July 2019 - Daily

Tageszusammenfassung - 31.07.2019
by Daily end-of-shift report 31 Jul '19

31 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 30-07-2019 18:00 − Mittwoch 31-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Smart Home: Philips Hue und Kameras über unsichere Protokolle gehackt ∗∗∗ --------------------------------------------- Sicherheitsforschern ist es gelungen, Steuerungsbefehle an Überwachungskameras und Philips-Hue-Lampen zu schicken. Die Geräte übertragen Daten und Befehle standardmäßig auf eine unsichere Weise. --------------------------------------------- https://www.golem.de/news/smart-home-philips-hue-und-kameras-ueber-unsicher… ∗∗∗ Keeping a Hidden Identity: Mirai C&Cs in Tor Network ∗∗∗ --------------------------------------------- We found new samples of Mirai targeting IP cameras and DVRs with exposed ports and default credentials. Like its predecessors, it allows attackers remote access and the use of infected devices to form a botnet for DDoS attacks. However, the C&Cs were traced back to the Tor network, keeping the cybercriminals identities anonymous and protecting the servers from being shut down despite discovery. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/keeping-a-hidde… ∗∗∗ IoT home security camera allows hackers to listen in over HTTP ∗∗∗ --------------------------------------------- "The Amcrest IP2M-841B IP camera firmware version V2.520.AC00.18.R does not require authentication to access the HTTP endpoint /videotalk," the vulnerabilitys description reads. "An unauthenticated, remote person can connect to this endpoint and listen to the audio the camera is capturing." --------------------------------------------- https://www.zdnet.com/article/iot-home-security-camera-allows-hackers-to-li… ∗∗∗ Malvertising: Online Advertisings Darker Side ∗∗∗ --------------------------------------------- The days of installing a basic ad blocker on your web browser and expecting full protection are gone. Between the sites that require them to be disabled and the ability for advertisers to pay to evade them, ad blockers alone are not sufficient. As this blog will cover in detail, malvertising is a problem not strictly associated with basic web browsing. It can also come with other software programs including adware or potentially unwanted applications (PUA). These latter examples require the most attention. --------------------------------------------- https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html ∗∗∗ Gefährliche PayPal Phishing-Nachrichten in Umlauf ∗∗∗ --------------------------------------------- Vorsicht vor betrügerischen Nachrichten im Namen PayPals, die an zahlreiche Konsument/innen verschickt werden. In der E-Mail wird behauptet, das Konto sei eingeschränkt worden und die Daten müssten bestätigt werden. Es handelt sich um einen Versuch Krimineller, an Zahlungsdaten zu kommen, um diese für weitere Verbrechen missbrauchen zu können! --------------------------------------------- https://www.watchlist-internet.at/news/gefaehrliche-paypal-phishing-nachric… ∗∗∗ Gefälschte DHL-Mails enthalten gefährliche Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden massenhaft E-Mails, in denen sie sich als DHL ausgeben und behaupten, dass Ihr Paket nicht zugestellt werden konnte. Nähere Infos, über das weitere Vorgehen, finden Sie angeblich im Dateianhang. Öffnen Sie keinesfalls die Datei, es handelt sich um Schadsoftware! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-dhl-mails-enthalten-gefa… ===================== = Vulnerabilities = ===================== ∗∗∗ Updates verfügbar: OXID eShop repariert verwundbares Admin-Panel ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in mehreren OXID-eShop-Versionen ermöglichte das Einschleusen und Ausführen beliebiger SQL-Befehle mittels speziell präparierter URLs. --------------------------------------------- https://heise.de/-4484390 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (389-ds-base, curl, and kernel), Debian (libssh2), Fedora (kernel, kernel-headers, and oniguruma), openSUSE (chromium, openexr, thunderbird, and virtualbox), Oracle (389-ds-base, curl, httpd, kernel, and libssh2), Red Hat (nss and nspr and ruby:2.5), Scientific Linux (httpd and kernel), SUSE (java-1_8_0-openjdk, mariadb, mariadb-connector-c, polkit, and python-requests), and Ubuntu (openjdk-8, openldap, and sox). --------------------------------------------- https://lwn.net/Articles/795007/ ∗∗∗ Prima Systems FlexAir ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-211-02 ∗∗∗ IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by a Jetty vulnerability (CVE-2018-12545) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-netcool-agile-ser… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-ident… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Secure Gateway is affected by a Denial of Service vulnerability (CVE-2019-5428) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-secure-gateway-is-aff… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.07.2019
by Daily end-of-shift report 30 Jul '19

30 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 29-07-2019 18:00 − Dienstag 30-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ E-Bikes nicht bei limebikes.de bestellen ∗∗∗ --------------------------------------------- Haben Sie vor, sich ein E-Bike zu kaufen? Dann sollten Sie es keinesfalls bei limebikes.de bestellen. Die ansprechende Website und die unschlagbaren Preise sind Fake, es handelt sich um einen betrügerischen Shop. Ihr Bike wird trotz Bezahlung nie geliefert! --------------------------------------------- https://www.watchlist-internet.at/news/e-bikes-nicht-bei-limebikesde-bestel… ===================== = Vulnerabilities = ===================== ∗∗∗ PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records ∗∗∗ --------------------------------------------- Updated packages (that only contain a Postgres schema change) will be released later. Just upgrading at that time will not fix the vulnerability - applying the schema change is mandatory. --------------------------------------------- https://mailman.powerdns.com/pipermail/pdns-announce/2019-July/001123.html ∗∗∗ OpenSSL Security Advisory: Windows builds with insecure path defaults (CVE-2019-1552) ∗∗∗ --------------------------------------------- OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. ... However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of C:/usr/local, which may be world writable, which enables untrusted users to modify OpenSSLs default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. Severity: Low --------------------------------------------- https://www.openssl.org/news/secadv/20190730.txt ∗∗∗ Google Project Zero: Sechs interaktionslose iMessage-Lücken, eine ohne Patch ∗∗∗ --------------------------------------------- Das Sicherheitsprojekt der Suchmaschine hat ein halbes Dutzend Fehler im Apple-Betriebssystem iOS offengelegt, davon diverse kritische. --------------------------------------------- https://heise.de/-4483807 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (cutter-re and radare2), Oracle (389-ds-base, httpd, kernel, libssh2, and qemu-kvm), Red Hat (389-ds-base, chromium-browser, curl, docker, httpd, keepalived, kernel, kernel-alt, kernel-rt, libssh2, perl, podman, procps-ng, qemu-kvm, qemu-kvm-ma, ruby, samba, and vim), Scientific Linux (389-ds-base, curl, libssh2, and qemu-kvm), SUSE (bzip2 and openexr), and Ubuntu (python-urllib3 and tmpreaper). --------------------------------------------- https://lwn.net/Articles/794920/ ∗∗∗ 2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on High Voltage Products ∗∗∗ --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=2GHV057194&LanguageC… ∗∗∗ 2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on ABB Power Grids - Grid Automation products ∗∗∗ --------------------------------------------- https://new.abb.com/news/detail/28733/cyber-security-notification ∗∗∗ 2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on ABB Robot Controller Software ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=SI20192&LanguageCod… ∗∗∗ 2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on AC 800PEC ∗∗∗ --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A6671&Lang… ∗∗∗ Security Advisory - Three Vulnerabilities in Huawei PCManager Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190710-… ∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by a missing function level access control vulnerability (CVE-2019-4163) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storediq-is-affec… ∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by a denial of service attack vulnerability (CVE-2019-4165) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storediq-is-affec… ∗∗∗ IBM Security Bulletin: External Service invocation in IBM Business Space affects IBM Business Monitor (CVE-2018-1885) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-external-service-invo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.07.2019
by Daily end-of-shift report 29 Jul '19

