Daily February 2019

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - 28.02.2019
by Daily end-of-shift report 28 Feb '19

28 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-02-2019 18:00 − Donnerstag 28-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ ENISA makes recommendations on EU-wide election cybersecurity ∗∗∗ --------------------------------------------- In the context of the upcoming elections for the European Parliament, today the EU Agency for Cybersecurity ENISA publishes an opinion paper on the cybersecurity of elections and provides concrete and forward-looking recommendations to improve the cybersecurity of electoral processes in the EU. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-makes-recommendations-on-… ∗∗∗ Schluss mit Krypto-Mining im Browser: Coinhive stellt Betrieb ein ∗∗∗ --------------------------------------------- Webseitenbesucher mehr oder minder freiwillig Kryptogeld schürfen lassen lohnt wohl nicht mehr: Der Krypto-Mining-Dienst Coinhive gibt auf. --------------------------------------------- http://heise.de/-4322936 ∗∗∗ Vorsicht beim Kauf von Konzertkarten über Facebook ∗∗∗ --------------------------------------------- Konsument/innen finden auf den Facebookseiten unterschiedlichster Konzerte und Events Ticket-Verkaufsangebote von Privatpersonen. Wer die Tickets kaufen möchte, tritt häufig in Kontakt mit Kriminellen, die Fake-Profile nutzen. Das Geld soll ins Ausland überwiesen werden, die Konzertkarten existieren nicht und die Nutzer/innenkonten der Betroffenen werden später für die gleiche Betrugsmasche missbraucht. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-beim-kauf-von-konzertkarten… ∗∗∗ perfect-housekeeping.store und hauslinie.store sind Fake-Shops ∗∗∗ --------------------------------------------- Auf der Suche nach günstigen Haushaltsgeräten stoßen Sie womöglich auf perfect-housekeeping.store oder hauslinie.store. Kaffeemaschinen, Kühlschränke, Waschmaschinen und Co können dort deutlich günstiger als in anderen Shops erworben werden. Wir raten von einer Bestellung ab, denn die Ware kann ausschließlich vorab bezahlt werden. Geliefert wird jedoch nie! --------------------------------------------- https://www.watchlist-internet.at/news/perfect-housekeepingstore-und-hausli… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gpac, qemu, and sox), openSUSE (libqt5-qtbase), Red Hat (java-1.8.0-openjdk and java-11-openjdk), SUSE (bluez), and Ubuntu (nss and openssl, openssl1.0). --------------------------------------------- https://lwn.net/Articles/780960/ ∗∗∗ ZDI-19-230: (0day) Advantech WebAccess Node tv_enua Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-230/ ∗∗∗ ZDI-19-229: (0day) Advantech WebAccess Node spchapi Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-229/ ∗∗∗ ZDI-19-228: (0day) Microsoft Visual Studio settings XML External Entity Processing Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-228/ ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190228-… ∗∗∗ IBM Security Bulletin: IBM Cloud Private is affected by an issue with runc used by Docker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-is-… ∗∗∗ IBM Security Bulletin: Kernel Buffer Overflow in IBM Security Trusteer Rapport for MacOS (CVE-2018-1985) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-kernel-buffer-overflo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.02.2019
by Daily end-of-shift report 27 Feb '19

27 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 26-02-2019 18:00 − Mittwoch 27-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Google Analytics and Angular in Magento Credit Card Stealing Scripts ∗∗∗ --------------------------------------------- Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners. The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js, js/meigee/jquery.min.js, and js/varien/js.js. The obfuscated code loads another script from www.google-analytics[.]cm/analytics.js. Continue reading --------------------------------------------- https://blog.sucuri.net/2019/02/google-analytics-and-angular-in-magento-cre… ∗∗∗ Top ten most popular docker images each contain at least 30 vulnerabilities ∗∗∗ --------------------------------------------- [...] The findings show that in every docker image we scanned, we found vulnerable versions of system libraries. The official Node.js image ships 580 vulnerable system libraries, followed by the others each of which ship at least 30 publicly known vulnerabilities. --------------------------------------------- https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-lea… ∗∗∗ Thunderclap: Macs und PCs anfällig für bösartige Thunderbolt-Peripherie ∗∗∗ --------------------------------------------- Bestehende Schutzmechanismen reichen laut Sicherheitsforschern nicht aus, um Angriffe über USB-C-Peripherie abzuwehren. --------------------------------------------- http://heise.de/-4321946 ∗∗∗ Chrome Zero-Day Exploited to Harvest User Data via PDF Files ∗∗∗ --------------------------------------------- Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google’s web browser. read more --------------------------------------------- https://www.securityweek.com/chrome-zero-day-exploited-harvest-user-data-pd… ∗∗∗ Ärger mit vermeintlich kostenlosen Bestellungen! ∗∗∗ --------------------------------------------- Zahlreiche Konsument/innen beschweren sich über Online-Shops wie vermano.de, vimabel.de, deinschmuckladen.com oder lieblings-mensch.com bei uns. Diese werben mit kostenlosen Produkten, für die lediglich Versandkosten anfallen. Die Bestellungen können viel Ärger mit sich bringen. So sind die sie beispielsweise minderwertig, kommen nicht an, führen zu hohen Mahngebühren oder Rücktritte sind nicht möglich. Wir raten von