Daily May 2019

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - 31.05.2019
by Daily end-of-shift report 31 May '19

31 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-05-2019 18:00 − Freitag 31-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Analyzing First Stage Shellcode, (Thu, May 30th) ∗∗∗ --------------------------------------------- Yesterday, reader Alex submitted a PowerShell script he downloaded from a website. Xavier, handler on duty, showed him the script launched shellcode that tried to establish a TCP connection. --------------------------------------------- https://isc.sans.edu/diary/rss/24984 ∗∗∗ Retrieving Second Stage Payload with Ncat, (Fri, May 31st) ∗∗∗ --------------------------------------------- In diary entry "Analyzing First Stage Shellcode", I show how to analyze first stage shellcode when you have no access to the server with the second stage payload. --------------------------------------------- https://isc.sans.edu/diary/rss/24988 ∗∗∗ HiddenWasp Malware Stings Targeted Linux Systems ∗∗∗ --------------------------------------------- Intezer has discovered a new, sophisticated malware that they have named "HiddenWasp", targeting Linux systems. --------------------------------------------- https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/ ∗∗∗ Über 50.000 Datenbank-Server über Uralt-Windows-Bug mit Krypto-Minern infiziert ∗∗∗ --------------------------------------------- Mit raffinierten Methoden haben Hacker zehntausende schlecht gesicherte Windows-Server gekapert und schürfen dort heimlich Monero. --------------------------------------------- https://heise.de/-4435622 ∗∗∗ Your threat model is wrong ∗∗∗ --------------------------------------------- Several subjects have come up with the past week that all come down to the same thing: your threat model is wrong. Instead of addressing the the threat that exists, youve morphed the threat into something else that youd rather deal with, or which is easier to understand. --------------------------------------------- https://blog.erratasec.com/2019/05/your-threat-model-is-wrong.html ===================== = Vulnerabilities = ===================== ∗∗∗ Convert Plus Plugin Flaw Lets Attackers Become a Wordpress Admin ∗∗∗ --------------------------------------------- A critical vulnerability in Convert Plus, a commercial plugin for WordPress websites estimated to have 100,000 active installations, allows an unauthenticated attacker to create accounts with administrator privileges. --------------------------------------------- https://www.bleepingcomputer.com/news/security/convert-plus-plugin-flaw-let… ∗∗∗ AVEVA Vijeo Citect and CitectSCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for an insufficiently protected credentials vulnerability reported in AVEVA's Vijeo Citect and CitectSCADA supervisory control and data acquisition software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-150-01 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox and libvirt), Debian (openjdk-8 and tomcat7), Fedora (drupal7-entity), Mageia (kernel), openSUSE (bluez, gnutls, and libu2f-host), Oracle (bind), Red Hat (bind), Scientific Linux (bind), SUSE (axis, libtasn1, and rmt-server), and Ubuntu (sudo). --------------------------------------------- https://lwn.net/Articles/789849/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (miniupnpd and qemu), Fedora (drupal7-entity and xen), openSUSE (kernel), Oracle (bind and firefox), Red Hat (go-toolset-1.11-golang), SUSE (cronie, evolution, firefox, gnome-shell, java-1_7_0-openjdk, jpeg, and mailman), and Ubuntu (corosync, evolution-data-server, gnutls28, and libseccomp). --------------------------------------------- https://lwn.net/Articles/789995/ ∗∗∗ Security Advisory 2019-08: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-08-security-update-for-ot… ∗∗∗ Security Advisory 2019-09: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-09-security-update-for-ot… ∗∗∗ HPESBNS03925 rev.1 - HPE Nonstop Maintenance Entity family of products, Local Disclosure of Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ AirPort Base Station Firmware Update 7.9.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT210090 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Watson Knowledge Catalog (with Information Server) is affected by a Cryptographic vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-watson-knowledge-… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server containers are vulnerable to privilege escalation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK (January 2019) affecting IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5 and V5.0.4 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 & 8, IBM SDK, Java Technology Edition Version 8 and Eclipse OpenJ9 Affect Transformation Extender ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (April 2019 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Tivoli Storage Manager FastBack (CVE-2018-12547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Commons Compress may affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: Multiple open source vulnerabilities affect IBM PureApplication System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-open-source-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.05.2019
by Daily end-of-shift report 29 May '19