29 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 26-07-2019 18:00 − Montag 29-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Rare Steganography Hack Can Compromise Fully Patched Websites ∗∗∗ --------------------------------------------- An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP code into JPEG files’ EXIF headers in order to upload malware onto targeted websites. --------------------------------------------- https://threatpost.com/rare-steganography-hack-can-compromise-fully-patched… ∗∗∗ A VxWorks Operating System Bug Exposes 200 Million Critical Devices ∗∗∗ --------------------------------------------- VxWorks is designed as a secure, "real-time" operating system for continuously functioning devices, like medical equipment, elevator controllers, or satellite modems. --------------------------------------------- https://www.wired.com/story/vxworks-vulnerabilities-urgent11 ∗∗∗ Finding Evil in Windows 10 Compressed Memory, Part One: Volatility andRekall Tools ∗∗∗ --------------------------------------------- Paging all digital forensicators, incident responders, and memory manager enthusiasts! Have you ever found yourself at a client site working around the clock to extract evil from a Windows 10 image? Have you hit the wall at step zero, running into difficulties viewing a process tree, or enumerating kernel modules? Or even worse, had to face the C-Suite and let them know you couldn’t find any evil? Well fear no more – FLARE has you covered. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/07/finding-evil-in-windows… ∗∗∗ Examining the Link Between TLD Prices and Abuse ∗∗∗ --------------------------------------------- Briefing Over the years, McAfee researchers have observed that certain new top-level Domains (TLDs) are more likely to be abused by cyber criminals for malicious activities than others. Our investigations reveal a negative relationship between the likelihood for abuse and registration price of some TLDs, as reported by the McAfee URL and email intelligence team. --------------------------------------------- https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/examining-the-l… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin - July 2019 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ iTunes und iCloud für Windows mit Sicherheitslücken – Updates einspielen ∗∗∗ --------------------------------------------- iTunes 12.9.6 und iCloud für Windows sollen kritische Schwachstellen beseitigen, die Apple auch in eigenen Betriebssystemen behoben hat. --------------------------------------------- https://heise.de/-4480524 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (patch, sdl-image1.2, and unzip), Fedora (deepin-clone, dtkcore, dtkwidget, and sqlite), Mageia (virtualbox), openSUSE (firefox), and SUSE (cronie and firefox). --------------------------------------------- https://lwn.net/Articles/794838/ ∗∗∗ LibreOffice: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in LibreOffice ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0662 ∗∗∗ Trend Micro OfficeScan: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode und DoS ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro OfficeScan ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen und um einen Denial of Service zu verursachen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0666 ∗∗∗ OpenLDAP: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- OpenLDAP ist eine frei verfügbare Implementierung des Verzeichnisdienstes LDAP. Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenLDAP ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0665 ∗∗∗ xpdf: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in xpdf ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herzustellen oder Informationen auszuspähen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0663 ∗∗∗ IBM Security Bulletin: IBM Cloud Automation Manager is affected by an issue with API endpoints behind the ‘docker cp’ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-automation-… ∗∗∗ IBM Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center (CVE-2019-4285) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-clickjacking-vulnerab… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Asset Analyzer. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Digital Payments ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM i2 Intelligent Analyis Platform is affected by a XML External Entity (XXE) vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i2-intelligent-an… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Digital Payments for Multi-Platform is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ HPESBUX03927 rev.1 - HP-UX BIND, Remote Denial of Service (DoS) and Remote Unauthorized Data Modification ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03944 rev.1 - HPE HP2910al-48G switches, local Arbitrary Command Execution ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.07.2019
by Daily end-of-shift report 26 Jul '19

26 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 25-07-2019 18:00 − Freitag 26-07-2019 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ No More Ransom Success Story: Saves $108+ Million in Ransomware Payments ∗∗∗ --------------------------------------------- Today marks the third anniversary of No More Ransom and through its partners from the public and private sectors, law enforcement, academia, and researchers, the project has been able to help hundreds of thousands, if not millions, of victims get their encrypted files back for free. --------------------------------------------- https://www.bleepingcomputer.com/news/security/no-more-ransom-success-story… ∗∗∗ New Loader Variant Behind Widespread Malware Attacks ∗∗∗ --------------------------------------------- Malware infection technique called TxHollower gets updated with stealthy features. --------------------------------------------- https://threatpost.com/new-loader-variant-behind-widespread-malware-attacks… ∗∗∗ MyDoom Still Active in 2019 ∗∗∗ --------------------------------------------- MyDoom is an infamous computer worm first noted in early 2004. This malware has been featured in top ten lists of the most destructive computer viruses, causing an estimated $38 billion in damage. Although now well past its heyday, MyDoom continues to be a presence in the cyber threat landscape. While not as prominent as other malware families, over the past few years MyDoom has remained relatively consistent, averaging approximately 1.1 percent of all emails we see with malware attachments. --------------------------------------------- https://unit42.paloaltonetworks.com/mydoom-still-active-in-2019/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libssh2 and patch), Fedora (kernel and kernel-headers), Mageia (vlc), Red Hat (rh-redis32-redis), SUSE (libgcrypt, libsolv, libzypp, zypper, and rmt-server), and Ubuntu (exim4, firefox, libebml, linux, linux-aws, linux-kvm, linux-raspi2, and vlc). --------------------------------------------- https://lwn.net/Articles/794694/ ∗∗∗ Vuln: Qualcomm Components CVE-2019-2307 Integer Underflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/109383 ∗∗∗ Security Advisory - DoS Vulnerability in Huawei S Series Switch Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-… ∗∗∗ Security Advisory - DoS Vulnerability in RTSP Module of Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190523-… ∗∗∗ IBM Security Bulletin: ViewONE is vulnerable to XXE attack via HTTP payload (CVE-2019-4456) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-viewone-is-vulnerable… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential SQL Injection vulnerability (CVE-2019-4032) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ cURL and libcurl vulnerability CVE-2019-5436 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55133295 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.07.2019
by Daily end-of-shift report 25 Jul '19