Einkäufen ab. --------------------------------------------- https://www.watchlist-internet.at/news/aerger-mit-vermeintlich-kostenlosen-… ===================== = Vulnerabilities = ===================== ∗∗∗ Moxa IKS, EDS ∗∗∗ --------------------------------------------- This advisory includes mitigations for classic buffer overflow, cross-site request forgery, cross-site scripting, improper access controls, improper restriction of excessive authentication attempts, missing encryption of sensitive data, out-of-bounds read, unprotected storage of credentials, predictable from observable state, and uncontrolled resource consumption vulnerabilities reported in the Moxa IKS and EDS industrial switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 ∗∗∗ Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (elasticsearch and logstash), CentOS (java-1.8.0-openjdk, kernel, and polkit), Debian (chromium, exiv2, and phpmyadmin), Fedora (java-1.8.0-openjdk-aarch32 and mgetty), openSUSE (docker-runc, gvfs, qemu, systemd, and thunderbird), Oracle (java-1.8.0-openjdk, kernel, and polkit), Red Hat (polkit), Scientific Linux (java-1.8.0-openjdk, kernel, and polkit), Slackware (openssl), SUSE (amavisd-new, apache2, ceph, containerd, docker, docker-runc, [...] --------------------------------------------- https://lwn.net/Articles/780859/ ∗∗∗ IBM Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5391) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-the-… ∗∗∗ IBM Security Bulletin: Multiple Samba vulnerabilities affect IBM Spectrum Protect Plus (CVE-2018-1139, CVE-2018-1140, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-samba-vulner… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.02.2019
by Daily end-of-shift report 26 Feb '19

26 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 25-02-2019 18:00 − Dienstag 26-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Studie: Verwundbare Geräte in vier von zehn Heimnetzwerken ∗∗∗ --------------------------------------------- 16 Millionen Heimnetzwerke wurden für eine Studie der Sicherheitsfirma Avast überprüft: In fast jedem zweiten Netzwerk wurden verwundbare Geräte gefunden. Viele Nutzer haben noch nie ihren Router aktualisiert. --------------------------------------------- https://www.golem.de/news/studie-verwundbare-geraete-in-vier-von-zehn-heimn… ∗∗∗ BSI warnt vor IT-Geräten mit vorinstallierter Schadsoftware ∗∗∗ --------------------------------------------- Auf Tablets und Smartphones, die über Online-Plattformen auch in Deutschland gekauft werden können, kann sich vorinstallierte Schadsoftware befinden. Das hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) zunächst an einem Tablet nachgewiesen. Das BSI warnt vor dem Einsatz dieses Geräts auf Grundlage von §7 des BSI-Gesetzes und rät allen Anwenderinnen und Anwendern zu besonderer Vorsicht. Im Zuge der Analyse sind zudem weitere Geräte [...] --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Warnung_vor… ∗∗∗ Sicherheitsupdates: Nvidia schützt Grafikkartentreiber vor Angriffen ∗∗∗ --------------------------------------------- Aktualisierte Treiber für verschiedene Nvidia-Grafikkarten schließen mehrere Sicherheitslücken. --------------------------------------------- http://heise.de/-4320123 ===================== = Vulnerabilities = ===================== ∗∗∗ OpenSSL Security Advisory [26 February 2019] ∗∗∗ --------------------------------------------- 0-byte record padding oracle (CVE-2019-1559) --------------------------------------------- https://www.openssl.org/news/secadv/20190226.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bind, kibana, systemd, and thunderbird), Debian (elfutils and liblivemedia), Fedora (kernel, kernel-headers, kernel-tools, and SDL), openSUSE (dovecot23, firefox, kauth, python-Jinja2, python-numpy, and thunderbird), Red Hat (java-1.8.0-openjdk and kernel), SUSE (python, python-amqp, python-oslo.messaging, python-ovs, python-paramiko, python-psql2mysql, qemu, and supportutils), and Ubuntu (ghostscript, gnome-keyring, and ldb). --------------------------------------------- https://lwn.net/Articles/780769/ ∗∗∗ Vulnerability involving IBM Cloud Baseboard Management Controller (BMC) Firmware ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/vulnerability-involving-ibm-cloud-baseboard… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ Advanced CloudPaks are vulnerable to a denial of service attack within the Systemd package (CVE-2019-6454) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud… ∗∗∗ IBM Security Bulletin: IBM Content Navigator uses a common key to encrypt certain user names and passwords ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: Vulnerability in tcpdump affects AIX (CVE-2018-19519) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-tcpd… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Java SE affect IBM Spectrum Protect Plus (CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214, CVE-2018-13785) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2018-3139. CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerabilities in IBM Spectrum Protect Operations Center (CVE-2018-1854, CVE-2018-1855) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2018-1685, CVE-2018-1710, CVE-2018-1711, CVE-2018-1780, CVE-2018-1781, CVE-2018-1799, CVE-2018-1802, CVE-2018-1834, CVE-2018-1857, CVE-2018-1897) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerab… ∗∗∗ IBM Security Bulletin: Password disclosure via trace log in IBM Spectrum Protect Operations Center (CVE-2018-1769) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-disclosure-v… ∗∗∗ The BIG-IP APM system may log passwords in plaintext when the Debug log level is enabled ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31757417 ∗∗∗ BIG-IP TMM vulnerability CVE-2019-6594 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K91026261 ∗∗∗ BIG-IP APM XSS vulnerability CVE-2019-6595 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31424926 ∗∗∗ TMM SSL profile vulnerability CVE-2019-6592 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54167061 ∗∗∗ BIG-IP APM web pages may be indexed by search engines ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K88126845 ∗∗∗ TMM TLS virtual server vulnerability CVE-2019-6593 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10065173 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.02.2019