29 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-05-2019 18:00 − Mittwoch 29-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Researchers uncover smart padlock's dumb security ∗∗∗ --------------------------------------------- Pen Test Partners has found some major security flaws in the Bluetooth Nokelock that consumers might like to know about. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/29/researchers-uncover-smart-padlo… ∗∗∗ CVE-2019-0725: An Analysis of Its Exploitability ∗∗∗ --------------------------------------------- May's Patch Tuesday saw what is likely to be one of the most prominent vulnerabilities this year with the "wormable" Windows Terminal Services vulnerability (CVE-2019-0708). However, there's another remote code execution (RCE) vulnerability that would be hard to ignore: CVE-2019-0725, an RCE vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) Server. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/3268yMf2sDY/ ∗∗∗ Learning to Rank Strings Output for Speedier Malware Analysis ∗∗∗ --------------------------------------------- Reverse engineers, forensic investigators, and incident responders have an arsenal of tools at their disposal to dissect malicious software binaries. When performing malware analysis, they successively apply these tools in order to gradually gather clues about a binary's function, design detection methods, and ascertain how to contain its damage. One of the most useful initial steps is to inspect its printable characters via the Strings program. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-string… ∗∗∗ Docker: Lücke erlaubt Root-Zugriff auf Dateien ∗∗∗ --------------------------------------------- Über eine Lücke in allen Docker-Versionen könnten Angreifer ihre Privilegien erweitern. Exploit-Code ist verfügbar; der Patch steckt noch im Review-Prozess. --------------------------------------------- https://heise.de/-4434730 ∗∗∗ A dive into Turla PowerShell usage ∗∗∗ --------------------------------------------- ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only --------------------------------------------- https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/ ∗∗∗ Google Researcher Finds Code Execution Vulnerability in Notepad ∗∗∗ --------------------------------------------- Google Project Zero researcher Tavis Ormandy revealed on Tuesday that he identified a code execution vulnerability in Microsoft’s Notepad text editor. --------------------------------------------- https://www.securityweek.com/google-researcher-finds-code-execution-vulnera… ∗∗∗ diekundenexperten.at für Versicherungsrücktritte ist unseriös ∗∗∗ --------------------------------------------- Auf diekundenexperten.at wird Konsument/innen ein Angebot präsentiert, welches beim Rücktritt von Lebensversicherungen ohne Geldverlust und Risiko helfen soll. Die Behauptungen sind allerdings nicht mit geltendem Recht vereinbar und es sind weder ein Impressum noch sonstige Informationen über die Website-Betreiber/innen auffindbar. Aufgrund dieser Mängel raten wir von einer Übermittlung persönlicher Informationen ab. --------------------------------------------- https://www.watchlist-internet.at/news/diekundenexpertenat-fuer-versicherun… ∗∗∗ Proofpoint Q1 2019 Threat Report: Emotet carries the quarter with consistent high-volume campaigns ∗∗∗ --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/proofpoint-q1-2019-threat… ===================== = Vulnerabilities = ===================== ∗∗∗ Emerson Ovation OCR400 Controller ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow and heap-based buffer overflow vulnerabilities reported in Emersons Ovation OCR400 Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-148-01 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (webkit2gtk), Debian (kernel and libav), Fedora (c3p0 and community-mysql), Scientific Linux (pacemaker), SUSE (axis, libtasn1, NetworkManager, sles12sp3-docker-image, sles12sp4-image, system-user-root, and xen), and Ubuntu (freerdp, GNU Screen, keepalived, and thunderbird). --------------------------------------------- https://lwn.net/Articles/789709/ ∗∗∗ About the security content of iCloud for Windows 7.12 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT210125 ∗∗∗ About the security content of iTunes for Windows 12.9.5 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT210124 ∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Some Microsoft Windows Systems ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190529-… ∗∗∗ Security Advisory - Some Huawei 4G LTE devices are exposed to a message replay vulnerability ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190529-… ∗∗∗ IBM Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in Drupal core (CVE-2019-10909 CVE-2019-10910 CVE-2019-10911) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-deve… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in Google Guava could affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-go… Next End-of-Day report: 2019-05-31 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.05.2019
by Daily end-of-shift report 28 May '19