25 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 24-07-2019 18:00 − Donnerstag 25-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ BlueKeep, mal wieder ∗∗∗ --------------------------------------------- Das "Schöne" an der IT ist, dass uns manche Themen längerfristig begleiten. So auch die Schwachstelle mit der CVE-Nummer 2019-0708, besser bekannt unter dem Namen "BlueKeep". Wir haben davor gewarnt und darüber gebloggt - und Letzteres muss leider wieder sein. --------------------------------------------- http://www.cert.at/services/blog/20190725104348-2524.html ∗∗∗ When Users Attack! Users (and Admins) Thwarting Security Controls, (Thu, Jul 25th) ∗∗∗ --------------------------------------------- Today, I'd like to discuss a few of the Critical Controls, and how I see real people abusing or circumventing them in real companies. (Sorry, no code in todays story, but we do have some GPOs ) --------------------------------------------- https://isc.sans.edu/diary/rss/25170 ∗∗∗ Verordnung über qualifizierte Stellen – QuaSteV ∗∗∗ --------------------------------------------- Mit dieser Verordnung werden jene Erfordernisse, die qualifizierte Stellen erfüllen müssen, um Betreiber wesentlicher Dienste im Hinblick auf die von ihnen betriebenen wesentlichen Dienste gemäß § 17 Abs. 3 NISG überprüfen zu können, sowie das Verfahren zur Feststellung qualifizierter Stellen festgelegt. --------------------------------------------- https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2019_II_226/BGBLA_2019_I… ∗∗∗ Cook: security things in Linux v5.2 ∗∗∗ --------------------------------------------- Over on his blog, Kees Cook runs through the security changes that came in Linux 5.2. --------------------------------------------- https://lwn.net/Articles/794145/ ∗∗∗ Hundewelpen aus Kamerun auf Facebook? Nicht kaufen! ∗∗∗ --------------------------------------------- Immer wieder wenden sich verzweifelte Konsument/innen an uns, die im Internet Hundewelpen kaufen wollten. Egal ob auf Facebook oder auf Kleinanzeigenplattformen gilt: Soll Geld nach Kamerun oder andere weit entfernte Länder überwiesen werden, handelt es sich höchstwahrscheinlich um ein betrügerisches Angebot! Die Tiere gibt es nicht und das Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/hundewelpen-aus-kamerun-auf-facebook… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Ansible CVE-2019-10206 Remote Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. --------------------------------------------- http://www.securityfocus.com/bid/109361 ∗∗∗ FreeBSD: Bhyve out-of-bounds read in XHCI device ∗∗∗ --------------------------------------------- A misbehaving bhyve guest could crash the system or access memory that it should not be able to. --------------------------------------------- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc ∗∗∗ Exim: security release for CVE-2019-13917 ∗∗∗ --------------------------------------------- A local or remote attacker can execute programs with root privileges - if youve an unusual configuration. Mitigation: Do not use ${sort } in your configuration. Fixed in: Exim 4.92.1. --------------------------------------------- http://exim.org/static/doc/security/CVE-2019-13917.txt ∗∗∗ Micro Focus ArcSight Logger CVE-2019-3485 HTML Injection Vulnerability ∗∗∗ --------------------------------------------- Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. --------------------------------------------- https://www.securityfocus.com/bid/109363/discuss ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), Debian (exim4), Fedora (java-latest-openjdk), openSUSE (libsass, tomcat, and ucode-intel), Oracle (java-1.7.0-openjdk and thunderbird), SUSE (OpenEXR, spamassassin, and thunderbird), and Ubuntu (ansible and patch). --------------------------------------------- https://lwn.net/Articles/794623/ ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: IBM Network Performance Insight (CVE-2019-10241, CVE-2019-10247) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-network-performan… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2018-1719) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.07.2019
by Daily end-of-shift report 24 Jul '19

