into a fully fledged spyware in the future. --------------------------------------------- https://threatpost.com/gnip-banking-trojan-aggressive-development/150521/ ∗∗∗ Linux Webmin Servers Under Attack by Roboto P2P Botnet ∗∗∗ --------------------------------------------- A newly-discovered peer-to-peer (P2P) botnet has been found targeting a remote code execution vulnerability in Linux Webmin servers. --------------------------------------------- https://threatpost.com/linux-webmin-servers-attack-p2p-botnet/150513/ ∗∗∗ Security baseline (FINAL) for Windows 10 v1909 and Windows Server v1909 ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1909 (a.k.a., “19H2”), and for Windows Server version 1909. Note that Windows Server version 1909 is Server Core only and does not offer a Desktop Experience (a.k.a., “full”) server installation option. --------------------------------------------- https://techcommunity.microsoft.com/t5/Microsoft-Security-Baselines/Securit… ∗∗∗ Explained: juice jacking ∗∗∗ --------------------------------------------- Juice jacking is a type of cyberattack that uses a USB charging port to steal data or infect phones with malware. Learn how it works and ways to protect against it. --------------------------------------------- https://blog.malwarebytes.com/explained/2019/11/explained-juice-jacking/ ∗∗∗ Video: Identitätsdiebstahl bei Umfragejob ∗∗∗ --------------------------------------------- Auf diversen Job-Portalen stoßen Sie momentan auf Ausschreibungen zu Umfragejobs. Schon bei der Registrierung verlangt man Ihre Ausweiskopie. Melden Sie sich hier nicht an! Kriminelle stehlen Ihre Daten und tarnen die Eröffnung eines Bankkontos in Ihrem Namen als bezahlte Umfrage. --------------------------------------------- https://www.watchlist-internet.at/news/video-identitaetsdiebstahl-bei-umfra… ∗∗∗ DePriMon downloader uses novel ways to infect your PC with ColoredLambert malware ∗∗∗ --------------------------------------------- It is believed the downloader is using techniques not seen before in the wild. --------------------------------------------- https://www.zdnet.com/article/deprimon-downloader-uses-novel-ways-to-infect… ∗∗∗ New SectopRAT Trojan creates hidden second desktop to control browser sessions ∗∗∗ --------------------------------------------- The Trojan makes sure the second desktop is hidden from sight. --------------------------------------------- https://www.zdnet.com/article/new-sectoprat-malware-creates-hidden-second-d… ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft Releases Outlook for Android Security Update ∗∗∗ --------------------------------------------- Original release date: November 21, 2019Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/11/21/microsoft-releases… ∗∗∗ New security release versions of BIND are available: 9.11.13, 9.14.8 and 9.15.6 ∗∗∗ --------------------------------------------- New security releases of BIND are available which contain fixes for the CVEs disclosed today. --------------------------------------------- https://lists.isc.org/pipermail/bind-announce/2019-November/001143.html ∗∗∗ Apache Solr Bug Gets Bumped Up to High Severity ∗∗∗ --------------------------------------------- The vulnerability (CVE-2019-12409) was first reported in July and patched in August. ... Since the bug was initially discovered, researchers have reevaluated the threat and escalated its severity to high-risk. --------------------------------------------- https://threatpost.com/apache-solr-bug-gets-bumped-up-to-high-severity/1504… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (oniguruma and thunderbird-enigmail), openSUSE (chromium, ghostscript, and slurm), Oracle (kernel), Red Hat (kpatch-patch), Slackware (bind), SUSE (python-ecdsa), and Ubuntu (bind9 and mariadb). --------------------------------------------- https://lwn.net/Articles/805281/ ∗∗∗ Security Bulletin: Inadequate account lockout in Cloud Pak System (CVE-2019-4096) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-inadequate-account-lockou… ∗∗∗ Security Bulletin: Vulnerabilities in WAS Liberty affect IBM Spectrum LSF Suite, Spectrum LSF Suite for HPA and Spectrum LSF Application Center ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-was-li… ∗∗∗ Security Bulletin: Bypass Client-Side Validation vulnerability in Cloud Pak System (CVE-2019-4240) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-bypass-client-side-valida… ∗∗∗ Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM Operations Analytics – Log Analysis (CVE-2019-4243) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache… ∗∗∗ Security Bulletin: Clickjacking vulnerability in IBM Operations Analytics – Log Analysis (CVE-2019-4215) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-clickjacking-vulnerabilit… ∗∗∗ Security Bulletin: IBM Operations Analytics – Log Analysis is vulnerable to potential Host Header Injection (CVE-2019-4216) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoil Federated Identity Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: XStream as used by IBM QRadar SIEM is vulnerable to os command injection (CVE-2019-10173) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-xstream-as-used-by-ibm-qr… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center on AIX (CVE-2019-4473, CVE-2019-11771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ IBM Security Bulletin: A Vulnerability in Apache PDFBox Affects Transformation Extender ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (CVE-2019-4473, CVE-2019-11771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (July2019 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Cognos Controller 2019Q4 Security Updater: Multiple Security Vulnerabilities have been identified in IBM Cognos Controller ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-controller-201… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.11.2019
