Daily June 2019

daily@lists.cert.at

1 participants
18 discussions

Tageszusammenfassung - 28.06.2019
by Daily end-of-shift report 28 Jun '19

28 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 27-06-2019 18:00 − Freitag 28-06-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: ImageMagick Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- Successfully exploiting these issues may allow an attacker to gain access to sensitive information, bypass certain security restrictions and to perform unauthorized actions or cause a denial-of-service condition. This may aid in launching further attacks. Due to the nature of this issue, code execution may be possible but this has not been confirmed. ImageMagick version 7.0.8-34 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/108913 ∗∗∗ Vuln: OpenJPEG Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- Attackers can exploit these issues to cause the application to crash or execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. OpenJPEG version 2.3.0 and prior are vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/108921 ∗∗∗ Vuln: Symantec Endpoint Encryption CVE-2019-9703 Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- Local attackers can exploit this issue to gain elevated privileges. Versions prior to Symantec Endpoint Encryption 11.3.0 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108796 ∗∗∗ Vuln: Symantec Endpoint Encryption CVE-2019-9702 Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- Local attackers can exploit this issue to gain elevated privileges. Versions prior to Symantec Endpoint Encryption 11.3.0 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108795 ∗∗∗ McAfee schließt mehrere Schwachstellen in Enterprise Security Manager ∗∗∗ --------------------------------------------- Neue Versionen des SIEM von McAfee beseitigen insgesamt zehn potenzielle Angriffspunkte, von denen zum Teil ein hohes Sicherheitsrisiko ausgeht. --------------------------------------------- https://heise.de/-4457190 ∗∗∗ Medtronic recalls vulnerable MiniMed insulin pumps ∗∗∗ --------------------------------------------- Medtronic, the world’s largest medical device company, has issued a recall of some of its insulin pumps because they can be tampered with by attackers. About the vulnerable devices The affected devices are insulin pumps from the MiniMed 508 and Paradigm series ... --------------------------------------------- https://www.helpnetsecurity.com/2019/06/28/hackable-medtronic-insulin-pumps… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (expat and mupdf), Fedora (drupal7-uuid, php-brumann-polyfill-unserialize, and php-typo3-phar-stream-wrapper2), openSUSE (thunderbird), Oracle (thunderbird and vim), SUSE (glibc), and Ubuntu (poppler). --------------------------------------------- https://lwn.net/Articles/792318/ ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a wget vulnerability (CVE-2019-5953) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities (CVE-2019-7221, CVE-2019-6974, CVE-2018-17972, CVE-2018-9568) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Admin Console (CVE-2019-4269) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by multiple libssh2 vulnerabilities (CVE-2019-3863, CVE-2019-3857, CVE-2019-3856, CVE-2019-3855) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a an openssl vulnerability (CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: Sensitive information disclosure affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2019-4369) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-sensitive-information… ∗∗∗ IBM Security Bulletin: Guardium StealthBits Integration is affected by an SQLite vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-guardium-stealthbits-… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an OpenSSH vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ F5 tmsh vulnerability CVE-2019-6642 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K40378764 ∗∗∗ PHOENIX CONTACT Security Advisory for Industrial Controllers ILC1x0, ILC1x1, AXC1050 and AXC3050 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-015 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.06.2019
by Daily end-of-shift report 27 Jun '19

27 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 26-06-2019 18:00 − Donnerstag 27-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ How Hackers Turn Microsoft Excels Own Features Against It ∗∗∗ --------------------------------------------- A pair of recent findings show how hackers can compromise Excel users without any fancy exploits. --------------------------------------------- https://www.wired.com/story/microsoft-excel-hacking-power-query-macros ∗∗∗ Fake Instagram Verification ∗∗∗ --------------------------------------------- Across various social media platforms there are verification checkmark symbols that appear near the name of the account’s page we view. For example, this verified account indicator seen from our our Twitter page: These verification checkmarks exist as a credibility indicator to help show authenticity and integrity to social media page visitors. --------------------------------------------- https://blog.sucuri.net/2019/06/fake-instagram-verification.html ∗∗∗ NIST Releases Report on Managing IoT Risks ∗∗∗ --------------------------------------------- Original release date: June 26, 2019The National Institute of Standards and Technology (NIST) has released the Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks report. The publication—the first in a planned series on IoT—aims to help federal agencies and other organizations manage the cybersecurity and privacy risks associated with individual IoT devices. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/06/26/nist-releases-repo… ∗∗∗ Europäischer Rechtsakt zur Cyber-Sicherheit tritt in Kraft ∗∗∗ --------------------------------------------- Der europäische Rechtsakt zur Cyber-Sicherheit ("Cybersecurity Act") ist am 27. Juni 2019 in Kraft getreten. Kernelemente des Rechtsakts sind ein neues, permanentes Mandat für die europäische Cyber-Sicherheitsagentur ENISA sowie die Einführung eines einheitlichen europäischen Zertifizierungsrahmens für IKT-Produkte, -Dienstleistungen und -Prozesse. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Cybersecuri… ∗∗∗ GreenFlash Sundown exploit kit expands via large malvertising campaign ∗∗∗ --------------------------------------------- The GreenFlash exploit kit, which we typically saw targeting South Korean users, reaches globally with a large malvertising campaign via a popular website.Categories: Threat analysisTags: EKexploit kitGreenFlash Sundownmalvertisingseon ransomware [...] --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-ex… ∗∗∗ Bestellen Sie nicht bei media-blue.store ∗∗∗ --------------------------------------------- Wer bei media-blue.store glaubt, ein Schnäppchen ergattert zu haben, irrt sich, denn die Ware wird trotz Bezahlung nie geliefert. Es handelt sich um einen Fake-Shop! --------------------------------------------- https://www.watchlist-internet.at/news/bestellen-sie-nicht-bei-media-bluest… ===================== = Vulnerabilities = ===================== ∗∗∗ Epyc crypto flaw? AMD emits firmware fix for server processors after Googler smashes RAM encryption algorithms ∗∗∗ --------------------------------------------- SEV code cracked to leak secret keys Updated Microchip slinger AMD has issued a firmware patch to fix the encryption in its Secure Encrypted Virtualization technology (SEV), used to defend the memory of Linux KVM virtual machines running on its Epyc processors. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/06/26/amd_epyc_ke… ∗∗∗ Advanced Forum - Critical - Cross Site Scripting - SA-CONTRIB-2019-054 ∗∗∗ --------------------------------------------- Project: Advanced Forum Version: 7.x-2.x-dev Date: 2019-June-26 Security risk: Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All Vulnerability: Cross Site Scripting --------------------------------------------- https://www.drupal.org/sa-contrib-2019-054 ∗∗∗ Kritische Lücken in Cisco Data Center Network Manager ∗∗∗ --------------------------------------------- Eine Schwachstelle gefährdet Netzwerkgeräte von Cisco. Ein Sicherheitsupdate schließt mehrere Schlupflöcher. --------------------------------------------- https://heise.de/-4456661 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (drupal7-uuid, php-brumann-polyfill-unserialize, and php-typo3-phar-stream-wrapper2), openSUSE (ansible, compat-openssl098, exempi, glib2, gstreamer-0_10-plugins-base, gstreamer-plugins-base, libmediainfo, libssh2_org, SDL2, sqlite3, and wireshark), Oracle (firefox), Red Hat (thunderbird and vim), Scientific Linux (firefox), SUSE (java-1_8_0-ibm), and Ubuntu (bzip2 and expat). --------------------------------------------- https://lwn.net/Articles/792231/ ∗∗∗ Kubernetes CLI tool security flaw lets attackers run code on host machine ∗∗∗ --------------------------------------------- Interesting bug can lead to total compromise of cloud production environments. --------------------------------------------- https://www.zdnet.com/article/kubernetes-cli-tool-security-flaw-lets-attack… ∗∗∗ Vuln: GNU Binutils CVE-2019-12972 Heap Based Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108903 ∗∗∗ Vuln: Linux Kernel CVE-2019-12984 Null Pointer Dereference Remote Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108905 ∗∗∗ OpenJPEG: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0545 ∗∗∗ ImageMagick: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0547 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.06.2019
by Daily end-of-shift report 26 Jun '19

26 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 25-06-2019 18:00 − Mittwoch 26-06-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ YouTube Bitcoin Scams Pushing the njRAT Backdoor InfoStealer ∗∗∗ --------------------------------------------- YouTube scams are promoting software that pretends to allow users to get free Bitcoins, but instead installs the njRAT remote access Trojan and password stealer. --------------------------------------------- https://www.bleepingcomputer.com/news/security/youtube-bitcoin-scams-pushin… ∗∗∗ Brickerbot 2.0: Neue Schadsoftware möchte IoT-Geräte zerstören ∗∗∗ --------------------------------------------- Wie das Vorbild Brickerbot möchte die Schadsoftware Silex unsichere IoT-Geräte zerstören. Auch ungeschützte Linux-Server könnten ihr Opfer werden. Der Entwickler der Schadsoftware arbeitet an weiteren Funktionen. --------------------------------------------- https://www.golem.de/news/brickerbot-2-0-neue-schadsoftware-moechte-iot-ger… ∗∗∗ Subdomain Takeover: Sicherheitsfirmen übernehmen Subdomain von EA ∗∗∗ --------------------------------------------- Die Subdomain eaplayinvite.ea.com des Spieleherstellers Electronic Arts ist von Sicherheitsfirmen übernommen worden. Über einen weiteren Angriff konnten die Firmen auch an Nutzerdaten gelangen. --------------------------------------------- https://www.golem.de/news/subdomain-takeover-sicherheitsfirmen-uebernehmen-… ∗∗∗ Achtung vor Scamming im Internet ∗∗∗ --------------------------------------------- Scamming (dt. Vorschussbetrug) beschreibt eine beliebte Betrugsform im Internet, die Kriminelle nutzen, um an schnelles Geld zu gelangen. Sie versprechen ihren Opfern Erbschaften, Millionengewinne, günstige Kredite oder spielen ihnen eine Notlage vor und drängen sie zu hohen Vorschusszahlungen. Es handelt sich ausnahmslos um leere Versprechen und Geld landet ausschließlich in den Taschen der Betrüger/innen. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-scamming-im-internet/ ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Nessus CVE-2019-3961 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- Nessus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Nessus 8.4.0 and prior versions are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108892 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python3.4), Oracle (firefox), Red Hat (firefox and kernel-alt), SUSE (ImageMagick and SUSE Manager Server 3.2), and Ubuntu (bzip2). --------------------------------------------- https://lwn.net/Articles/792111/ ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190626-… ∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Connect:Direct Web Services (CVE-2018-1890) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-af… ∗∗∗ IBM Security Bulletin: WebSphere App Server – Out of Memory Exception can cause DOS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-websphere-app-server-… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli System Automation Application Manager April 2019 CPU (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: A security vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components and Watson Content Analytics (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-exist… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.06.2019
by Daily end-of-shift report 25 Jun '19

25 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Montag 24-06-2019 18:00 − Dienstag 25-06-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic ∗∗∗ --------------------------------------------- Oracle WebLogic has recently disclosed and patched remote-code-execution (RCE) vulnerabilities in its software, many of which were due to insecure deserialization. Oracle addressed the most recent vulnerability, CVE-2019-2729, in an out-of-band security patch on June 18, 2019. CVE-2019-2729 was assigned a CVSS score of 9.8, making it a critical vulnerability. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fYmCaoi4AE8/ ∗∗∗ Thunderbird 60.7.2: Mozilla fixt potenziell gefährliche Lückenkombination ∗∗∗ --------------------------------------------- Das Mozilla Entwickler-Team hat vergangene Woche zwei Sicherheitslücken in Thunderbird behoben, die zuvor in Firefox aktiv ausgenutzt worden war. --------------------------------------------- https://heise.de/-4454671 ∗∗∗ Side-Channel Attacks: OpenSSH erhält Schutz vor Spectre, RAMBleed und Co. ∗∗∗ --------------------------------------------- Die temporäre Verschlüsselung im RAM soll mit OpenSSH genutzte Keys künftig vor Seitenkanalangriffen schützen. --------------------------------------------- https://heise.de/-4455055 ∗∗∗ Phishing-Versuch gegen free-Kund/innen der Advanzia Bank S.A. ∗∗∗ --------------------------------------------- Konsument/innen finden eine E-Mail in ihrem Posteingang, in der sie über die Notwendigkeit einer Datenbestätigung informiert werden, um die free-Kreditkarte weiter nutzen zu können. Die Nachricht erweckt den Eindruck, von der Advanzia Bank S.A. zu stammen, doch sie wird von Kriminellen verschickt. Dem Link darf nicht gefolgt werden, denn es handelt sich um einen Phishing-Versuch! --------------------------------------------- https://www.watchlist-internet.at/news/phishing-versuch-gegen-free-kundinne… ∗∗∗ New Mac malware abuses recently disclosed Gatekeeper zero-day ∗∗∗ --------------------------------------------- Researchers find new OSX/Linker malware abusing still-unpatched macOS Gatekeeper bypass. --------------------------------------------- https://www.zdnet.com/article/new-mac-malware-abuses-recently-disclosed-gat… ===================== = Vulnerabilities = ===================== ∗∗∗ TYPO3 9.5.8 and 8.7.27 security releases published ∗∗∗ --------------------------------------------- We are announcing the release of the following TYPO3 updates: TYPO3 9.5.8 LTS TYPO3 8.7.27 LTS All versions are security releases and contain important security fixes --------------------------------------------- https://typo3.org/article/typo3-958-and-8727-security-releases-published/ ∗∗∗ TYPO3-EXT-SA-2019-014: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin) ∗∗∗ --------------------------------------------- CVE: CVE-2019-11768 and CVE-2019-12616 * PMASA-2019-3: SQL injection in Designer feature * PMASA-2019-4: CSRF vulnerability in login form --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2019-014/ ∗∗∗ Kubernetes CVE-2019-11246 Incomplete Fix Arbitrary File Overwrite Vulnerability ∗∗∗ --------------------------------------------- Kubernetes is prone to a vulnerability that may allow attackers to overwrite arbitrary files. Successful exploits may allow an attacker to write arbitrary files in the context of the user running the affected application. Versions prior to kubernetes 1.12.9, 1.13.6, and 1.14.2 are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/108866/discuss ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (python), Debian (bzip2, libvirt, python2.7, python3.4, rdesktop, and thunderbird), Fedora (thunderbird and tomcat), openSUSE (aubio, docker, enigmail, GraphicsMagick, and python-Jinja2), SUSE (kernel, libvirt, postgresql96, and tomcat), and Ubuntu (ceph, firefox, imagemagick, libmysofa, linux, linux-hwe, neutron, and policykit-desktop-privileges). --------------------------------------------- https://lwn.net/Articles/792006/ ∗∗∗ Alpine Linux Docker image vulnerability CVE-2019-5021 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K25551452 ∗∗∗ QEMU: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0541 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.06.2019
by Daily end-of-shift report 24 Jun '19