by Daily end-of-shift report 25 Feb '19

25 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-02-2019 18:00 − Montag 25-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitslücken: PDF-Signaturen fälschen leicht gemacht ∗∗∗ --------------------------------------------- Signaturen von PDF-Dateien sind offenbar nicht besonders sicher: Einem Forscherteam der Uni Bochum gelang es, die Signaturprüfung in nahezu allen PDF-Programmen auszutricksen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-pdf-signaturen-faelschen-leich… ∗∗∗ How to Use an Audit Log to Practice WordPress Forensics ∗∗∗ --------------------------------------------- User accountability, improved security & forensics, adhering to compliance and easy troubleshooting are just a few of the benefits of keeping an activity log on your WordPress site. --------------------------------------------- https://www.htbridge.com/blog/benefits-activity-logs-wordpress-site.html ∗∗∗ Geldwäsche durch Bewerbung bei nebenverdienst-jobs.de ∗∗∗ --------------------------------------------- Über diverse Job-Plattformen und Inseratsseiten locken Kriminelle Konsument/innen auf nebenverdienst-jobs.de. Job-Suchenden werden hier monatliche Überweisungen für das Eröffnen und Zurverfügungstellen eines Bankkontos versprochen. Interessent/innen dürfen sich keinesfalls bewerben, denn es handelt sich um eine Methode der Geldwäsche, durch die sich Konsument/innen unter Umständen strafbar machen. --------------------------------------------- https://www.watchlist-internet.at/news/geldwaesche-durch-bewerbung-bei-nebe… ∗∗∗ New browser attack lets hackers run bad code even after users leave a web page ∗∗∗ --------------------------------------------- MarioNet attack lets hackers create botnets from users browsers. --------------------------------------------- https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-… ===================== = Vulnerabilities = ===================== ∗∗∗ SSA-844562: Multiple Vulnerabilities in Licensing Software for WinCC OA ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been identified in the WibuKey Digital Rights Management (DRM) solution, which affect WinCC OA. Siemens recommends users to apply the updates to WibuKey Digital Rights Management (DRM) provided by WIBU SYSTEMS AG. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-844562.txt ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (msmtp and python-mysql-connector), Debian (freedink-dfarc, rssh, sox, and waagent), Fedora (docker-latest, java-1.8.0-openjdk, koji, pagure, poppler, and spice), openSUSE (ansible, GraphicsMagick, mosquitto, pspp, spread-sheet-widget, and python-python-gnupg), Red Hat (chromium-browser), Slackware (file), SUSE (kernel, python-Django, qemu, and thunderbird), and Ubuntu (bind9). --------------------------------------------- https://lwn.net/Articles/780692/ ∗∗∗ SA-CORE-2019-003 Notice of increased risk and Additional exploit path - PSA-2019-02-22 ∗∗∗ --------------------------------------------- [...] This Public Service Announcement is a follow-up to SA-CORE-2019-003. This is not an announcement of a new vulnerability. If you have not updated your site as described in SA-CORE-2019-003 you should do that now. There are public exploits now available for this SA. --------------------------------------------- https://www.drupal.org/psa-2019-02-22 ∗∗∗ PHP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0166 ∗∗∗ IBM Security Bulletin: BigFix deployments with internet-facing relays that are not configured as authenticating are prone to security threats (CVE-2019-4061) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-deployments-wi… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage SDK Java (Feb 2019) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by a potential SQL Injection vulnerability CVE-2018-1819 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services 2.1.1: Information Leakage in configuration listing (CVE-2018-1670) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSLP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2017-17833) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: Vulnerability in Service Assistant affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-1775) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-serv… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability in DHCP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-dhcp… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.02.2019
by Daily end-of-shift report 22 Feb '19