28 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 27-05-2019 18:00 − Dienstag 28-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ DNSSEC-Chain: DANE für Browser ist praktisch tot ∗∗∗ --------------------------------------------- Eine TLS-Erweiterung sollte die Nutzung von DANE und DNSSEC im Browser erleichtern und die Validierung beschleunigen. Der Vorschlag wird nun aber offenbar nicht weiter verfolgt. --------------------------------------------- https://www.golem.de/news/dnssec-chain-dane-fuer-browser-ist-praktisch-tot-… ∗∗∗ Google-protected mobile browsers were open to phishing for over a year ∗∗∗ --------------------------------------------- Researchers revealed a massive hole in Google Safe Browsings mobile browser protection that existed for over a year. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/28/google-protected-mobile-browser… ∗∗∗ Return to the City of Cron – Malware Infections on Joomla and WordPress ∗∗∗ --------------------------------------------- We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created by a cron that was scheduled to download malware from a third party domain. --------------------------------------------- https://blog.sucuri.net/2019/05/return-to-the-city-of-cron-malware-infectio… ∗∗∗ W3C und WHATWG erarbeiten künftig gemeinsam die HTML-Spezifikation ∗∗∗ --------------------------------------------- Das World Wide Web Consortium und die Arbeitsgruppe WHATWG bündeln ihre Bemühungen zur Standardisierung der Webtechniken. --------------------------------------------- https://heise.de/-4433970 ∗∗∗ Bitcoin-Erpressungsversuch gegen Unternehmen und Website-Betreiber/innen ∗∗∗ --------------------------------------------- Unternehmen und Website-Betreiber/innen erhalten momentan erpresserische Nachrichten per E-Mail, in Kommentarfunktionen oder in Chats. Kriminelle drohen damit, Millionen von Spam-Nachrichten im Namen der Betroffenen zu verschicken, wenn nicht binnen kurzer Zeit ein hoher Geldbetrag in Bitcoin bezahlt wird. Wir gehen von leeren Drohungen aus, raten aber dennoch zu einer Anzeige wegen Erpressung. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressungsversuch-gegen-unt… ∗∗∗ Emissary Panda Attacks Middle East Government Sharepoint Servers ∗∗∗ --------------------------------------------- Our latest research shows attacks against Middle East government Sharepoint servers using a newly patched vulnerability. --------------------------------------------- https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-gove… ===================== = Vulnerabilities = ===================== ∗∗∗ SAP UI5 1.0.0 is vulnerable to Content Spoofing in multiples parameters ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2019050283 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox and thunderbird), Debian (sox and vcftools), Fedora (safelease and sharpziplib), openSUSE (chromium, evolution, graphviz, nmap, systemd, transfig, and ucode-intel), Red Hat (pacemaker), SUSE (curl, libvirt, openssl, php7, php72, and systemd), and Ubuntu (gnome-desktop3, keepalived, and samba). --------------------------------------------- https://lwn.net/Articles/789595/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.05.2019
by Daily end-of-shift report 27 May '19

27 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-05-2019 18:00 − Montag 27-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Joomla and WordPress Found Harboring Malicious Redirect Code ∗∗∗ --------------------------------------------- New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites. --------------------------------------------- https://threatpost.com/joomla-and-wordpress-malicious-redirect-code/145068/ ∗∗∗ Serious Security: Don’t let your SQL server attack you with ransomware ∗∗∗ --------------------------------------------- Tales from the honeypot: this time a MySQL-based attack. Old tricks still work, because were still making old mistakes - heres what to do. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/25/serious-security-dont-let-your-… ∗∗∗ Alles Fake: sendlein.net, reipel.net, kleimer.net und lieberg24.com ∗∗∗ --------------------------------------------- Die verlockenden Technik-Angebote bei sendlein.net, reipel.net, kleimer.net oder lieberg24.com sind leider zu schön, um wahr zu sein! Es handelt sich um betrügerische Shops, die nicht liefern. Sie verlieren Ihr Geld und geben Kreditkartendaten preis, die für Online-Einkäufe verwendet werden könnten! --------------------------------------------- https://www.watchlist-internet.at/news/alles-fake-sendleinnet-reipelnet-kle… ∗∗∗ Intense scanning activity detected for BlueKeep RDP flaw ∗∗∗ --------------------------------------------- A threat actor hidden behind Tor nodes is scanning for Windows systems vulnerable to BlueKeep flaw. --------------------------------------------- https://www.zdnet.com/article/intense-scanning-activity-detected-for-blueke… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin - May 2019 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. ... This advisory is in response to the Android Security Bulletin (May) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ New unpatched macOS Gatekeeper Bypass Published Online ∗∗∗ --------------------------------------------- Details have been released for an unpatched vulnerability in macOS 10.14.5 (Mojave) and below that allows a hacker to execute arbitrary code without user interaction. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-unpatched-macos-gatekeep… ∗∗∗ Fortinet schließt mehrere Sicherheitslücken in FortiOS und Co. ∗∗∗ --------------------------------------------- Das SSL-VPN-Webportal von FortiOS war über mehrere Wege angreifbar – aus der Ferne und teils ohne Authentifizierung. Der Hersteller rät zum Update. --------------------------------------------- https://heise.de/-4432813 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, jackson-databind, minissdpd, php5, thunderbird, wireshark, and wpa), Fedora (curl, drupal7, firefox, kernel, libmediainfo, mediaconch, mediainfo, mod_http2, mupdf, rust, and singularity), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork), Oracle (firefox and libvirt), Scientific Linux (firefox and libvirt), and SUSE (bluez, curl, gnutls, java-1_7_1-ibm, libu2f-host, libvirt, python3, screen, and xen). --------------------------------------------- https://lwn.net/Articles/789523/ ∗∗∗ SSA-932041: Vulnerability in Radiography and Mobile X-ray Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-932041.txt ∗∗∗ SSA-832947: Vulnerability in Laboratory Diagnostics Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-832947.txt ∗∗∗ SSA-433987: Vulnerability in Radiation Oncology Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-433987.txt ∗∗∗ SSA-406175: Vulnerability in Siemens Healthineers Software Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-406175.txt ∗∗∗ SSA-166360: Vulnerability in Advanced Therapy Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-166360.txt ∗∗∗ SSA-616199: Vulnerability in Point of Care Diagnostics Products from Siemens Healthineers - Blood Gas ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-616199.txt ∗∗∗ IBM Security Bulletin: IBM QRadar WinCollect Agent Does Not Verify TLS Syslog Certificate (CVE-2019-4264) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-wincollect… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder shipped with Jazz Reporting Service (CVE-2019-4184) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ GNU Binutils vulnerability CVE-2019-9070 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13534168 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.05.2019
by Daily end-of-shift report 24 May '19

24 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-05-2019 18:00 − Freitag 24-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Hacker veröffentlicht vier Windows-0-Day-Lücken innerhalb weniger Tage ∗∗∗ --------------------------------------------- Als "SandboxEscaper" und "Polar Bear" hat ein Hacker insgesamt vier bislang ungepatchte Windows-Lücken veröffentlicht. Grund zur Panik besteht aber nicht. --------------------------------------------- https://heise.de/-4430811 ∗∗∗ CEO Fraud goes WhatsApp ∗∗∗ --------------------------------------------- Uns wurde in den letzten Tagen von zwei Firmen berichtet, dass sie Ziel von CEO Fraud Versuchen waren, wobei der Kontakt per WhatsApp Nachricht erfolgte. Wir kannten das Schema bisher eigentlich nur per Email: Der "Geschäftsführer" verlangt per Mail die Hilfe bei einer wichtigen, aber vertraulichen Überweisung. Details siehe Wikipedia. Daher: bitte hier nicht nur an Email denken. --------------------------------------------- http://www.cert.at/services/blog/20190524171920-2476.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (zookeeper), Fedora (kernel, singularity, and thunderbird), openSUSE (java-1_8_0-openjdk), Oracle (curl), Red Hat (firefox, libvirt, and virt:rhel), SUSE (php5, python-Jinja2, python-Pillow, and sysstat), and Ubuntu (MariaDB). --------------------------------------------- https://lwn.net/Articles/789353/ ∗∗∗ Vuln: Atlassian Bitbucket Server CVE-2019-3397 Directory Traversal Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108447 ∗∗∗ IBM Security Bulletin: A security vulnerability has been addressed in IBM Cognos Analytics (CVE-2019-4139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Cross-site scripting and failure to enforce HTTP Strict Transport Security vulnerabilities in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4137, CVE-2019-4138) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-2426, CVE-2018-12547, CVE-2018-1890) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-guardium-stealthbits-… ∗∗∗ IBM Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability… ∗∗∗ IBM Security Bulletin: security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Potential Spoofing vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1902) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-spoofing-vu… ∗∗∗ Binutils vulnerability CVE-2019-9075 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42059040 ∗∗∗ Binutils vulnerability CVE-2019-9074 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K09092524 ∗∗∗ GNU Binutils vulnerability CVE-2019-9077 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00056379 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.05.2019
by Daily end-of-shift report 23 May '19

23 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-05-2019 18:00 − Donnerstag 23-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day ∗∗∗ --------------------------------------------- SandboxEscaper held true to that promise, on Thursday releasing on GitHub the proof-of-concepts (PoCs) for another three Windows LPE flaws, and a sandbox-escape zero-day vulnerability impacting Internet Explorer 11. One of them however turns out to already be patched. ... Though SandboxEscaper released PoC demos for these last three flaws, researchers have not yet confirmed their validity. --------------------------------------------- https://threatpost.com/sandboxescaper-more-exploits-ie-zero-day/145010/ ∗∗∗ IT threat evolution Q1 2019 ∗∗∗ --------------------------------------------- Zebrocy and GreyEnergy, four zero-day vulnerabilities in Windows, attacks on cryptocurrency exchanges, a very old bug in WinRAR, attacks on smart devices and other events of the first quarter of 2019. --------------------------------------------- https://securelist.com/it-threat-evolution-q1-2019/90978/ ∗∗∗ Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903 ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1903 (a.k.a., “19H1”), and for Windows Server version 1903. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2019/05/23/security-baseline-f… ∗∗∗ New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices ∗∗∗ --------------------------------------------- We discovered a new variant of Mirai that uses a total of 13 different exploits, almost all of which have been used in previous Mirai-related attacks. Typical of Mirai variants, it has backdoor and distributed denial-of-service (DDoS) capabilities. However, this case stands out as the first to have used all 13 exploits together in a single campaign --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-varia… ∗∗∗ Jeder dritte RDP-Server Österreichs auf „BlueKeep“ anfällig ∗∗∗ --------------------------------------------- In einem überraschenden Schritt hat Microsoft vergangene Woche eine kritische Schwachstelle in den eigentlich nicht mehr unterstützten Betriebssystemen Windows XP und Server 2003 behoben. Die Remote Code Execution „BlueKeep“ (CVE-2019-0708) in der Fernwartungsfunktion Remote Desktop Service (RDP) ist für entfernte Angreifer direkt ausnutzbar und wird als kritisch eingestuft. --------------------------------------------- https://www.offensity.com/de/blog/jeder-dritte-rdp-server-oesterreichs-auf-… ∗∗∗ GetCrypt Ransomware Brute Forces Credentials, Decryptor Released ∗∗∗ --------------------------------------------- A new ransomware called GetCrypt is being installed through malvertising campaigns that redirect victims to the RIG exploit kit. ... If you were infected with the GetCrypt Ransomware, it is possible to get your files back for free. All you need is a original unencrypted copy of a file that has been encrypted. --------------------------------------------- https://www.bleepingcomputer.com/news/security/getcrypt-ransomware-brute-fo… ∗∗∗ iX 6/2019: Follow-Up zu den Sicherheitsproblemen in Office 365 ∗∗∗ --------------------------------------------- Auf die von der iX aufgedeckten Sicherheitsproblemen in Office 365 reagierte Microsoft nun – zufriedenstellen konnten die Antworten aber nicht. --------------------------------------------- https://heise.de/-4429020 ∗∗∗ Apple behebt Firmwareproblem bei T2-Sicherheitschip ∗∗∗ --------------------------------------------- Der Konzern hat ein Zusatzupdate für macOS 10.14.5 freigegeben, das bestimmte MacBook-Pro-Modelle betrifft. Details sind noch rar. --------------------------------------------- https://heise.de/-4429365 ∗∗∗ Undurchsichtige Angebote auf retinollift.com und hyaluronicone.com ∗∗∗ --------------------------------------------- Auf retinollift.com und hyaluronicone.com werden diverse Beautyprodukte angeboten und auch ein besonderes Tagesangebot als „Today’s Special“ beworben. Dieses Spezialangebot enthält eine vermeintlich kostenlose Probe, lediglich der Versand muss per Kreditkarte bezahlt werden. Kurz darauf kommt es aber zu weiteren Abbuchungen, denen die verärgerten Konsument/innen nie bewusst zugestimmt haben. --------------------------------------------- https://www.watchlist-internet.at/news/undurchsichtige-angebote-auf-retinol… ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress plugin "WP Open Graph" vulnerable to cross-site request forgery ∗∗∗ --------------------------------------------- Description: WordPress plugin "WP Open Graph" provided by Custom4Web contains a cross-site request forgery vulnerability (CWE-352). Impact: If a user views a malicious page while logged in, unintended operations may be performed. --------------------------------------------- https://jvn.jp/en/jp/JVN33652328/ ∗∗∗ Vuln: Apache Camel CVE-2019-0188 XML External Entity Injection Vulnerability ∗∗∗ --------------------------------------------- Apache Camel is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks. --------------------------------------------- http://www.securityfocus.com/bid/108422 ∗∗∗ Vuln: QEMU CVE-2019-12247 Integer Overflow Vulnerability ∗∗∗ --------------------------------------------- Attackers can exploit this issue to crash the QEMU instance, resulting in a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. --------------------------------------------- http://www.securityfocus.com/bid/108434 ∗∗∗ WD My Cloud RCE ∗∗∗ --------------------------------------------- In this post I’ll explain how I discoverd several vulnerabilities in Western Digital NAS devices and used them together to execute code remotely, as root. To take control of the NAS an attacker needs to be in the same network and know its IP address. --------------------------------------------- https://bnbdr.github.io/posts/wd/ ∗∗∗ DoS Vulnerability in RTSP Module of Huawei Smart Phones ∗∗∗ --------------------------------------------- There is a DoS vulnerability in RTSP module of some Huawei smart phones. Remote attacker could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. ... CVE-2019-5284. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190523-… ∗∗∗ Tcl code injection security exposure ∗∗∗ --------------------------------------------- Certain coding practices may allow an attacker to inject arbitrary Tool Command Language (Tcl) commands, which could be executed in the security context of the target Tcl script. --------------------------------------------- https://support.f5.com/csp/article/K15650046 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ffmpeg and firefox-esr), openSUSE (bzip2, chromium, and GraphicsMagick), Slackware (curl), SUSE (ucode-intel), and Ubuntu (curl and intel-microcode). --------------------------------------------- https://lwn.net/Articles/789224/ ∗∗∗ Synology-SA-19:25 Virtual Machine Manager ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to bypass security constraints via a susceptible version of Virtual Machine Manager. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_25 ∗∗∗ cURL: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0444 ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is potentially impacted by a weak cipher (CVE-2019-4256) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache ActiveMQ Affects IBM Control Center (CVE-2019-0222) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.05.2019