by Daily end-of-shift report 20 Nov '19

20 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-11-2019 18:00 − Mittwoch 20-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ NSA Releases Cyber Advisory: Managing Risk from Transport Layer Security Inspection ∗∗∗ --------------------------------------------- The National Security Agency (NSA) has released a Cyber Advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted), explains some risks and associated challenges, and discusses mitigations. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/11/19/nsa-releases-cyber… ∗∗∗ D-Link Adds More Buggy Router Models to 'Won’t Fix' List ∗∗∗ --------------------------------------------- D-Link has warned that more of its routers are vulnerable to critical flaws that allow remote hackers to take control of hardware and steal data. The routers won’t be fixed, said D-Link, explaining that the hardware has reached its end-of-life and will no longer receive security updates. ... D-Link identified the additional affected models as: DIR-866, DIR-655, DHP-1565, DIR-652, DAP-1533, DGL-5500, DIR-130, DIR-330, DIR-615, DIR-825, DIR-835, DIR-855L and DIR-862. --------------------------------------------- https://threatpost.com/d-link-wont-fix-router-bugs/150438/ ∗∗∗ Monero Project site compromised, served malware-infected binaries ∗∗∗ --------------------------------------------- The official website of the Monero Project has been compromised to serve a malware-infected version of the CLI (command-line interface) wallet. The malicious file was available for download for around 14 hours and at least one of the users who downloaded the malware has had their funds stolen. What happened? --------------------------------------------- https://www.helpnetsecurity.com/2019/11/20/monero-project-compromised/ ===================== = Vulnerabilities = ===================== ∗∗∗ Google and Samsung Fix Android Spying Flaw. Other Makers May Still Be Vulnerable ∗∗∗ --------------------------------------------- Until recently, weaknesses in Android camera apps from Google and Samsung made it possible for rogue apps to record video and audio and take images and then upload them to an attacker-controlled server -- without any permissions to do so. Camera apps from other manufacturers may still be susceptible. --------------------------------------------- https://tech.slashdot.org/story/19/11/19/1737219/google-and-samsung-fix-and… ∗∗∗ Administration Views - Moderately critical - Access bypass - SA-CONTRIB-2019-076 ∗∗∗ --------------------------------------------- This module replaces administrative overview/listing pages with actual views for superior usability.The module doesnt sufficiently check user access when using the "Menu system path" access handler on a Views displays other than "System". --------------------------------------------- https://www.drupal.org/sa-contrib-2019-076 ∗∗∗ Unbound: Vulnerability in IPSEC module ∗∗∗ --------------------------------------------- Due to unsanitized characters passed to the ipsecmod-hook shell command, it is possible for Unbound to allow shell code execution from a specially crafted IPSECKEY answer. (CVE-2019-18934) --------------------------------------------- https://nlnetlabs.nl/projects/unbound/security-advisories/ ∗∗∗ Flexera FlexNet Publisher ∗∗∗ --------------------------------------------- These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory corruption vulnerability could allow remote code execution. (CVE-2018-20033, CVSS v3 9.8) --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-323-01 ∗∗∗ High Severity Vulnerability Patched in WP Maintenance Plugin ∗∗∗ --------------------------------------------- This flaw allowed attackers to enable a vulnerable site’s maintenance mode and inject malicious code affecting site visitors. We disclosed this issue privately to the plugin’s developer who released a patch the next day. Plugin versions of WP Maintenance up to 5.0.5 are vulnerable to attacks against this flaw. All WP Maintenance users should update to version 5.0.6 immediately. --------------------------------------------- https://www.wordfence.com/blog/2019/11/high-severity-vulnerability-patched-… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (redmine), Fedora (libidn2), Mageia (clamav, ghostscript, kernel, kernel-linus, libexif, libjpeg, mariadb, microcode, and systemd), and openSUSE (libjpeg-turbo). --------------------------------------------- https://lwn.net/Articles/805224/ ∗∗∗ Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Teams for Windows DLL Hijacking Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution vManage Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unity Express Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Stealthwatch Enterprise Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance URL Filtering Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance MP3 Content Filter Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco DNA Spaces: Connector SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco DNA Spaces: Connector Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco DNA Spaces: Connector Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Use of Insufficiently Random Values Vulnerability in Huawei ViewPoint Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191120-… ∗∗∗ Security Advisory - Two Vulnerabilities in Some Huawei Home Routers ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191113-… ∗∗∗ Security Advisory - Improper Validation of Array Index Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191120-… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Privilege Escalation (CVE-2019-4530) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: A security vulnerability has been fixed in the IBM Security Identity Manager product (CVE-2019-4561) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Vulnerabilities in WAS Liberty affect IBM Spectrum LSF Suite, Spectrum LSF Suite for HPA and Spectrum LSF Application Center ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-was-li… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.11.2019
by Daily end-of-shift report 19 Nov '19

19 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Montag 18-11-2019 18:00 − Dienstag 19-11-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Linux, Windows Users Targeted With New ACBackdoor Malware ∗∗∗ --------------------------------------------- Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines. --------------------------------------------- https://www.bleepingcomputer.com/news/security/linux-windows-users-targeted… ∗∗∗ Buran Ransomware Infects PCs via Microsoft Excel Web Queries ∗∗∗ --------------------------------------------- A new spam campaign has been spotted distributing the Buran Ransomware through IQY file attachments. When opened, these Microsoft Excel Web Query attachments will execute a remote command that installs the ransomware onto a victims computer. --------------------------------------------- https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs… ∗∗∗ Coin Stealer Found in Monero Linux Binaries From Official Site ∗∗∗ --------------------------------------------- The Monero Project is currently investigating a potential compromise of the official website after a coin stealer was found in the Linux 64-bit command line (CLI) Monero binaries downloaded from the download page. --------------------------------------------- https://www.bleepingcomputer.com/news/security/coin-stealer-found-in-monero… ∗∗∗ Elasticsearch: Datenleak bei Conrad ∗∗∗ --------------------------------------------- Der Elektronikhändler Conrad meldet, dass ein Angreifer Zugang zu Kundendaten und Kontonummern gehabt habe. Grund dafür war eine ungesicherte Elasticsearch-Datenbank. --------------------------------------------- https://www.golem.de/news/elasticsearch-datenleak-bei-conrad-1911-145091-rs… ∗∗∗ Windows Debugging & Exploiting Part 2 - WinDBG 101 ∗∗∗ --------------------------------------------- Hello again! After our previous post about the environment setup, now it is time to cover the main tool of this project, the WinDBG. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-deb… ∗∗∗ When Bank Communication is Indistinguishable from Phishing Attacks ∗∗∗ --------------------------------------------- You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? And how banks are the shining beacons of light when it comes to demonstrating security [...] --------------------------------------------- https://www.troyhunt.com/when-bank-communication-is-indistinguishable-from-… ∗∗∗ Vulnerability in ABB Plant Historian Disclosed 5 Years After Discovery ∗∗∗ --------------------------------------------- It took Swiss-based industrial technology solutions provider ABB five years to inform customers of a critical vulnerability affecting one of its products, and the researcher who found it says this increased the chances of threat actors discovering and exploiting the security flaw. --------------------------------------------- https://www.securityweek.com/vulnerability-abb-plant-historian-disclosed-5-… ∗∗∗ Vorsicht bei angeblichen Gewinnspielen von Magenta, A1, Drei oder Liwest ∗∗∗ --------------------------------------------- Aktuell verbreiten Kriminelle über unterschiedliche Kanäle Fake-Gewinnspiele. Sie werden entweder per E-Mail, SMS oder mittels Pop-Up im Browser benachrichtigt, dass Sie angeblich ein Smartphone gewonnen haben. Um den Gewinn zu erhalten, muss nur eine kurze Umfrage beantwortet und ein kleiner Geldbetrag für den Versand bezahlt werden. Vorsicht: Es handelt sich um eine Abo-Falle. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-angeblichen-gewinnspiel… ===================== = Vulnerabilities = ===================== ∗∗∗ Schwere Sicherheitslücke in WhatsApp entdeckt ∗∗∗ --------------------------------------------- In WhatsApp wurde eine Schwachstelle gefunden, die es Angreifern ermöglicht, Dateien zu stehlen und Nachrichten auszulesen. --------------------------------------------- https://futurezone.at/apps/schwere-sicherheitsluecke-in-whatsapp-entdeckt/4… ∗∗∗ Lernplattform Moodle: Entwickler schließen kritische Schwachstellen ∗∗∗ --------------------------------------------- Moodle-Admins aufgepasst: Neue Versionen schließen mehrere, teils als "Serious" bewertete Lücken. --------------------------------------------- https://heise.de/-4591094 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python-psutil, slurm-llnl, symfony, and thunderbird), Fedora (gd and ghostscript), and SUSE (ceph, haproxy, java-11-openjdk, and ncurses). --------------------------------------------- https://lwn.net/Articles/805149/ ∗∗∗ Lexmark Services Monitor 2.27.4.0.39 Directory Traversal ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2019110124 ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2019-5435, CVE-2019-5436) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-a… ∗∗∗ HPESBHF03963 rev.1 - Certain HPE ProLiant Servers with Intel CSME, AMT, SPS, TXE, ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03968 rev.1 - HPE Gen10 ProLiant, Apollo, and Synergy Servers using Intel CPU Transactional Synchronization Extensions (TSX) Asynchronous Abort (TAA), Local Disclosure of Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03969 rev.1 - HPE ProLiant Gen10 Servers using certain Intel Xeon Scalable Processors, Voltage Modulation, Local Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03971 rev.1 - HPE Servers using certain Intel Processors, SMM and TXT, Local Escalation of Privilege ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03964 rev.1 - HPE Nimble Storage, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Google Chrome: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0998 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.11.2019
by Daily end-of-shift report 18 Nov '19

18 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-11-2019 18:00 − Montag 18-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New NextCry Ransomware Encrypts Data on NextCloud Linux Servers ∗∗∗ --------------------------------------------- On October 24, Nextcloud released an urgent alert about a remote code execution vulnerability that impacts the default Nextcloud NGINX configuration. Tracked as CVE-2019-11043, the flaw is in the PHP-FPM (FastCGI Process Manager) component, included by some hosting providers like Nextcloud in their default setup. A public exploit exists and has been leveraged to compromised servers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encry… ∗∗∗ Powershell ConstrainedLanguage Mode ∗∗∗ --------------------------------------------- Gastbeitrag vom milCERT - Philipp Thaller und Stefan Bachmair - Bei der Analyse von aktueller Malware stellte sich heraus dass viele der aktuellen Exemplare (inkl. Emotet ) auf die PowerShell angewiesen sind um ihr schadhaftes Potential entfalten zu können. Schränkt man die PowerShell entsprechend ein, ist eine Ausführung des eigentlichen Schadcodes oft gar nicht möglich. --------------------------------------------- https://cert.at/de/blog/2019/11/201911-powershell-constrainedlanguage ∗∗∗ Willhaben warnt vor betrügerischer Phishing-SMS ∗∗∗ --------------------------------------------- Wer von der Verkaufsplattform Willhaben eine SMS mit Zahlungsinformationen bekommt, soll den Link keinesfalls anklicken. --------------------------------------------- https://futurezone.at/apps/willhaben-warnt-vor-betruegerischer-phishing-sms… ∗∗∗ pax: Exploit padding oracles for fun and profit ∗∗∗ --------------------------------------------- Pax (PAdding oracle eXploiter) is a tool for exploiting padding oracles in order to: - Obtain plaintext for a given piece of CBC encrypted data. - Obtain encrypted bytes for a given piece of plaintext, using the unknown encryption algorithm used by the oracle. --------------------------------------------- https://github.com/liamg/pax ∗∗∗ RdpThief: Extracting Clear-text Credentials from Remote Desktop Clients ∗∗∗ --------------------------------------------- In this blogpost I will describe the process I followed to write a tool that will extract clear-text credentials from the Microsoft RDP client using API hooking. Using this approach, if you are already operating under the privileges of the compromised user (e.g. as a result of a phish) and the user has an RDP session open, you are able to extract the clear-text credentials without privilege escalation. --------------------------------------------- https://www.mdsec.co.uk/2019/11/rdpthief-extracting-clear-text-credentials-… ∗∗∗ Medica 2019: BSI-Leitfaden zur Cyber-Sicherheit von Medizinprodukten ∗∗∗ --------------------------------------------- Im Kontext der sicheren Digitalisierung im Gesundheitswesen hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) im Rahmen der Messe "Medica" in Düsseldorf einen neuen Leitfaden "Sicherheit von Medizinprodukten – Leitfaden zur Nutzung des MDS2 aus 2019" (Manufacturer Disclosure Statement for Medical Device Security) veröffentlicht. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Leitfaden_M… ∗∗∗ Google patches ‘awesome’ XSS vulnerability in Gmail dynamic email feature ∗∗∗ --------------------------------------------- The bug bounty hunter who disclosed the issue says the bug is a prime example of DOM Clobbering. --------------------------------------------- https://www.zdnet.com/article/google-patches-awesome-xss-vulnerability-in-g… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (angular.js, libapache2-mod-auth-openidc, mosquitto, postgresql-common, and thunderbird), Fedora (chromium, djvulibre, freetds, ghostscript, java-1.8.0-openjdk-aarch32, samba, thunderbird-enigmail, wpa_supplicant, and xen), openSUSE (go1.12, ImageMagick, and ucode-intel), Oracle (ghostscript and kernel), Red Hat (libcomps and sudo), Slackware (kernel), SUSE (microcode_ctl, slurm, and ucode-intel), and Ubuntu (mysql-5.7, mysql-8.0 and python-ecdsa). --------------------------------------------- https://lwn.net/Articles/805083/ ∗∗∗ Security Bulletin: Denial of Service vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2019-4096) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily November 2019