24 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 23-07-2019 18:00 − Mittwoch 24-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Videolan: Eine VLC-Lücke, die keine ist ∗∗∗ --------------------------------------------- Ein eher unbedeutender Fehler in einer Abhängigkeit des VLC-Players wird von Behörden fälschlich als schwere Sicherheitslücke klassifiziert und viele Medien übernehmen dies ungeprüft. Das Videolan-Projekt ist nicht erfreut. --------------------------------------------- https://www.golem.de/news/videolan-eine-vlc-luecke-die-keine-ist-1907-14275… ∗∗∗ Exim: security release ahead (CVE-2019-13917) ∗∗∗ --------------------------------------------- We discovered a vulnerability. We consider the risk of an exploit as low, you need to have a fairly unusual runtime configuration. Neither our default runtime configuration nor the runtime configuration shipped by the Debian distribution is vulnerable. This is a *heads-up* notice about the upcoming release. Coordinated Release Date (CRD) for Exim 4.92.1: Thu Jul 25 10:00:00 UTC 2019 --------------------------------------------- https://seclists.org/oss-sec/2019/q3/63 ∗∗∗ Warnung: Schadsoftware mit angeblichem BSI-Absender verschickt ∗∗∗ --------------------------------------------- Derzeit verschicken Kriminelle per E-Mail Schadsoftware und gaukeln dabei vor, die Mails stammten vom BSI. Bislang bekannte Mails nutzen die Absenderadresse "meldung(a)bsi-bund.org". Das Bundesamt für Sicherheit in der Informationstechnik (BSI) ist nicht Absender dieser Mails. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Schadsoftware-BSI… ∗∗∗ Keine Ware trotz Zahlung: epic-media.shop ∗∗∗ --------------------------------------------- Konsument/innen auf der Suche nach Wasch- und Kaffeemaschinen, Spielkonsolen, Staubsaugern, Kameras und anderen technischen Geräten stoßen auf epic-media.shop. Gute Preise verlocken zu einem schnellen Einkauf. Doch Vorsicht: Bezahlte Ware wird nie geliefert, denn hinter der Website steckt nichts als Betrug! --------------------------------------------- https://www.watchlist-internet.at/news/keine-ware-trotz-zahlung-epic-medias… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Poppler CVE-2019-9959 Integer Overflow Vulnerability ∗∗∗ --------------------------------------------- Poppler is prone to an integer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Attackers can exploit this issue to cause denial-of-service conditions. --------------------------------------------- http://www.securityfocus.com/bid/109342 ∗∗∗ Vuln: GNU Binutils libiberty CVE-2019-14250 Integer Overflow Vulnerability ∗∗∗ --------------------------------------------- GNU Binutils is prone to an integer overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. --------------------------------------------- http://www.securityfocus.com/bid/109354 ∗∗∗ Serious Remote Code Execution Flaw Affects ProFTPD Powered FTP Servers ∗∗∗ --------------------------------------------- ... it's important to note that not every FTP server running vulnerable ProFTPD can be hijacked remotely, since the attacker requires log-in to the respective targeted server, or the server should have anonymous access enabled. --------------------------------------------- https://thehackernews.com/2019/07/linux-ftp-server-security.html ∗∗∗ HAProxy CVE-2019-14241 Remote Denial of Service Vulnerability ∗∗∗ --------------------------------------------- Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to HAProxy 1.9.9 and 2.0.3 are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/109352/discuss ∗∗∗ D-Link DSL-2750U Multiple Authentication Bypass Vulnerabilities ∗∗∗ --------------------------------------------- An attacker can exploit these issues to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. D-Link DSL-2750U Router 1.11 is vulnerable; other versions may also be affected. --------------------------------------------- https://www.securityfocus.com/bid/109351/discuss ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel, linux-4.9, and neovim), Fedora (slurm), openSUSE (ImageMagick, libgcrypt, libsass, live555, mumble, neovim, and teeworlds), Oracle (java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), Red Hat (java-1.7.0-openjdk), Scientific Linux (java-1.7.0-openjdk), SUSE (glibc and openexr), and Ubuntu (mysql-5.7 and patch). --------------------------------------------- https://lwn.net/Articles/794511/ ∗∗∗ Synology-SA-19:31 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to set a new password without verification via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_31 ∗∗∗ Security Advisory - TLS Certificate Verification Vulnerability in Huawei 7900 IP Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190724-… ∗∗∗ IBM Security Bulletin: IBM Cloud Private – Session not invalidated on logout (CVE-2019-4439) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-ses… ∗∗∗ IBM Security Bulletin: In IBM Cloud Private on OpenShift icp-scc SecurityContextContraints is erroneously assigned to all pods in all namespaces ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-in-ibm-cloud-private-… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Virtualization Engine TS7700 – April 2019 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in IBM Decision Optimization for Watson Studio Local ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2019-0196;CVE-2019-0197;CVE-2019-0211;CVE-2019-0215;CVE-2019-0217; and CVE-2019-0220) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-build-forge-… ∗∗∗ IBM Security Bulletin: IBM Cloud Private for Data is affected multiple security vulnerabilities in IBM Cloud Private Kubernetes ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-for… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to CSRF attack (CVE-2019-4212) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Eclipse OpenJ9, Oracle Java SE, and IBM WebSphere Application Server affect IBM Watson Compare and Comply for IBM Cloud Private for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ec… ∗∗∗ IBM Security Bulletin: IBM Cloud Private for Data is affected by vulnerabilities in the Setup package. CVE-2018-1113 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-for… ∗∗∗ NTP vulnerability CVE-2019-11331 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K09940637 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.07.2019
by Daily end-of-shift report 23 Jul '19

23 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 22-07-2019 18:00 − Dienstag 23-07-2019 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Verifying SSL/TLS configuration (part 1) ∗∗∗ --------------------------------------------- One of very important steps when performing penetration tests is to verify configuration of any SSL/TLS services. Specifically, the goal of this step is to check which protocols and ciphers are supported. This might sound easier than it is – so this will be a series of diaries where I will try to explain how to verify configuration but also how to assess risk. --------------------------------------------- https://isc.sans.edu/diary/rss/25162 ∗∗∗ QNAP und Synology warnen vor Malware-Angriffen auf schlecht gesicherte NAS ∗∗∗ --------------------------------------------- Netzwerkspeicher von QNAP und Synology sind derzeit verstärkt Attacken via Brute-Force und Exploits ausgesetzt. Die Hersteller geben Tipps zum Absichern. --------------------------------------------- https://heise.de/-4477214 ∗∗∗ Identitätsmissbrauch durch Umfrage auf selektur.net ∗∗∗ --------------------------------------------- Die Selektur GmbH gibt sich als Marktforschungsinstitut aus, bei dem Konsument/innen von Zuhause aus Produkte testen und einfach Geld verdienen können. Schon bei der Anmeldung sind Pass oder Personalausweis hochzuladen. Diese Unterlagen werden von den Kriminellen hinter selektur.net dazu genützt, ein Bankkonto zu eröffnen, welches später durch die nichtsahnenden Umfrageteilnehmer/innen freigeschaltet wird. --------------------------------------------- https://www.watchlist-internet.at/news/identitaetsmissbrauch-durch-umfrage-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Microsoft Windows OleCreateFontIndirectExt Out of Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. --------------------------------------------- http://www.securityfocus.com/bid/109335 ∗∗∗ COModo: From Sandbox to SYSTEM (CVE-2019–3969) ∗∗∗ --------------------------------------------- Antivirus (AV) is a great target for vulnerability hunting: Large attack surface, complex parsing, and various components executing with high privileges. So a couple of months ago, I decided looked at the latest Comodo Antivirus v12.0.0.6810. I ended up finding a few cool things, however one I thought was worth covering here, which is a sandbox escape as well as a privilege escalation to SYSTEM. --------------------------------------------- https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-… ∗∗∗ macOS 10.14.6 behebt Sicherheitslücken und macht Boot Camp wieder flott ∗∗∗ --------------------------------------------- macOS 10.14.6 behebt weiterhin diverse Sicherheitslücken, die unter anderem in der Web-Engine WebKit, in Bluetooth, in Core Data, im Disk Management, in Foundation und in Siri stecken. Teilweise sind sie auch aus der Ferne ausnutzbar gewesen. Zusätzlich wurde eine Lücke im Kommunikationsdienst FaceTime geschlossen, über die sogar Code von außen ausgeführt werden konnte. --------------------------------------------- https://heise.de/-4476767 ∗∗∗ Manuelles Update notwendig: Fortinet fixt kritische Lücke in mehreren Produkten ∗∗∗ --------------------------------------------- Mehrere Versionen von FortiOS, FortiManager und FortiAnalyzer akzeptieren aufgrund eines Bugs ungültige Zertifikate. Der Hersteller rät zum sofortigen Update. --------------------------------------------- https://heise.de/-4476610 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libsdl2-image and libxslt), Oracle (java-1.8.0-openjdk and java-11-openjdk), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (bzip2, microcode_ctl, and ucode-intel), and Ubuntu (clamav, evince, linux-hwe, linux-gcp, linux-snapdragon, and squid3). --------------------------------------------- https://lwn.net/Articles/794445/ ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities (CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3863) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ BIND vulnerability CVE-2019-6471 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10092301 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.07.2019
by Daily end-of-shift report 22 Jul '19