by Daily end-of-shift report 22 May '19

22 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-05-2019 18:00 − Mittwoch 22-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Zero-Day Exploit [Local Privilege Escalation, Anm.] for Bug in Windows 10 Task Scheduler ∗∗∗ --------------------------------------------- Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsofts monthly cycle of security updates. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-bug… ∗∗∗ Forthcoming OpenSSL Releases ∗∗∗ --------------------------------------------- These releases will be made available on 28th May 2019 between approximately 1200-1600 UTC. OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not address any CVEs. OpenSSL 1.1.1c is a bug-fix release (and contains the equivalent security hardening fixes as for 1.1.0k and 1.0.2s where relevant). --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2019-May/000150.html ∗∗∗ Sophisticated Spear Phishing Campaigns using Homograph Attacks ∗∗∗ --------------------------------------------- Over the last few months we did some research on how to create phishing emails which are good enough to fool even security professionals. Therefore, we were looking into quite an old topic: Punycode domains and IDN homograph attacks. --------------------------------------------- https://www.offensity.com/en/newsroom/sophisticated-spear-phishing-campaign… ∗∗∗ Gefälschte Gewinn-SMS im Namen der Post führt in Abo-Falle ∗∗∗ --------------------------------------------- Konsument/innen erhalten eine gefälschte SMS-Nachricht im Namen der Post AG aufgrund einer angeblichen Gewinnspielteilnahme zugesandt. Wer dem Link folgt, an einer kurzen Umfrage teilnimmt und einen Gewinn auswählt, tappt in eine Abo-Falle. Es bleibt nämlich nicht bei der einmaligen Zahlung von 2 Euro für Adidas Schuhe, die nie geliefert werden, sondern es folgen laufend weitere Abbuchungen durch die ILS Company ApS. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-gewinn-sms-im-namen-der-… ===================== = Vulnerabilities = ===================== ∗∗∗ Mozilla Firefox und Thunderbird: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Es bestehen mehrere Schwachstellen in Mozilla Thunderbird, Mozilla Firefox und Mozilla Firefox ESR. Ein Angreifer kann dies ausnutzen, um den Browser zum Absturz zu bringen, um Daten zu manipulieren, um Sicherheitsmechanismen zu umgehen, um vertrauliche Daten einzusehen oder schädlichen Programmcode auszuführen. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/05/warn… ∗∗∗ DoS Vulnerability in Huawei S Series Switch Products ∗∗∗ --------------------------------------------- Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. ... CVE-2019-5285. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ruby and wget), Debian (proftpd-dfsg), Fedora (firefox, mupdf, nss, and wavpack), openSUSE (evolution, GraphicsMagick, graphviz, libxslt, openssl-1_0_0, ovmf, and sqlite3), Red Hat (dotnet, python27-python and python27-python-jinja2, and rh-mariadb102-mariadb and rh-mariadb102-galera), Slackware (mozilla), SUSE (gnutls, java-1_7_1-ibm, and java-1_8_0-ibm), and Ubuntu (curl, firefox, php5, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/789132/ ∗∗∗ Computrols CBAS Web ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-141-01 ∗∗∗ Mitsubishi Electric MELSEC-Q Series Ethernet Module ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-141-02 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM License Key Server Administration and Reporting Tool and Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack due to incorrect permissions on MQ directories. (CVE-2019-4078) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-… ∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a denial of service attack within the error logging function (CVE-2019-4039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.05.2019
by Daily end-of-shift report 21 May '19