24 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 21-06-2019 18:00 − Montag 24-06-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft: Were fighting Windows malware spread via Excel in email with bad macro ∗∗∗ --------------------------------------------- Earlier this month Microsoft warned that attackers were firing spam that exploited an Office flaw to install a trojan. The bug meant the attackers didn't require Windows users to enable macros. However, a new malware campaign that doesn't exploit a specific vulnerability in Microsoft software takes the opposite approach, using malicious macro functions in an Excel attachment to compromise fully patched Windows PCs. --------------------------------------------- https://www.zdnet.com/article/microsoft-were-fighting-windows-malware-sprea… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Schwachstelle in bzip2 - je nach Setup für RCE ausnutzbar ∗∗∗ --------------------------------------------- Kritische Schwachstelle in bzip2 - je nach Setup für RCE ausnutzbar 24. Juni 2019 Beschreibung In der Kompressions-Software bzip2 gibt es eine Lücke, durch die sich in manchen Konfigurationen beliebiger Code mit den Rechten des Benutzers ausführen lässt. CVSS3 Score: 9.8 (laut NIST NVD) CVE-Nummer: CVE-2019-12900 Auswirkungen Angreifer müssen es schaffen, entsprechend präparierte komprimierte Dateien zur Dekompression zu bringen. Dies kann zB durch Versand solcher --------------------------------------------- http://www.cert.at/warnings/all/20190624.html ∗∗∗ Tor Browser 8.5.3 Fixes a Sandbox Escape Vulnerability in Firefox ∗∗∗ --------------------------------------------- Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest version. --------------------------------------------- https://www.bleepingcomputer.com/news/software/tor-browser-853-fixes-a-sand… ∗∗∗ Sicherheitslücke: Outlook-App ermöglichte Auslesen von E-Mails ∗∗∗ --------------------------------------------- Eigentlich sollte in E-Mails eingebetteter Javascript-Code nicht ausgeführt werden. Mit der Android-Version von Microsofts Outlook war dies durch einen Trick möglich. Mit einer präparierten E-Mail konnte unter anderem das Mailkonto ausgelesen werden. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-outlook-app-ermoeglichte-ausles… ∗∗∗ Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer ∗∗∗ --------------------------------------------- If you use VLC media player on your computer and havent updated it recently, dont you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. Thats because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities... --------------------------------------------- https://thehackernews.com/2019/06/vlc-media-player-hacking.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jackson-databind, libvirt, pdns, and vim), Fedora (evince, firefox, gjs, libxslt, mozjs60, and poppler), openSUSE (dbus-1, firefox, ImageMagick, netpbm, openssh, and thunderbird), Oracle (libssh2, libvirt, and python), Scientific Linux (python), SUSE (compat-openssl098 , dbus-1 , evince , exempi , firefox , glib2 , gstreamer-0_10-plugins-base , gstreamer-plugins-base , java-1_8_0-ibm , libssh2_org , libvirt , netpbm , samba , SDL2 , sqlite3 , thunderbird, wireshark), Ubuntu (web2py) --------------------------------------------- https://lwn.net/Articles/791921/ ∗∗∗ cURL: Windows OpenSSL engine code injection ∗∗∗ --------------------------------------------- A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. This flaw exists in the official curl-for-windows binaries built and hosted by the curl project (all versions up to and including 7.65.1_1). It does not exist in the curl executable shipped by Microsoft, bundled with Windows 10. It possibly exists in other curl builds for Windows too that uses OpenSSL. --------------------------------------------- https://curl.haxx.se/docs/CVE-2019-5443.html ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Nagios XI ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0534 ∗∗∗ Mattermost security update 5.11.1 / 5.10.2 / 5.9.2 / 4.10.10 (ESR) released ∗∗∗ --------------------------------------------- We are releasing a recommended security update via Mattermost Team Edition 5.11.1, 5.10.2, 5.9.2 and 4.10.10 (ESR) and Mattermost Enterprise Edition 5.11.1, 5.10.2, 5.9.2 and 4.10.10 (ESR). This security update addresses a medium-level vulnerability discovered during a security research review by Zonduu. --------------------------------------------- https://mattermost.com/blog/mattermost-security-update-5-11-1-5-10-2-5-9-2-… ∗∗∗ Secure Hub accepts 10 digit worxpin when "PIN Length Requirement" Client Property is set to more than 10 ∗∗∗ --------------------------------------------- Secure Hub when enrolling would prompt for Worxpin post successful enrollment and you would observe that Worxpin requirement is met as soon as 10 Digit PIN is set while XM console has PIN Length Requirement set to more than 10. --------------------------------------------- https://support.citrix.com/article/CTX256810 ∗∗∗ IBM Security Bulletin: Vulnerability affects IBM Cloud Object Storage SDK Java (June 2019) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-affects… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Access Manager Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL affect QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-cu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.06.2019
by Daily end-of-shift report 21 Jun '19

21 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-06-2019 18:00 − Freitag 21-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Botnet Uses SSH and ADB to Create Android Cryptomining Army ∗∗∗ --------------------------------------------- Researchers discovered a cryptocurrency mining botnet that uses the Android Debug Bridge (ADB) Wi-Fi interface and SSH connections to hosts stored in the known_hosts list to spread to other devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-c… ===================== = Vulnerabilities = ===================== ∗∗∗ PHOENIX CONTACT Automation Worx Software Suite ∗∗∗ --------------------------------------------- This advisory includes mitigations for access of uninitialized pointer, out-of-bounds read, and use after free vulnerabilities reported in Phoenix Contacts Automation Worx Software Suite. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-171-01 ∗∗∗ Cisco schließt zwei kritische und zahlreiche weitere Schwachstellen ∗∗∗ --------------------------------------------- Updates für Ciscos SD-WAN-Lösung und DNA Center beseitigen kritische Sicherheitsprobleme. Aber auch zahlreiche weitere Produkte wurden frisch gepatcht. --------------------------------------------- https://heise.de/-4451734 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, gvfs, intel-microcode, and python-urllib3), Fedora (advancecomp, firefox, freeradius, kubernetes, pam-u2f, and rubygem-jquery-ui-rails), openSUSE (elfutils and sssd), Red Hat (chromium-browser), SUSE (doxygen and samba), and Ubuntu (evince, firefox, Gunicorn, libvirt, and sqlite3). --------------------------------------------- https://lwn.net/Articles/791572/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libvirt and python), Debian (intel-microcode, php-horde-form, and znc), Fedora (firefox), Mageia (firefox, flash-player-plugin, git, graphicsmagick, kernel, kernel-linus, kernel-tmb, phpmyadmin, and thunderbird), Oracle (libssh2, libvirt, and python), Red Hat (libvirt and python), Scientific Linux (libvirt), Slackware (bind and mozilla), SUSE (enigmail), and Ubuntu (bind9, intel-microcode, mosquitto, postgresql-10, postgresql-11, and thunderbird). --------------------------------------------- https://lwn.net/Articles/791669/ ∗∗∗ Synology-SA-19:28 Linux kernel ∗∗∗ --------------------------------------------- CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 allow remote attackers to conduct denial-of-service attacks via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_28 ∗∗∗ Multiple vulnerabilities in VAIO Update ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN13555032/ ∗∗∗ Intel-SA-00213: Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT vulnerabilities ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42117350 ∗∗∗ Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/ ∗∗∗ Security vulnerabilities fixed in Thunderbird 60.7.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/ ∗∗∗ AirPort Base Station Firmware Update 7.8.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT210091 ∗∗∗ CVE-2019-10072 Apache Tomcat HTTP/2 DoS ∗∗∗ --------------------------------------------- https://mail-archives.apache.org/mod_mbox/tomcat-announce/201906.mbox/brows… ∗∗∗ DSA-2019-084: Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Security Update for PC Doctor Vulnerability ∗∗∗ --------------------------------------------- https://www.dell.com/support/article/at/de/atdhs1/sln317291/dsa-2019-084-de… ∗∗∗ [webapps] WebERP 4.15 - SQL injection ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/47013 ∗∗∗ DoS Vulnerability in Huawei S Series Switch Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-… ∗∗∗ IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following jQuery vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-mess… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability in Node.js (CVE-2019-5737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-is-a… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js lodash module vulnerability (CVE-2018-16487) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-mess… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-5390 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.06.2019
by Daily end-of-shift report 19 Jun '19

19 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 18-06-2019 18:00 − Mittwoch 19-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Zombieload: Intel-Microcode für Windows v1809/v1803 verfügbar ∗∗∗ --------------------------------------------- Schutz gegen Microarchitectural Data Sampling wie Zombieload: Wer noch Windows 10 oder Windows Server in einer älteren Version auf einem Intel-Prozessor nutzt, erhält nun direkt über das Betriebssystem passenden Microcode, um das System gegen Seitenkanalangriffe zu härten. --------------------------------------------- https://www.golem.de/news/zombieload-intel-microcode-fuer-windows-v1809-v18… ∗∗∗ Pass the salt! Popular CMSs aren’t securing passwords properly ∗∗∗ --------------------------------------------- A group of researchers has discovered that many of the webs most popular content management systems are using obsolete algorithms to protect their users passwords. --------------------------------------------- https://nakedsecurity.sophos.com/2019/06/19/popular-content-platforms-putti… ∗∗∗ Quick Detect: Exim "Return of the Wizard" Attack, (Wed, Jun 19th) ∗∗∗ --------------------------------------------- Thanks to our reader Alex for sharing some of his mail logs with the latest attempts to exploit CVE-2019-10149 (aka "Return of the Wizard"). The vulnerability affects Exim and was patched about two weeks ago. There are likely still plenty of vulnerable servers, but it looks like attackers are branching out and are hitting servers not running Exim as well. --------------------------------------------- https://isc.sans.edu/diary/rss/25052 ∗∗∗ Evading Sysmon DNS Monitoring ∗∗∗ --------------------------------------------- In a recent update to Sysmon, a new feature was introduced allowing the ability to log DNS events. While this gives an excellent datapoint for defenders (shout out to the SysInternals team for continuing to provide and support these awesome tools for free), for us as attackers, this means that should our implant or payloads attempt to communicate via DNS, BlueTeam have a potential way to pick up on indicators which could lead to detection. --------------------------------------------- https://blog.xpnsec.com/ ∗∗∗ BSI veröffentlicht Empfehlungen zur sicheren Konfiguration von Microsoft-Office-Produkten ∗∗∗ --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat für den Einsatz auf dem Betriebssystem Microsoft Windows sieben Cyber-Sicherheitsempfehlungen für eine sichere Konfiguration von Microsoft Office 2013/2016/2019 erstellt. Diese behandeln zum einen übergreifende Richtlinien für Microsoft Office, zum anderen Richtlinien für sechs häufig genutzte Microsoft Office-Anwendungen (Access, Excel, Outlook, PowerPoint, Visio und Word). --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Empfehlunge… ∗∗∗ Achtung vor gefälschten News zu BitUp und Bitcoin Code ∗∗∗ --------------------------------------------- Internetnutzer/innen stoßen vermehrt auf erfundene Nachrichtenartikel, die die Angebote von Bitcoin Code oder BitUp bewerben. Berichtet wird vom „größten Deal der Geschichte“ bei den Fernsehsendungen „Die Höhle der Löwen“ oder „2 Minuten 2 Millionen“. Die Angebote auf bitcoincodesoftapps.com und bitupapp.com sind unseriös und Anleger/innen verlieren ihr Geld! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-gefaelschten-news-zu-bit… ===================== = Vulnerabilities = ===================== ∗∗∗ Zero Day: Mozilla schließt ausgenutzte Sicherheitslücke in Firefox ∗∗∗ --------------------------------------------- Firefox-Hersteller Mozilla hat eine kritische Sicherheitslücke in seinem Browser geschlossen, die wohl aktiv ausgenutzt wird. Updates stehen bereit und werden von Mozilla bereits verteilt. --------------------------------------------- https://www.golem.de/news/zero-day-mozilla-schliesst-ausgenutzte-sicherheit… ∗∗∗ Oracle Releases Security Advisory for WebLogic ∗∗∗ --------------------------------------------- Original release date: June 19, 2019 Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/06/19/Oracle-Releases-Se… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dbus, firefox, kernel, linux-lts, linux-zen, and python), CentOS (bind and kernel), Debian (firefox-esr, glib2.0, and vim), Fedora (dbus, kernel, kernel-headers, mingw-libxslt, poppler, and python-gnupg), openSUSE (gnome-shell, kernel, libcroco, php7, postgresql10, python, sssd, and thunderbird), Oracle (kernel and libvirt), Red Hat (go-toolset:rhel8, gvfs, java-11-openjdk, pki-deps:10.6, systemd, and WALinuxAgent), SUSE (docker, kernel, libvirt, [...] --------------------------------------------- https://lwn.net/Articles/791462/ ∗∗∗ PHOENIX CONTACT Multiple Vulnerabilities in Automation Worx Software Suite ∗∗∗ --------------------------------------------- Security Advisory for Automation Worx Software Suite version 1.86 and earlier --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-014 ∗∗∗ Vuln: Symantec DLP CVE-2019-9701 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108733 ∗∗∗ Samba: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0521 ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by sensitive information leakage in LoopBack (CVE-2019-4382) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4377) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Command Center (CVE-2019-2602) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM API Connect ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by sensitive information leak (CVE-2018-2013) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by software stack information leak (CVE-2018-2011) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V5 is vulnerable to CSRF attacks (CVE-2018-1858) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-vul… ∗∗∗ FreeBSD SACK Slowness vulnerability CVE-2019-5599 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K75521003 ∗∗∗ Linux SACK Slowness vulnerability CVE-2019-11478 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26618426 ∗∗∗ Linux SACK Panic vulnerability CVE-2019-11477 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K78234183 ∗∗∗ Excess resource consumption due to low MSS values vulnerability CVE-2019-11479 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35421172 ∗∗∗ Intel CSME and SPS vulnerability CVE-2019-0093 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13710800 ∗∗∗ Intel Server Platform Services vulnerability CVE-2019-0089 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K47234311 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.06.2019
by Daily end-of-shift report 18 Jun '19

18 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Montag 17-06-2019 18:00 − Dienstag 18-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Security Alert: Booking.Com Fake Emails Infect Computers with Sodinokibi Ransomware ∗∗∗ --------------------------------------------- A new spam campaign pretending to be from Booking.com is now targeting users. The emails carry a document containing macro code. If someone clicks on the document, opens it, and allows the execution of the macro code, a loader will be spawned. This will download and run ransomware of the Sodinokibi class. --------------------------------------------- https://heimdalsecurity.com/blog/booking-com-fake-emails-sodinokibi-ransomw… ∗∗∗ Plurox: Modular backdoor ∗∗∗ --------------------------------------------- The analysis showed the Backdoor.Win32.Plurox to have a few quite unpleasant features. What’s more, the backdoor is modular, which means that its functionality can be expanded with the aid of plugins. --------------------------------------------- https://securelist.com/plurox-modular-backdoor/91213/ ∗∗∗ Malware sidesteps Google permissions policy with new 2FA bypass technique ∗∗∗ --------------------------------------------- When Google restricted the use of SMS and Call Log permissions in Android apps in March 2019, one of the positive effects was that credential-stealing apps lost the option to abuse these permissions for bypassing SMS-based two-factor authentication (2FA) mechanisms. We have now discovered malicious apps capable of accessing one-time passwords (OTPs) in SMS 2FA messages without using SMS permissions, circumventing Google’s recent restrictions. As a bonus, this technique also works to obtain OTPs from some email-based 2FA systems. --------------------------------------------- https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-by… ∗∗∗ Sharing the Secrets: Pwning an industrial IoT router ∗∗∗ --------------------------------------------- I get involved in a lot of IoT and ICS pen tests and found an interesting device on one of them. I didn’t have enough time on the job to go as deep as I wanted, so got PTP to buy a couple to play with. eBay FTW! It’s an Ewon Flexy IoT Router. --------------------------------------------- https://www.pentestpartners.com/security-blog/sharing-the-secrets-pwning-an… ∗∗∗ Bestellen Sie nicht bei lastore.net ∗∗∗ --------------------------------------------- Auch