22 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 19-07-2019 18:00 − Montag 22-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Palo Alto stümpert bei kritischer Sicherheitslücke im VPN GlobalProtect ∗∗∗ --------------------------------------------- Ein Jahr nach dem Schließen einer Sicherheitslücke informiert Palo Alto seine Kunden über die Gefahr. In der Zwischenzeit hackten Forscher damit mal eben Uber. --------------------------------------------- https://heise.de/-4476441 ===================== = Vulnerabilities = ===================== ∗∗∗ Selfblow: Secure Boot in allen Tegra X1 umgehbar ∗∗∗ --------------------------------------------- Ein Fehler im Bootloader der Tegra X1 von Nvidia ermöglicht das komplette Umgehen der Verifikation des Systemboots. Das betrifft wohl alle Geräte außer der Switch. Nvidia stellt ein Update bereit. (Tegra, Nvidia) --------------------------------------------- https://www.golem.de/news/selfblow-secure-boot-in-allen-tegra-x1-umgehbar-1… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9, exiv2, kernel, nss, openjdk-11, openjdk-8, patch, and squid3), Fedora (gvfs, libldb, and samba), Mageia (firefox, gvfs, libreswan, rdesktop, and thunderbird), openSUSE (bzip2, clementine, dbus-1, expat, fence-agents, firefox, glib2, kernel, kernel-firmware, ledger, libqb, libu2f-host, pam_u2f, libvirt, neovim, php7, postgresql10, python-requests, python-Twisted, ruby-bundled-gems-rpmhelper, ruby2.5, samba, webkit2gtk3, zeromq, and znc), Red --------------------------------------------- https://lwn.net/Articles/794363/ ∗∗∗ BlackBerry Cylance Downplays, Patches Antivirus Bypass ∗∗∗ --------------------------------------------- BlackBerry Cylance has prepared an update for its CylancePROTECT product to address a recently disclosed bypass method, but the company has downplayed the impact of the issue. read more --------------------------------------------- https://www.securityweek.com/blackberry-cylance-downplays-patches-antivirus… ∗∗∗ Pro-FTPd: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Pro-FTPd ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0642 ∗∗∗ Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der Foxit Phantom PDF Suite ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0641 ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Kubernetes (CVE-2019-11246) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (CVE-2019-2602) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-0732, CVE-2018-0739, CVE-2017-3735) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2019 – Includes Oracle Apr 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technolo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.07.2019
by Daily end-of-shift report 19 Jul '19

19 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 18-07-2019 18:00 − Freitag 19-07-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Elusive MegaCortex Ransomware Found - Here is What We Know ∗∗∗ --------------------------------------------- A sample of the ransomware called MegaCortex that is known to target the enterprise in targeted attacks has been found and analyzed. In this article, we will provide a brief look at the MegaCortex Ransomware and how it encrypts a computer. --------------------------------------------- https://www.bleepingcomputer.com/news/security/elusive-megacortex-ransomwar… ∗∗∗ The Strange Case of the Malicious Favicon ∗∗∗ --------------------------------------------- During the past year, our Remediation department has seen a large increase in the number of fully spammed sites. The common factors are strangely named and unusually located favicon.ico files, along with the creation of “bak.bak” index files peppered around the website. In the majority of the cases, the pattern is similar regardless of the size of the website or the CMS being used. We have found WordPress, Magento, Joomla, and even HTML-only sites impacted by this campaign. --------------------------------------------- https://blog.sucuri.net/2019/07/the-strange-case-of-the-malicious-favicon.h… ∗∗∗ [webapps] fuelCMS 1.4.1 - Remote Code Execution ∗∗∗ --------------------------------------------- fuelCMS 1.4.1 - Remote Code Execution --------------------------------------------- https://www.exploit-db.com/exploits/47138 ===================== = Vulnerabilities = ===================== ∗∗∗ Johnson Controls exacqVision Server ∗∗∗ --------------------------------------------- This advisory includes mitigations for an unquoted search path or element vulnerability reported in the Johnson Controls exacqVision Server. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-199-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bzip2), Fedora (freetds, kernel, kernel-headers, and knot-resolver), openSUSE (bubblewrap, fence-agents, kernel, libqb, libu2f-host, pam_u2f, and tomcat), Oracle (vim), SUSE (kernel, LibreOffice, libxml2, and tomcat), and Ubuntu (libmspack and squid, squid3). --------------------------------------------- https://lwn.net/Articles/794190/ ∗∗∗ IBM Security Bulletin: Buffer overflow vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4267) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-buffer-overflow-vulne… ∗∗∗ IBM Security Bulletin: ACLs not backed up on VxFS-HP-UX filesystems by IBM Spectrum Protect Backup-Archive Client (CVE-2019-4236) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-acls-not-backed-up-on… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMWare (CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Backup-Archive Client on Windows, Linux, and Macintosh (CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: Vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-node… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Integration Bus , IBM App Connect and WebSphere Message Broker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-1902, CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-and-denial-o… ∗∗∗ IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Client web user interface and IBM Spectrum Protect for Virtual Environments (CVE-2018-1902, CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-and-denial-o… ∗∗∗ IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by an Apache Zookeeper vulnerability (CVE-2019-0201) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-netcool-agile-ser… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Jetty affect Netcool Agile Service Manager (CVE-2019-10247, CVE-2019-10246) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Expat XML parser vulnerability CVE-2018-20843 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K51011533 ∗∗∗ VLC: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0634 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.07.2019
by Daily end-of-shift report 18 Jul '19