21 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 20-05-2019 18:00 − Dienstag 21-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ DDoS attacks in Q1 2019 ∗∗∗ --------------------------------------------- Q1 2019 held no particular surprises, save for countries such as Saudi Arabia, the Netherlands, and Romania maintaining a high level of DDoS activity. --------------------------------------------- https://securelist.com/ddos-report-q1-2019/90792/ ∗∗∗ Jetzt patchen! Exploit-Code für RDP-Lücke BlueKeep in Windows gesichtet ∗∗∗ --------------------------------------------- Wer ältere Windows-Versionen als 10 und 8.1 nutzt, sollte aufgrund von möglichen Angriffen spätestens jetzt die aktuellen Sicherheitsupdates installieren. --------------------------------------------- https://heise.de/-4427183 ∗∗∗ Zweite Ausgabe des Deutsch-Französischen IT-Sicherheitslagebilds erschienen ∗∗∗ --------------------------------------------- Darin tragen das Bundesamt für Sicherheit in der Informationstechnik (BSI) und die französische Agence nationale de la sécurité des systèmes d'information (ANSSI) nationale Erkenntnisse und Erfahrungen zu zwei aktuellen Themen vergleichend zusammen und bereiten diese für die allgemeine Öffentlichkeit auf. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/D-F-IT-Sich… ∗∗∗ So schützen Sie sich vor Abo-Fallen im Internet ∗∗∗ --------------------------------------------- Gleich vorweg sei gesagt: Auch im Internet hat niemand etwas zu verschenken! Seien Sie daher skeptisch bei schier unglaublichen Gratisangeboten oder Gewinnversprechen in E-Mails und SMS, auf Social Media, auf Websites oder in Online-Werbung. Kriminelle nutzen diese häufig, um Konsument/innen in eine Abo-Falle zu locken. --------------------------------------------- https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-abo-fallen… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: systemd CVE-2018-20839 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- systemd is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. systemd 242 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/108389 ∗∗∗ Linux Privilege Escalation via LXD & Hijacked UNIX Socket Credentials ∗∗∗ --------------------------------------------- Linux systems running LXD are vulnerable to privilege escalation via multiple attack paths, two of which are published in my “lxd_root” GitHub repository. This blog will go into the details of what I think is a very interesting path - abusing relayed UNIX socket credentials to speak directly to systemd’s private interface. --------------------------------------------- https://shenaniganslabs.io/2019/05/21/LXD-LPE.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7 and jackson-databind), Fedora (checkstyle and gradle), openSUSE (qemu and xen), SUSE (ffmpeg, kvm, and ucode-intel), and Ubuntu (libraw and python-urllib3). --------------------------------------------- https://lwn.net/Articles/789017/ ∗∗∗ IBM Addresses Reported Intel Security Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-addresses-reported-intel-security-vulne… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Web Experience Factory ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.05.2019
by Daily end-of-shift report 20 May '19

20 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-05-2019 18:00 − Montag 20-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Linksys-Router leaken offenbar alle verbundenen Geräte ∗∗∗ --------------------------------------------- Linksys will die Sicherheitslücke bereits 2014 geschlossen haben, doch laut dem Sicherheitsforscher Troy Mursch leaken die Router weiterhin die Daten aller jemals verbundenen Geräte. (Router-Lücke, Netzwerk) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-linksys-router-leaken-offenbar-… ∗∗∗ ENISA is setting the ground for Industry 4.0 Cybersecurity ∗∗∗ --------------------------------------------- The EU Agency for Cybersecurity ENISA is stepping up its efforts to foster cybersecurity for Industry 4.0 by publishing a new paper on ‘Challenges and Recommendations for Industry 4.0 Cybersecurity’ . --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-is-setting-the-ground-for… ∗∗∗ Security researchers discover Linux version of Winnti malware ∗∗∗ --------------------------------------------- Winnti Linux variant used in 2015 in the hack of a Vietnamese gaming company. --------------------------------------------- https://www.zdnet.com/article/security-researchers-discover-linux-version-o… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cups-filters, dhcpcd5, faad2, ghostscript, graphicsmagick, jruby, lemonldap-ng, and libspring-security-2.0-java), Fedora (gnome-desktop3, java-1.8.0-openjdk-aarch32, libu2f-host, samba, sqlite, webkit2gtk3, xen, and ytnef), Mageia (docker, flash-player-plugin, freeradius, libsndfile, libxslt, mariadb, netpbm, python-jinja2, tomcat-native, and virtualbox), openSUSE (kernel and ucode-intel), and SUSE (kernel, kvm, libvirt, nmap, and transfig). --------------------------------------------- https://lwn.net/Articles/788911/ ∗∗∗ MIELE Multiple Vulnerabilities in XGW 3000 ZigBee Gateway ∗∗∗ --------------------------------------------- Miele XGW 3000 is prone to mutiple vulerabilities in version <= 2.3.4 (1.4.6) --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-010 ∗∗∗ IBM Security Bulletin: Vulnerabiliies in ghostscript affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-gho… ∗∗∗ IBM Security Bulletin: A vulnerability in OpenSSL affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-op… ∗∗∗ IBM Security Bulletin: A vulnerability in Corosync affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-co… ∗∗∗ IBM Security Bulletin: A vulnerability in Docker affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-do… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by a security degradation vulnerability in Kubernetes (CVE-2019-9946) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V5 is impacted by information disclosure (CVE-2018-1991) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-imp… ∗∗∗ HPESBST03928 rev.1 - Command View Advanced Edition (CVAE) Products using JDK, Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03917 rev.1 - HPE Integrated Lights-Out 4 (iLO 4) for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.05.2019