wenn die Preise bei lastore.net sehr verlockend sind, raten wir von einer Bestellung ab. Denn lastore.net ist ein Fake-Shop, der trotz Bezahlung keine Ware liefert! --------------------------------------------- https://www.watchlist-internet.at/news/bestellen-sie-nicht-bei-lastorenet/ ===================== = Vulnerabilities = ===================== ∗∗∗ TCP SACK PANIC: Linux- und FreeBSD-Kernel lassen sich aus der Ferne angreifen ∗∗∗ --------------------------------------------- Netflix hat einige Sicherheitsprobleme im Netzwerk-Stack von Linux- und FreeBSD-Kerneln entdeckt, die sich für Denial-of-Service-Attacken eignen. --------------------------------------------- https://heise.de/-4449183 ∗∗∗ Vulnerability Spotlight: Two bugs in KCodes NetUSB affect some NETGEAR routers ∗∗∗ --------------------------------------------- KCodes’ NetUSB kernel module contains two vulnerabilities that could allow an attacker to inappropriately access information on some NETGEAR wireless routers. Specific models of these routers utilize the kernel module from KCodes, a Taiwanese company. The module is custom-made for each device, but they all contain similar functions. --------------------------------------------- https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-two-bugs… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (linux-hardened), Debian (kdepim, kernel, linux-4.9, and phpmyadmin), Fedora (ansible and glib2), openSUSE (kernel and vim), Oracle (bind and kernel), Red Hat (kernel and kernel-rt), Scientific Linux (bind and kernel), SUSE (dbus-1, ImageMagick, kernel, netpbm, openssh, and sqlite3), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon and linux, --------------------------------------------- https://lwn.net/Articles/791370/ ∗∗∗ Critical Flaw Exposes TP-Link Wi-Fi Extenders to Remote Attacks ∗∗∗ --------------------------------------------- A critical remote code execution vulnerability discovered by an IBM X-Force researcher allows an unauthenticated attacker to take complete control of some TP-Link Wi-Fi extenders. Firmware updates that should patch the flaw have been made available by the vendor. --------------------------------------------- https://www.securityweek.com/critical-flaw-exposes-tp-link-wi-fi-extenders-… ∗∗∗ MISP: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- MISP ist eine Open-Source-Plattform für den Informationsaustausch über Bedrohungen. Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in MISP ausnutzen, um beliebigen Programmcode auszuführen. CVE Liste: CVE-2019-12868 --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0515 ∗∗∗ Improper Access Control Vulnerability in AppDNA ∗∗∗ --------------------------------------------- A vulnerability has been identified in AppDNA that could result in access controls not being enforced when accessing the web console potentially allowing privilege escalation and remote code execution. --------------------------------------------- https://support.citrix.com/article/CTX253828 ∗∗∗ IBM Security Bulletin: Password exposure via job log in IBM Spectrum Protect Plus (CVE-2019-4385) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-exposure-via… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to CSV Injection (CVE-2019-4364) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-4303) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Tivoli System Automation for Multiplatforms April 2019 CPU (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5743 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: An Arbitrary Download Vulnerability Affects IBM Campaign (CVE-2019-4384) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-arbitrary-download… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability Affects IBM Marketing Platform (CVE-2017-1107) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.06.2019
by Daily end-of-shift report 17 Jun '19

17 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-06-2019 18:00 − Montag 17-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ U.S. Govt Achieves BlueKeep Remote Code Execution, Issues Alert ∗∗∗ --------------------------------------------- The Cybersecurity and Infrastructure Security Agency (CISA) published an alert for Windows users to patch the critical severity Remote Desktop Services (RDS) RCE security flaw dubbed BlueKeep. --------------------------------------------- https://www.bleepingcomputer.com/news/security/us-govt-achieves-bluekeep-re… ∗∗∗ Ermittler entschlüsselten neue Version der GandCrab-Ransomware ∗∗∗ --------------------------------------------- Wer Opfer der Ransomware wurde, kann die Schadsoftware mit dem neuen Tool kostenfrei entfernen. --------------------------------------------- https://futurezone.at/netzpolitik/ermittler-entschluesselten-neue-version-d… ∗∗∗ An infection from Rig exploit kit, (Mon, Jun 17th) ∗∗∗ --------------------------------------------- [...] Today's diary reviews a recent example of infection traffic caused by Rig EK. --------------------------------------------- https://isc.sans.edu/diary/rss/25040 ∗∗∗ Überteuertes Visum für Kanada auf kanadaeta.com und kanada-eta.de ∗∗∗ --------------------------------------------- Zahlreiche verärgerte Konsument/innen berichten uns von überteuerten ETA-Anträgen (Electronic Travel Authorization) – also Reisegenehmigungen – auf kanadaeta.com und kanada-eta.de. Statt etwa 5 Euro auf der offiziellen Website der kanadischen Regierung werden hier zwischen 50 und 80 Euro für ein Visum verrechnet. Die Watchlist Internet empfiehlt: Die offizielle Regierungswebsite nutzen! --------------------------------------------- https://www.watchlist-internet.at/news/ueberteuertes-visum-fuer-kanada-auf-… ∗∗∗ Security researcher finds critical XSS bug in Googles Invoice Submission Portal ∗∗∗ --------------------------------------------- Security bug would have allowed hackers access to one of Googles backend apps. --------------------------------------------- https://www.zdnet.com/article/security-researcher-finds-critical-xss-bug-in… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and thunderbird), Debian (php-horde-form, pyxdg, thunderbird, and znc), Fedora (containernetworking-plugins, mediawiki, and podman), openSUSE (chromium), Red Hat (bind, chromium-browser, and flash-plugin), SUSE (docker, glibc, gstreamer-0_10-plugins-base, gstreamer-plugins-base, postgresql10, sqlite3, and thunderbird), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/791277/ ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-pla… ∗∗∗ IBM Security Bulletin: Vulnerability in strongswan affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-stro… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL and strongswan affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-fabric-os-firmware-fo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.06.2019