18 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 17-07-2019 18:00 − Donnerstag 18-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Netz- und Informationssystemsicherheitsverordnung – NISV ∗∗∗ --------------------------------------------- Am 17.07.2019 wurde die Netz- und Informationssystemsicherheitsverordnung - NISV veröffentlicht. Diese ergänzt das Bundesgesetz zur Gewährleistung eines hohen Sicherheitsniveaus von Netz- und Informationssystemen (Netz- und Informationssystemsicherheitsgesetz - NISG) und bietet die Grundlage für die Identifizierung der Betreiber wesentlicher Dienste. --------------------------------------------- https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2019_II_215/BGBLA_2019_I… ∗∗∗ WeAct: Datenleck bei Petitionsplattform von Campact ∗∗∗ --------------------------------------------- Ein Fehler auf der Petitionsplattform WeAct von Campact ermöglichte den Zugriff auf die Daten der Unterstützer. Rund 1,8 Millionen Unterzeichner sind betroffen. Die Nichtregierungsorganisation hat die Hintergründe des Fehlers veröffentlicht. (Datenleck, Datenschutz) --------------------------------------------- https://www.golem.de/news/weact-datenleck-bei-petitionsplattform-von-campac… ∗∗∗ Unseriöse Shops: Versprechen Wunderdinge – liefern minderwertige Ware! ∗∗∗ --------------------------------------------- Konsument/innen stoßen beim Surfen im Internet immer wieder auf Werbung zu Produkten, die wahre Wunderdinge versprechen. Während manche Gegenstände halten, was sie versprechen, wird in anderen Fällen billigste Ware durch aggressive Werbung an die Frau und den Mann gebracht. Ähnliches gilt für Websites wie wifiboost.pro, airfreez.pro, coolblade.pro oder cleanaqua.pro, die darüber hinaus zahlreiche gesetzliche Vorgaben beim Verkauf missachten. --------------------------------------------- https://www.watchlist-internet.at/news/unserioese-shops-versprechen-wunderd… ∗∗∗ Zoom RCE only hit those who uninstalled it: Assetnote ∗∗∗ --------------------------------------------- Local webserver searched for domain suffixes that left it open to exploitation. --------------------------------------------- https://www.zdnet.com/article/zoom-rce-only-hit-those-who-uninstalled-it-as… ===================== = Vulnerabilities = ===================== ∗∗∗ Wireshark: ASN.1 BER and related dissectors crash ∗∗∗ --------------------------------------------- It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. --------------------------------------------- https://www.wireshark.org/security/wnpa-sec-2019-20.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, firefox, and squid), CentOS (thunderbird and vim), Debian (libonig), SUSE (firefox, glibc, kernel, libxslt, and tomcat), and Ubuntu (libreoffice and thunderbird). --------------------------------------------- https://lwn.net/Articles/794104/ ∗∗∗ Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Industrial Network Director Web Services Management Agent Unauthorized Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Series Switches Open Redirect Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Blind SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FindIT Network Management Software Static Credentials Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Improper Authentication Vulnerability on PC Manager ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190718-… ∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities CVE-2019-10072 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-websphere-cast-ir… ∗∗∗ IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager IP Edition (CVE-2018-1890, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-mul… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: An IBM QRadar SIEM protocol is vulnerable to Incorrect Permission Assignment (CVE-2018-2024) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-ibm-qradar-siem-pr… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-asset-analyzer-raa-is… ∗∗∗ IBM Security Bulletin: IBM Watson Studio – Local allows mounting glusterFS without security check ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-watson-studio-loc… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer (CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017-14503) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.07.2019
by Daily end-of-shift report 17 Jul '19

17 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 16-07-2019 18:00 − Mittwoch 17-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Newly identified StrongPity operations ∗∗∗ --------------------------------------------- Alien Labs has identified an unreported and ongoing malware campaign, which we attribute with high confidence to the adversary publicly reported as “StrongPity”. Based on compilation times, infrastructure, and public distribution of samples - we assess the campaign operated from the second half of 2018 into today (July 2019). This post details new malware and new infrastructure which is used to control compromised machines. --------------------------------------------- https://www.alienvault.com/blogs/labs-research/newly-identified-strongpity-… ∗∗∗ American Express Customers Targeted by Novel Phishing Attack ∗∗∗ --------------------------------------------- The phishing campaign targeted both corporate and consumer cardholders with phishing emails full of grammatical errors but with a small but deadly twist: instead of using the regular hyperlink to the landing page trick, this one used a base HTML element to hide the malicious URL from antispam solutions. This allows the attackers to specify the base URL that should be used for all relative URLs within the phishing message, effectively splitting up the phishing landing page in two separate pieces. --------------------------------------------- https://www.bleepingcomputer.com/news/security/american-express-customers-t… ∗∗∗ Analyzis of DNS TXT Records, (Wed, Jul 17th) ∗∗∗ --------------------------------------------- At the Internet Storm Center, we already mentioned so many times that the domain name system is a goldmine for threat hunting or OSINT. A particular type of DNS record is the TXT record (or text record). It's is a type of resource record used to provide the ability to associate free text with a host or other name. ... I extracted a long list of domain names from different DNS servers logs and malicious domains lists. Then I queried TXT records for each of them. Results have been loaded into a Splunk instance to search for some juicy stuff. What did I find? --------------------------------------------- https://isc.sans.edu/diary/rss/25142 ∗∗∗ EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users ∗∗∗ --------------------------------------------- researchers at security firm Intezer Labs recently discovered a new Linux backdoor implant that appears to be under development and testing phase but already includes several malicious modules to spy on Linux desktop users. ... EvilGnome malware masquerades itself as a legit GNOME extension, a program that lets Linux users extend the functionality of their desktops. --------------------------------------------- https://thehackernews.com/2019/07/linux-gnome-spyware.html ∗∗∗ Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks ∗∗∗ --------------------------------------------- In our analysis, we observed that a user account with less privilege can gain administrator rights over the automation server if jobs are built on the master machine (i.e., the main Jenkins server), a setup enabled by default. An exploit for this can be easily written using shell spawn — a default build step. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PObGTrIqU0M/ ∗∗∗ Fehler in PowerShell Core: Angreifer könnten Windows Defender austricksen ∗∗∗ --------------------------------------------- Microsoft hat einen als "wichtig" eingestuften Sicherheitspatch für PowerShell Core veröffentlicht. Ein Angriff gelingt aber nicht ohne Weiteres. --------------------------------------------- https://heise.de/-4473123 ===================== = Vulnerabilities = ===================== ∗∗∗ Oracle Critical Patch Update Advisory - July 2019 ∗∗∗ --------------------------------------------- This Critical Patch Update contains 319 new security fixes --------------------------------------------- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libreoffice), Red Hat (thunderbird), SUSE (ardana and crowbar, firefox, libgcrypt, and xrdp), and Ubuntu (nss, squid3, and wavpack). --------------------------------------------- https://lwn.net/Articles/793966/ ∗∗∗ LibreOffice: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in LibreOffice ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0611 ∗∗∗ Security Advisory - Information Disclosure Vulnerability on Secure Input ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190717-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Apache ZooKeeper vulnerability CVE-2019-0201 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by kubectl vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Go vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9 and IBM BigFix Inventory v9. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ru… ∗∗∗ IBM Security Bulletin: Vulnerability in systemd affects Power Hardware Management Console (CVE-2019-6454) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-syst… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by WebSphere Liberty Profile vulnerability CVE-2019-4046 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2018-20685 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-rackswitch-firmwa… ∗∗∗ IBM Security Bulletin: IBM Flex System switch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-switc… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.07.2019
by Daily end-of-shift report 16 Jul '19