22 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-02-2019 18:00 − Freitag 22-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Statische Analyse von bösartigen Makros in Office-Dokumenten (am Beispiel der Schadsoftware Emotet) ∗∗∗ --------------------------------------------- Verdächtige Office-Dokumente können mit frei verfügbaren Werkzeugen auf Schadsoftware geprüft werden. Dieser Artikel gibt einen Einblick in die statische Analyse solcher Dokumente. --------------------------------------------- https://www.dfn-cert.de/aktuell/malicious-macros-emotet.html ∗∗∗ Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware ∗∗∗ --------------------------------------------- The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online phishing campaigns impersonate a popular brand or product through specially crafted emails, SMS, or social media networks. These campaigns employ various methods including email spoofing, fake or real employee names, and recognized branding to trick users into believing they are from a legitimate source. --------------------------------------------- https://blog.sucuri.net/2019/02/hackers-use-fake-google-recaptcha-to-cloak-… ∗∗∗ VB2018 paper: The modality of mortality in domain names ∗∗∗ --------------------------------------------- Domains play a crucial role in most cyber attacks, from the very advanced to the very mundane. Today, we publish a VB2018 paper by Paul Vixie (Farsight Security) who undertook the first systematic study into the lifetimes of newly registered domains. --------------------------------------------- https://www.virusbulletin.com:443/blog/2019/02/vb2018-paper-modality-mortal… ∗∗∗ The lazy person’s guide to cybersecurity: minimum effort for maximum protection ∗∗∗ --------------------------------------------- How can we help our less tech-savvy friends stay more secure online? By giving them a lazy persons guide to cybersecurity, we can offer maximum protection for minimal effort.Categories: 101How-tosTags: cybersecuritypassword managerpotentially unwanted programspush notificationstech support scamsuser awarenessuser education(Read more...)The post The lazy person’s guide to cybersecurity: minimum effort for maximum protection appeared first on Malwarebytes Labs. --------------------------------------------- https://blog.malwarebytes.com/101/2019/02/the-lazy-persons-guide-to-cyberse… ===================== = Vulnerabilities = ===================== ∗∗∗ Cr1ptT0r Ransomware Infects D-Link NAS Devices, Targets Embedded Systems ∗∗∗ --------------------------------------------- A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cr1ptt0r-ransomware-infects-… ∗∗∗ Sicherheitsupdates: Lücken in Cisco HyperFlex machen Angreifer zum Root ∗∗∗ --------------------------------------------- Cisco hat wichtige Sicherheitsupdates für verschiedenen Produkte veröffentlicht. Keine der Lücken gilt als kritisch. --------------------------------------------- http://heise.de/-4315921 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (libreoffice, libtiff, spice, and spice-gtk), openSUSE (build, mosquitto, and nodejs6), Red Hat (firefox, flatpak, and systemd), Scientific Linux (firefox, flatpak, and systemd), SUSE (kernel-firmware and texlive), and Ubuntu (bind9 and ghostscript). --------------------------------------------- https://lwn.net/Articles/780543/ ∗∗∗ Internet Systems Consortium BIND: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen oder Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0161 ∗∗∗ WinRAR: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in WinRAR ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0162 ∗∗∗ Adobe Acrobat DC: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Adobe Acrobat DC, Adobe Acrobat Reader DC, Adobe Acrobat und Adobe Reader ausnutzen, um Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0163 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js and OpenSSL affect IBM Watson Assistant on IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Watson Assistant on IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2014-7810) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2018-1767) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ BIND vulnerability CVE-2018-5744 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00040234 ∗∗∗ BIND vulnerability CVE-2018-5745 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K25244852 ∗∗∗ BIND vulnerability CVE-2019-6465 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01713115 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.02.2019
by Daily end-of-shift report 21 Feb '19

21 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-02-2019 18:00 − Donnerstag 21-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Schadcode: 19 Jahre alte Sicherheitslücke in Winrar ∗∗∗ --------------------------------------------- Vorsicht beim Entpacken von ACE-Archiven: Sie können Dateien an beliebige Orte des Systems schreiben - und damit auch Code ausführen. Ein stabiles Update von Winrar wurde noch nicht veröffentlicht. --------------------------------------------- https://www.golem.de/news/schadcode-19-jahre-alte-sicherheitsluecke-in-winr… ∗∗∗ The new developments Of the FBot ∗∗∗ --------------------------------------------- Background introductionBeginning on February 16, 2019, 360Netlab has discovered that a large number of HiSilicon DVR/NVR Soc devices have been exploited by attackers to load an updated Fbot botnet program. Fbot was originally discovered and disclosed by 360Netlab [1] , it has been active and is constantly being upgraded. --------------------------------------------- https://blog.netlab.360.com/the-new-developments-of-the-fbot-en/ ∗∗∗ Achtung bei angeblichen Anrufen von Apple ∗∗∗ --------------------------------------------- Kriminelle kontaktieren iPhone-Nutzer/innen und erklären, dass es bei Apple angeblich zu einer Datenpanne gekommen sei und ihre Apple-ID betroffen sei. Sie werden aufgefordert eine weitere Service-Nummer anzurufen, um das Problem zu beheben. Das tückische dahinter: Auf Ihrem Bildschirm scheint die Apple-Support-Nummer samt Logo auf. Brechen Sie das Gespräch ab oder gehen Sie nicht ran! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-bei-angeblichen-anrufen-von-… ∗∗∗ nordischesdesign.com ist unseriös ∗∗∗ --------------------------------------------- Der Online-Shop nordischesdesign.com bietet moderne Möbel, Lampen, Dekorationsartikel und Geschirr im nordischen Design. Wir raten von einer Bestellung ab, da nicht sicher ist, ob Sie die bestellte Ware erhalten. nordischesdesign.com hat kein Impressum und bietet Konsument/innen keine Kontaktmöglichkeit. --------------------------------------------- https://www.watchlist-internet.at/news/nordischesdesigncom-ist-unserioes/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB19-13) ∗∗∗ --------------------------------------------- Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB19-13). These updates address a reported bypass to the fix for CVE-2019-7089 first introduced in 2019.010.20091, 2017.011.30120 and 2015.006.30475 and released on February 12, 2019. Successful exploitation could lead to sensitive [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1711 ∗∗∗ Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003 ∗∗∗ --------------------------------------------- Project: Drupal coreDate: 2019-February-20Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Remote Code ExecutionCVE IDs: CVE-2019-6340Description: Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. --------------------------------------------- https://www.drupal.org/sa-core-2019-003 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, flatpak, and systemd), Fedora (createrepo_c, dnf, dnf-plugins-core, dnf-plugins-extras, docker, libcomps, libdnf, and runc), Mageia (giflib, irssi, kernel, kernel-linus, libexif, poppler, tcpreplay, and zziplib), and SUSE (php5, procps, and qemu). --------------------------------------------- https://lwn.net/Articles/780454/ ∗∗∗ Microsoft Internet Information Services (IIS): Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0159 ∗∗∗ Linux kernel vulnerability CVE-2018-5953 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K94735334 ∗∗∗ Linux kernel vulnerability CVE-2018-10883 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K94735334 ∗∗∗ libcurl vulnerability CVE-2016-8618 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10196624 ∗∗∗ cURL and libcurl vulnerability CVE-2017-2628 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35453761 ∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2018-17199, CVE-2018-17189, and CVE-2019-0190 in the IBM i HTTP Server affect IBM i. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a kernel vulnerability (CVE-2018-5391) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by krb5 vulnerabilities (CVE-2018-5730 and CVE-2018-5729) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by GnuTLS vulnerabilities (CVE-2018-10845 and CVE-2018-10844) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a Mozilla Network Security Services (NSS) vulnerability (CVE-2018-12384) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a UI message injection vulnerability (CVE-2018-1666) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by an unauthorized access vulnerability (CVE-2018-1668) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site request forgery vulnerability (CVE-2018-1661) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.02.2019
by Daily end-of-shift report 20 Feb '19

20 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-02-2019 18:00 − Mittwoch 20-02-2019 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SQL injection explained: How SQLi attacks work and how to prevent them ∗∗∗ --------------------------------------------- What is SQL injection?SQL injection is a type of attack that can give an adversary complete control over your web application database by inserting arbitrary SQL code into a database query.Immortalized by "Little Bobby Drop Tables" in XKCD 327, SQL injection (SQLi) was first discovered in 1998, yet continues to plague web applications across the internet. Even the OWASP Top Tenlists injection as the number one threat to web application security. --------------------------------------------- https://www.csoonline.com/article/3257429/application-security/what-is-sql-… ∗∗∗ Sicherheit: Github startet Safe Harbor für Bug-Bounty-Programm ∗∗∗ --------------------------------------------- Um Teilnehmer seines Bug-Bounty-Programms rechtlich besser abzusichern, startet Github ein Safe-Harbor-Programm, das die Aktionen der Sicherheitsforscher absichern soll. Die Richtlinien basieren auf eigener Erfahrung und Vorlagen aus der Community. Das Programm selbst wird ebenfalls erweitert. (Github, Urheberrecht) --------------------------------------------- https://www.golem.de/news/sicherheit-github-startet-safe-harbor-fuer-bug-bo… ∗∗∗ Password Managers: Under the Hood of Secrets Management ∗∗∗ --------------------------------------------- [...] In this paper we propose security guarantees password managers should offer and examine the underlying workings of five popular password managers targeting the Windows 10 platform: 1Password 7, 1Password 4, Dashlane, KeePass, and LastPass. --------------------------------------------- https://www.securityevaluators.com/casestudies/password-manager-hacking/ ∗∗∗ Phishers’ new trick for bypassing email URL filters ∗∗∗ --------------------------------------------- Phishers have come up with another trick to make Office documents carrying malicious links undetectable by many e-mail security services: they delete the links from the document’s relationship file (xml.rels). The trick has been spotted being used in a email spam campaign aimed at leading victims to a credential harvesting login page. --------------------------------------------- https://www.helpnetsecurity.com/2019/02/20/phishers-new-trick-for-bypassing… ∗∗∗ Combing Through Brushaloader Amid Massive Detection Uptick ∗∗∗ --------------------------------------------- Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Matthew