by Daily end-of-shift report 14 Jun '19

14 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-06-2019 18:00 − Freitag 14-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs ∗∗∗ --------------------------------------------- Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations’ computing resources to use for malicious purposes and it remains a top security concern. In this blog post, we will detail an attack type where an API [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/T-m0jjHJA_o/ ∗∗∗ Security and Privacy, Two Sides of the Same Coin ∗∗∗ --------------------------------------------- ENISA Annual Privacy Forum 2019 --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/security-and-privacy-two-sides-… ∗∗∗ Phishing-Mails gaukeln Ende von WhatsApp-Abonnement vor ∗∗∗ --------------------------------------------- Eine aktuelle Phishing-Welle versucht, WhatsApp-Nutzer über ein angeblich auslaufendes Abonnement zur Preisgabe von Zahlungsdaten zu bewegen. --------------------------------------------- https://heise.de/-4447165 ∗∗∗ Linux servers under attack via latest Exim flaw ∗∗∗ --------------------------------------------- It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149). Active campaigns One security enthusiast detected exploitation attempts five days ago: [...] --------------------------------------------- https://www.helpnetsecurity.com/2019/06/14/exploiting-cve-2019-10149/ ∗∗∗ Adware and PUPs families add push notifications as an attack vector ∗∗∗ --------------------------------------------- Push notifications are being added to the arsenal of PUPs, adware, and even a Trojan browser extension that spams Facebook groups. --------------------------------------------- https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-p… ∗∗∗ Yubico Replacing YubiKey FIPS Devices Due to Security Issue ∗∗∗ --------------------------------------------- Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA signatures generated on these devices to have reduced strength. --------------------------------------------- https://www.securityweek.com/yubico-replacing-yubikey-fips-devices-due-secu… ∗∗∗ French Authorities Release Free Decryptor for PyLocky Ransomware ∗∗∗ --------------------------------------------- The French Ministry of Interior has released a free decryption tool for the PyLocky ransomware to help victims recover their data. --------------------------------------------- https://www.securityweek.com/french-authorities-release-free-decryptor-pylo… ∗∗∗ MISP 2.4.109 released (aka cool-attributes-to-object) ∗∗∗ --------------------------------------------- MISP 2.4.109 releasedA new version of MISP (2.4.109) has been released with a host of new features, improvements, bug fixes and a minor security fix. We strongly advise all users to update their MISP installations to this latest version. --------------------------------------------- https://www.misp-project.org/2019/06/14/MISP.2.4.109.released.html ===================== = Vulnerabilities = ===================== ∗∗∗ BD Alaris Gateway Workstation ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper access control and unrestricted upload of file with dangerous type vulnerabilities reported in BD’s Alaris Gateway Workstation. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01 ∗∗∗ Johnson Controls exacqVision Enterprise System Manager ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper authorization vulnerability reported in Johnson Controls exacqVision Enterprise System Manager. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-164-01 ∗∗∗ Xen Security Advisory XSA-295 - Unlimited Arm Atomics Operations ∗∗∗ --------------------------------------------- An attacker in a domU could perform a denial of service attack on Xen by accessing a memory region shared with the hypervisor, while Xen is performing an atomic operation on the same region. As a result Xen could end up looping boundlessly. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-295.txt ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (gvim, lib32-openssl, openssl, and vim), Debian (dbus), Fedora (dovecot, evince, js-jquery-jstree, libxslt, php-phpmyadmin-sql-parser, and phpMyAdmin), openSUSE (neovim and rubygem-rack), Oracle (docker-engine and python), Scientific Linux (python), Slackware (mozilla), and SUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, elfutils, libvirt, and python-requests). --------------------------------------------- https://lwn.net/Articles/791165/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact Remote Code Execution (CVE-2019-4103) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-netcool-im… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is affected by a XXE (XML External Entity) Injection vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Notes 9 and Domino 9 are affected by Open Source James Clark Expat Vulnerabilities (CVE-2013-0340, CVE-2013-0341) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-notes-9-and-domin… ∗∗∗ IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cognos-controller… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily June 2019