16 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 15-07-2019 18:00 − Dienstag 16-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Topinambour & Windows event logs ∗∗∗ --------------------------------------------- TL;DR: * Block outgoing SMB traffic if you can * Hunt or Monitor for event ID 106 in "Microsoft-Windows-TaskScheduler%4Operational.evtx" * Think about enabling "Audit Process creation" in "Security.evtx" and command line logging * Hunt or monitor for event ID 4688 in "Security.evtx" --------------------------------------------- http://www.cert.at/services/blog/20190716140317-2501_en.html ∗∗∗ VU#129209: LLVMs Arm stack protection feature can be rendered ineffective ∗∗∗ --------------------------------------------- When the stack protection feature is rendered ineffective, it leaves the function vulnerable to stack-based buffer overflows. It is possible that the return address could be overwritten due to a local buffer overflow and is not caught when the cookie is checked at the end. It is also possible that the cookie itself could be overwritten since it resides on the stack, causing an unintended value to pass the check. --------------------------------------------- https://kb.cert.org/vuls/id/129209 ∗∗∗ Analysis: Server-side polymorphism & PowerShell backdoors ∗∗∗ --------------------------------------------- Malware actors very rarely stick to the same script for extended periods of time. They constantly modify and update their attack methods. Recently we have observed malware that uses server-side polymorphism to hide its payload, which consists of a backdoor fully written in PowerShell. --------------------------------------------- https://www.gdatasoftware.com/blog/2019/07/35061-server-side-polymorphism-p… ∗∗∗ FBI Releases Master Decryption Keys for GandCrab Ransomware ∗∗∗ --------------------------------------------- In an FBI Flash Alert, the FBI has released the master decryption keys for the Gandcrab Ransomware versions 4, 5, 5.0.4, 5.1, and 5.2. Using these keys, any individual or organization can create and release their very own GandCrab decryptor. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fbi-releases-master-decrypti… ∗∗∗ iOS 13: Bug in Beta gibt Passwörter frei ∗∗∗ --------------------------------------------- Wer eine Vorabversion von iOS oder iPadOS einsetzt, sollte vorsichtig mit den Geräten umgehen. Ein Fehler erlaubt Angreifern, Zugangsdaten einzusehen. --------------------------------------------- https://heise.de/-4471743 ∗∗∗ Is ‘REvil’ the New GandCrab Ransomware? ∗∗∗ --------------------------------------------- The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as "REvil," "Sodin," and "Sodinokibi." --------------------------------------------- https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/ ∗∗∗ Extenbro DNS-Changer Used in Adware Campaign ∗∗∗ --------------------------------------------- A recently observed DNS-changer Trojan is being used in an adware campaign to prevent users from accessing security-related websites, Malwarebytes reveals. --------------------------------------------- https://www.securityweek.com/extenbro-dns-changer-used-adware-campaign ∗∗∗ Betrügerische Amazon Marketplace-Shops stehlen Geld! ∗∗∗ --------------------------------------------- Verbraucher/innen können beim Online-Shopping über Amazon auch bei Drittanbieter/innen Bestellungen tätigen. Uns erreichen zahlreiche Meldungen von Personen, die von betrügerischen Marketplace-Shops zu Überweisungen auf externe Konten aufgefordert wurden. Das Geld darf nicht bezahlt werden! Es handelt sich um Betrug und Überweisungen sind verloren. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-amazon-marketplace-sh… ∗∗∗ Finger weg von notebooksbilliger-angebot.net ∗∗∗ --------------------------------------------- Im Online-Shop notebooksbilliger-angebot.net finden Sie vor allem günstige Laptops, Tablets und Smartphones. Echte Schnäppchen werden Sie dort jedoch keine ergattern, denn es handelt sich um einen Fake-Shop. Ihre Bestellung wird trotz Bezahlung nie geliefert. Wir raten, unbekannte Shops immer genauer unter die Lupe zu nehmen! --------------------------------------------- https://www.watchlist-internet.at/news/finger-weg-von-notebooksbilliger-ang… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Symantec Norton Password Manager CVE-2019-9700 IP Address Spoofing Vulnerability ∗∗∗ --------------------------------------------- An attacker can exploit this issue to spoof an IP address which may lead to a false sense of trust, allowing the attacker to perform malicious activities. Other attacks may also be possible. Versions prior to Symantec Norton Password Manager 6.3.0.2082 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108676 ∗∗∗ Patch now before you get your NAS kicked: Iomega storage boxes leave millions of files open to the internet ∗∗∗ --------------------------------------------- API blunder exposes data, fix incoming from Lenovo Lenovo is emitting an emergency firmware patch for Iomega NAS devices after the network-attached storage boxes were discovered inadvertently offering millions of files to the internet via an insecure software interface. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/16/iomega_nas_… ∗∗∗ Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu ∗∗∗ --------------------------------------------- The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software. --------------------------------------------- https://thehackernews.com/2019/07/zoom-ringcentral-vulnerabilities.html ∗∗∗ Moodle CVE-2019-10187 Security Bypass Vulnerability ∗∗∗ --------------------------------------------- Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Moodle 3.7, 3.6 through 3.6.4, 3.5 through 3.5.6 and prior unsupported versions are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/109174/discuss ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (expat and radare2), Oracle (thunderbird), Red Hat (389-ds-base, keepalived, libssh2, perl, and vim), Scientific Linux (thunderbird), SUSE (bzip2, kernel, podofo, systemd, webkit2gtk3, and xrdp), and Ubuntu (bash, nss, redis, squid, squid3, and Zipios). --------------------------------------------- https://lwn.net/Articles/793852/ ∗∗∗ Cisco Content Security Management Appliance Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to TianoCore EDK II BIOS Vulnerability (CVE-2018-12182) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-released-unif… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to File Path Traversal (CVE-2019-4430) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerability CVE-2019-12086 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Event Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Business Developer. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Netcool Configuration Manager (CVE-2018-1890, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-mozilla-fire… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ Linux kernel vulnerability CVE-2019-11599 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K51674118 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.07.2019
by Daily end-of-shift report 15 Jul '19