Molyett.Executive SummaryOver the past several months, Cisco Talos has been monitoring various malware distribution campaigns leveraging the malware loader Brushaloader to deliver malware payloads to systems. Brushaloader is currently characterized by the use of various scripting elements, such as PowerShell, to minimize the number of artifacts left on infected systems. --------------------------------------------- https://blog.talosintelligence.com/2019/02/combing-through-brushaloader.html ∗∗∗ Siegeware: When criminals take over your smart building ∗∗∗ --------------------------------------------- Siegeware is what you get when cybercriminals mix the concept of ransomware with building automation systems: abuse of equipment control software to threaten access to physical facilities. --------------------------------------------- https://www.welivesecurity.com/2019/02/20/siegeware-when-criminals-take-ove… ===================== = Vulnerabilities = ===================== ∗∗∗ Intel Data Center Manager SDK ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for improper authentication, protection mechanism failure, permission issues, key management errors, and insufficient control flow management vulnerabilities reported in Intels Data Center Manger software development kit. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01 ∗∗∗ Delta Industrial Automation CNCSoft ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an out-of-bounds read vulnerability reported in the Delta Electronics Delta Industrial Automation CNCSoft. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-050-02 ∗∗∗ Horner Automation Cscape ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability in the Horner Automation Cscape software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-050-03 ∗∗∗ Rockwell Automation Allen-Bradley PowerMonitor 1000 ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for cross-site scripting and authentication bypass vulnerabilities reported in Rockwell Automations Allen-Bradley PowerMonitor 1000, a compact power monitor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04 ∗∗∗ WordPress 5.0.0 Remote Code Execution ∗∗∗ --------------------------------------------- This blog post details how a combination of a Path Traversal and Local File Inclusion vulnerability lead to Remote Code Execution in the WordPress core. The vulnerability remained uncovered in the WordPress core for over 6 years. --------------------------------------------- https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ansible, drupal7, and systemd), Fedora (botan2, ceph, and firefox), Oracle (firefox, flatpak, and systemd), Red Hat (firefox), SUSE (gvfs, kernel, libqt5-qtbase, python-numpy, and qemu), and Ubuntu (gdm3). --------------------------------------------- https://lwn.net/Articles/780344/ ∗∗∗ Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure Certificate Validation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director XML External Entity Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco HyperFlex Software Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Hyperflex Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco HyperFlex Arbitrary Statistics Write Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Threat Defense Software SSL or TLS Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco HyperFlex Software Unauthenticated Root Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Double Free Vulnerability on Bastet Module of Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-… ∗∗∗ Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-… ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.02.2019
by Daily end-of-shift report 19 Feb '19

19 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 18-02-2019 18:00 − Dienstag 19-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers Use Compromised Banks as Starting Points for Phishing Attacks ∗∗∗ --------------------------------------------- Cybercriminals attacking banks and financial organizations use their foothold in a compromised infrastructure to gain access to similar targets in other regions or countries. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-use-compromised-bank… ∗∗∗ No More Ransom to the Rescue: New Decryption Tool Released for Latest Version of GandCrab ransomware ∗∗∗ --------------------------------------------- The wait for the victims of GandCrab is over: a new decryption tool has been released today for free on the No More Ransom depository for the latest strand of GandCrab, one of the world’s most prolific ransomware to date. This tool was developed by the Romanian Police in close collaboration with the internet security company Bitdefender and Europol, together with the support of law enforcement authorities from Austria, Belgium, Cyprus, France, Germany, Italy, the Netherlands, UK, Canada [...] --------------------------------------------- https://www.europol.europa.eu/newsroom/news/no-more-ransom-to-rescue-new-de… ∗∗∗ SHA-2-Patch für Windows 7 und Windows Server 2008/R2 kommt im März ∗∗∗ --------------------------------------------- Microsoft plant ein Update für Windows 7/Server 2008 (R2). Es soll das Betriebssystem für die Erkennung SHA-2 signierter Updates fit machen. --------------------------------------------- http://heise.de/-4312194 ∗∗∗ Criminal hacking hits Managed Service Providers: Reasons and responses ∗∗∗ --------------------------------------------- Recent news articles show that MSPs are now being targeted by criminals, and for a variety of nefarious reasons. Why is this happening, and what should MSPs do about it? --------------------------------------------- https://www.welivesecurity.com/2019/02/19/criminal-hacking-hits-managed-ser… ∗∗∗ Rietspoof malware spreads via Facebook Messenger and Skype spam ∗∗∗ --------------------------------------------- Avast researchers spot new malware spreading via instant messaging clients. --------------------------------------------- https://www.zdnet.com/article/rietspoof-malware-spreads-via-facebook-messen… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, rdesktop, rssh, systemd, and uriparser), Fedora (bouncycastle, eclipse-jgit, eclipse-linuxtools, jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-dataformat-xml, jackson-dataformats-binary, jackson-dataformats-text, jackson-datatype-jdk8, jackson-datatype-joda, jackson-datatypes-collections, jackson-jaxrs-providers, jackson-module-jsonSchema, jackson-modules-base, jackson-parent, moby-engine, and subversion), [...] --------------------------------------------- https://lwn.net/Articles/780245/ ∗∗∗ Critical Release - PSA-2019-02-19 ∗∗∗ --------------------------------------------- Date: 2019-February-19Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Critical ReleaseDescription: There will be a security release of 8.5.x and 8.6.x on February 20th 2019 between 1PM to 5PM America/New York (1800 to 2200 UTC). (To see this in your local timezone, refer to the Drupal Core Calendar) . The risk on this is currently rated at 20/25 (Highly critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:Uncommon. --------------------------------------------- https://www.drupal.org/psa-2019-02-19 ∗∗∗ Vuln: SolarWinds Orion Network Performance Monitor (NPM) CVE-2019-8917 Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107061 ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0150 ∗∗∗ IBM Security Bulletin: Directory traversal vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-2006) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-directory-traversal-v… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-8931 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a CVE-2018-1901 vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem 840 and 900 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem V840 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.02.2019
by Daily end-of-shift report 18 Feb '19

18 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-02-2019 18:00 − Montag 18-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Finding Property Values in Office Documents, (Sat, Feb 16th) ∗∗∗ --------------------------------------------- In diary entry "Maldoc Analysis of the Weekend", I use the strings method explained in diary entry "Quickie: String Analysis is Still Useful" to quickly locate the PowerShell command hidden in a malicious Word document. --------------------------------------------- https://isc.sans.edu/diary/rss/24652 ∗∗∗ Distributing Malware - one "Word" at a Time ∗∗∗ --------------------------------------------- Using Microsoft Word to distribute malware is a common tactic used by criminals. Given the popularity of Word, criminals can often "live off the land" and use mechanisms that are already in place to do their dirty work. --------------------------------------------- https://www.gdatasoftware.com/blog/2019/02/31429-distributing-malware-word ∗∗∗ A Deep Dive on the Recent Widespread DNS Hijacking Attacks ∗∗∗ --------------------------------------------- The U.S. government - along with a number of leading security companies - recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the [...] --------------------------------------------- https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dn… ∗∗∗ IT-Grundschutz-Kompendium Edition 2019 erschienen ∗∗∗ --------------------------------------------- Ab sofort steht das IT-Grundschutz-Kompendium in der neuen Edition 2019 zur Verfügung. In dieser Edition sind insgesamt 94 IT-Grundschutz-Bausteine enthalten, 14 Bausteine sind zu neuen Themen aufgenommen worden. Das IT-Grundschutz-Kompendium ist auf die Sicherheitsanforderungen in Unternehmen und Behörden zugeschnitten. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/IT-Grundschutz-Ko… ∗∗∗ Exploit Code Published for Recent Container Escape Vulnerability ∗∗∗ --------------------------------------------- Proof-of-concept (PoC) code is now publicly available for a recently disclosed container escape vulnerability impacting popular cloud platforms, including AWS, Google Cloud, and numerous Linux distributions. read more --------------------------------------------- https://www.securityweek.com/exploit-code-published-recent-container-escape… ∗∗∗ Sinking a ship and hiding the evidence ∗∗∗ --------------------------------------------- Our earlier work on Voyage Data Recorder manipulation got us thinking about how a malicious individual or organisation might bring about the demise of a ship and hide the evidence. There are plenty of ways to get malware on to a ship. Whether it’s via satcoms, phishing, USB, crew Wi-Fi, dodgy DVDs etc. Now the [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/sinking-a-ship-and-hiding-the… ∗∗∗ Different 'smart' lock, similar security issues ∗∗∗ --------------------------------------------- I was looking through Amazon and found this padlock at the cheaper end of the scale. For twenty of my well-earnt English pounds I could become the owner of a new and shiny SLOK lock. Image credit: Amazon It can be unlocked by BLE and can be shared to others, what could I do but [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/different-smart-lock-similar-… ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2019-0001 ∗∗∗ --------------------------------------------- VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0001.