by Daily end-of-shift report 17 May '19

17 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-05-2019 18:00 − Freitag 17-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cyber Security Challenge 2019 ∗∗∗ --------------------------------------------- Auch heuer veranstaltet der Verein Cyber Security Austria gemeinsam mit dem Abwehramt die Austria Cyber Security Challenge, quasi das Äquivalent zu den Mathe/Chemie/Latein/... - Olympiaden für Cyber Security.Über das Jahr hinweg werden einerseits die Staatsmeister ermittelt, aber auch das österreichische Team für den Europäischen Wettbewerb ausgesucht. --------------------------------------------- http://www.cert.at/services/blog/20190517101951-2471.html ∗∗∗ Google recalls Titan Bluetooth keys after finding security flaw ∗∗∗ --------------------------------------------- Google had egg on its face this week after it had to recall some of its Titan hardware security keys for being insecure. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/17/google-recalls-titan-bluetooth-… ∗∗∗ A Large Chunk of Ethereum Clients Remain Unpatched ∗∗∗ --------------------------------------------- In a report shared with ZDNet today, security researchers from SRLabs revealed that a large chunk of the Ethereum client software that runs on Ethereum nodes has yet to receive a patch for a critical security flaw the company discovered earlier this year. --------------------------------------------- https://it.slashdot.org/story/19/05/17/151222/a-large-chunk-of-ethereum-cli… ∗∗∗ Intel fixt teils kritische Lücken in UEFI-BIOS, ME und Linux-Grafiktreiber ∗∗∗ --------------------------------------------- In den vergangenen Tagen beschäftigten Intel neben ZombieLoad noch weitere Lücken. Die sind zum Glück nicht aus der Ferne ausnutzbar. --------------------------------------------- https://heise.de/-4423912 ∗∗∗ Dateidiebstahl und mehr: Problematische Lücken in Apples AirDrop-Technik ∗∗∗ --------------------------------------------- Mit dem AWDL-Verfahren können iPhones, Macs und Co. direkt Daten austauschen. Forscher aus Darmstadt zeigten nun neue Missbrauchsmöglichkeiten. --------------------------------------------- https://heise.de/-4424245 ===================== = Vulnerabilities = ===================== ∗∗∗ DNS-Software BIND: Neue Version schließt mehrere Schwachstellen ∗∗∗ --------------------------------------------- Die BIND-Versionen 9.11.7, 9.14.2 und aktualisierte BIND-Packages für Linux sind gegen zwei potzenzielle Denial-of-Service-Angriffspunkte abgesichert. --------------------------------------------- https://heise.de/-4424425 ∗∗∗ Security Advisory - MITM Vulnerability on Huawei Share ∗∗∗ --------------------------------------------- There is a man-in-the-middle(MITM) vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190517-… ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Wacom Update Helper ∗∗∗ --------------------------------------------- There are two privilege escalation vulnerabilities in the Wacom update helper. The update helper is a utility installed alongside the macOS application for Wacom tablets. The application interacts with the tablet and allows the user to manage it. These vulnerabilities could allow an attacker with local access to raise their privileges to root. --------------------------------------------- https://blog.talosintelligence.com/2019/05/wacom-update-helper-vuln-spotlig… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jquery), Fedora (kernel-headers, php-typo3-phar-stream-wrapper, and python3), openSUSE (qemu, ucode-intel, and xen), Red Hat (chromium-browser, java-1.8.0-ibm, and rh-python35-python-jinja2), SUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, evolution, graphviz, kernel, qemu, and systemd), and Ubuntu (libmediainfo, libvirt, and Wireshark). --------------------------------------------- https://lwn.net/Articles/788773/ ∗∗∗ Drupal: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Drupal [genauer: externen Modulen, Anm.] ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0433 ∗∗∗ Symantec Messaging Gateway: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer aus dem angrenzenden Netzwerk kann eine Schwachstelle in Symantec Messaging Gateway ausnutzen, um Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0432 ∗∗∗ F-Secure Produkte: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/05/warn… ∗∗∗ Vuln: Fuji Electric Alpha7 PC Loader Out-of-Bounds Read Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108359 ∗∗∗ Potential Impact on Processors in the POWER Family ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ ∗∗∗ IBM Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2019-4293) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-vulnera… ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-5-x… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ SSB-501863 (Last Update: 2019-05-16): Customer Information on Microsoft Windows RDP Vulnerability for Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssb-501863.pdf ∗∗∗ Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52370164 ∗∗∗ Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K97035296 ∗∗∗ Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K80159635 ∗∗∗ Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K34303485 ∗∗∗ INTEL-SA-00233 Microarchitectural Data Sampling Advisory ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41283800 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily May 2019