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (cairo, firefox, flatpak, hiawatha, and webkit2gtk), Debian (gsoap, mosquitto, php5, thunderbird, and tiff), Fedora (elfutils, ghostscript, gsi-openssh, kernel, kernel-headers, kernel-tools, kf5-kauth, mingw-podofo, mingw-poppler, mosquitto, podofo, and python-markdown2), Mageia (firefox, flash-player-plugin, lxc, and thunderbird), openSUSE (avahi, docker, libu2f-host, LibVNCServer, nginx, phpMyAdmin, and pspp, spread-sheet-widget), Red Hat [...] --------------------------------------------- https://lwn.net/Articles/780076/ ∗∗∗ Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019 ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Information Leakage Vulnerability on Some Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190218-… ∗∗∗ D-LINK Router DIR-823G: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0147 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.02.2019
by Daily end-of-shift report 15 Feb '19

15 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-02-2019 18:00 − Freitag 15-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cryptojacking Coinhive Miners Land on the Microsoft Store For the First Time ∗∗∗ --------------------------------------------- A batch of eight potentially unwanted applications (PUAs) were found on the Microsoft Store dropping malicious Monero (XMR) Coinhive cryptomining scripts, delivered with the help of Googles legitimate Google Tag Manager (GTM) library. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cryptojacking-coinhive-miner… ∗∗∗ Demystifying the crypter used in Emotet, Qbot, and Dridex ∗∗∗ --------------------------------------------- A crypter is software that can encrypt, obfuscate, and manipulate malware to make it harder to detect by security programs. The Zscaler ThreatLabZ research team recently spotted a common crypter being used in the recent Emotet, Qbot, and Dridex campaigns. This same crypter was observed in some of the Ursnif and BitPaymer campaigns as well. --------------------------------------------- https://www.zscaler.com/blogs/research/demystifying-crypter-used-emotet-qbo… ∗∗∗ Many ICS Vulnerability Advisories Contain Errors: Report ∗∗∗ --------------------------------------------- Roughly one-third of the ICS-specific vulnerability advisories published in 2018 contained basic factual errors, including when describing and rating the severity of a flaw, according to the 2018 Year in Review report published on Thursday by industrial cybersecurity firm Dragos. --------------------------------------------- https://www.securityweek.com/many-ics-vulnerability-advisories-contain-erro… ∗∗∗ Facebook Login Phishing Campaign ∗∗∗ --------------------------------------------- A falsely reported bug in the Myki Auto-Fill functionality led us to discover a phishing campaign that even the most vigilant users could fall for. --------------------------------------------- https://myki.com/blog/facebook-login-phishing-campaign/ ∗∗∗ Sicherheitsupdate schließt Angriffspunkte in Thunderbird ∗∗∗ --------------------------------------------- Schwachstellen in der Grafik-Bibliothek Skia gefährden Thunderbird. Die aktuelle Version ist abgesichert. --------------------------------------------- http://heise.de/-4310283 ∗∗∗ Dirty Sock: Canonical schließt Sicherheitslücke in Paketverwaltung Snap ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in Canonicals Paketverwaltung Snap ermöglichte normalen Benutzern Root-Rechte. Eine abgesicherte Version ist mittlerweile verfügbar. --------------------------------------------- http://heise.de/-4309424 ∗∗∗ Vulnerabilities Patched in WP Cost Estimation Plugin ∗∗∗ --------------------------------------------- At the end of January, Wordfence security analysts identified attackers exploiting vulnerabilities in outdated versions of the commercial plugin WP Cost Estimation & Payment Forms Builder, or WP Cost Estimation for short. These flaws were found and patched by the developer a few months ago, but no official public disclosure was made at the time. --------------------------------------------- https://www.wordfence.com/blog/2019/02/vulnerabilities-patched-in-wp-cost-e… ∗∗∗ Oracle MAF store bypass, a how-to ∗∗∗ --------------------------------------------- On a recent assignment I was asked to look at the security of a cloud-based solution for expenses, the Oracle® ExpensesCloud with Fusion applications. It was being used for employees to create/save/edit/submit claims to the employer. TL;DR Having default hardcoded credentials allows an attacker effortless compromise of the credentialed action. --------------------------------------------- https://www.pentestpartners.com/security-blog/oracle-maf-store-bypass-a-how… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr and unbound), Fedora (docker, libexif, and runc), openSUSE (mozilla-nss, python, rmt-server, and thunderbird), Slackware (mozilla), and SUSE (couchdb, dovecot23, kvm, nodejs6, php53, podofo, python-PyKMIP, rubygem-loofah, util-linux, and velum). --------------------------------------------- https://lwn.net/Articles/779933/ ∗∗∗ IBM Security Bulletin: Weaker than expected security in WebSphere Application Server with SP800-131 transition mode (CVE-2018-1996) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weaker-than-expected-… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Java vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities were identified in Node.js that affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Linux kernel vulnerability CVE-2018-15594 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26301924 ∗∗∗ Schwachstelle in gpsd und microjson erlaubt Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0144 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily February 2019