15 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 12-07-2019 18:00 − Montag 15-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Turla renews its arsenal with Topinambour ∗∗∗ --------------------------------------------- 2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but they’re creating new tools. Here we’ll tell you about several of them, namely “Topinambour” and its related modules. --------------------------------------------- https://securelist.com/turla-renews-its-arsenal-with-topinambour/91687/ ∗∗∗ Brilliant Boston boffins blow big borehole in Bluetooths ballyhooed barricades: MAC addy randomization broken ∗∗∗ --------------------------------------------- Scrambling addresses cant always hide you from stalkers, say eggheads A team of US academics have proposed a simple method to defeat the Bluetooth LE standards anti-tracking measures.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/12/untraceable… ∗∗∗ ENISA: Annual report Trust Services Security Incidents 2018 ∗∗∗ --------------------------------------------- The document gives an aggregated overview of security breaches with significant impact reported in 2018 by EU national supervisory bodies. It shows root causes, statistics and trends, and marks the third round of security incident reporting for the EU’s trust services sector. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/annual-report-trust-services-se… ∗∗∗ Hackers Can Manipulate Media Files Transferred via WhatsApp, Telegram ∗∗∗ --------------------------------------------- Researchers at Symantec have detailed an attack method, dubbed “Media File Jacking,” that allows a malicious Android application with “write-to-external storage” permissions to quickly modify files sent or received via WhatsApp and Telegram between the time they are written to the disk and the moment they are loaded in the app’s user interface. --------------------------------------------- https://www.securityweek.com/hackers-can-manipulate-media-files-transferred… ∗∗∗ NCSC-UK: Ongoing DNS hijacking and mitigation advice ∗∗∗ --------------------------------------------- This NCSC advisory highlights further hijacking activity of Domain Name Systems, and provides mitigation advice. --------------------------------------------- https://www.ncsc.gov.uk/news/ongoing-dns-hijacking-and-mitigation-advice ===================== = Vulnerabilities = ===================== ∗∗∗ VideoLAN VLC CVE-2019-13602 Heap Based Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. --------------------------------------------- https://www.securityfocus.com/bid/109158/discuss ∗∗∗ McAfee Agent CVE-2019-3592 Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- An attacker can exploit this issue to gain elevated privileges. McAfee Agent 5.x versions prior to 5.6.1 HF3 are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/109148/discuss ∗∗∗ Xiaomi Mi6 Browser CVE-2019-13322 Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the user. Failed exploits will result in denial-of-service conditions. Xiaomi Browser version prior to 10.4.0 are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/109138/discuss ∗∗∗ Critical Vulnerability Patched in Ad Inserter Plugin ∗∗∗ --------------------------------------------- On Friday, July 12th, our Threat Intelligence team discovered a vulnerability present in Ad Inserter, a WordPress plugin installed on over 200,000 websites. The weakness allowed authenticated users (Subscribers and above) to execute arbitrary PHP code on websites using the plugin. We privately disclosed the issue to the plugin’s developer, who released a patch the very next day. --------------------------------------------- https://www.wordfence.com/blog/2019/07/critical-vulnerability-patched-in-ad… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (libspring-java, ruby-mini-magick, and thunderbird), Fedora (fossil, python-django, snapd-glib, and thunderbird), openSUSE (helm and monitoring-plugins), Red Hat (cyrus-imapd, thunderbird, and vim), Scientific Linux (vim), Slackware (bzip2), SUSE (bubblewrap, bzip2, expat, glib2, kernel, php7, python3, and tomcat), and Ubuntu (exiv2, firefox, and flightcrew). --------------------------------------------- https://lwn.net/Articles/793740/ ∗∗∗ Squid: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Squid ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0608 ∗∗∗ 2019-07-15: Authentication Bypass Vulnerability in CCLAS and Ellipse ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A6224&Lan… ∗∗∗ Security Advisory - Intel Microarchitectural Data Sampling (MDS) vulnerabilities ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190712-… ∗∗∗ IBM Security Bulletin: Apache Struts Vulnerability Affects IBM Campaign and IBM Contact Optimization (CVE-2017-7525) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-struts-vulnera… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects Cloud Foundry for IBM Cloud Private (CVE-2019-3789) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ Linux kernel vulnerability CVE-2018-20836 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11225249 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.07.2019
by Daily end-of-shift report 12 Jul '19

12 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 11-07-2019 18:00 − Freitag 12-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Burning down the house with IoT ∗∗∗ --------------------------------------------- For years we’ve been trying to set fire to ‘smart’ things by hacking them. We got some charring on the iKettle, but nothing more. Then we found some smart hair straighteners. --------------------------------------------- https://www.pentestpartners.com/security-blog/burning-down-the-house-with-i… ∗∗∗ Investigating Some Subscription Scam iOS Apps ∗∗∗ --------------------------------------------- For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. ... Aside from being classic subscription scam apps, I wanted to examine how they work internally and how they communicate with their servers and what type of information are they sending. --------------------------------------------- https://apple.slashdot.org/story/19/07/11/1953207/investigating-some-subscr… ∗∗∗ iOS URL Scheme Susceptible to Hijacking ∗∗∗ --------------------------------------------- For example, when a URL with facetime:// is opened, FaceTime places a call — this is the URL Scheme coming into play. It is a very convenient shortcut; but the URL Scheme is designed for communication, not security. Below, we discuss how abuse of the URL Scheme can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads, and more. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-… ∗∗∗ 16Shop Now Targets Amazon ∗∗∗ --------------------------------------------- Since early November 2018 McAfee Labs have observed a phishing kit, dubbed 16Shop, being used by malicious actors to target Apple account holders in the United States and Japan. Typically, the victims receive an email with a pdf file attached. An example of the message within the email is shown below, with an accompanying translation: [...] --------------------------------------------- https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/16shop-now-targ… ∗∗∗ FIRST Announces CVSS Version 3.1 ∗∗∗ --------------------------------------------- The Forum of Incident Response and Security Teams (FIRST) on Friday announced version 3.1 of the Common Vulnerability Scoring System (CVSS). CVSS is a widely adopted standard for rating the severity of software vulnerabilities, and it provides a framework for communicating the characteristics and impact of security flaws. --------------------------------------------- https://www.securityweek.com/first-announces-cvss-version-31 ===================== = Vulnerabilities = ===================== ∗∗∗ Philips Holter 2010 Plus ∗∗∗ --------------------------------------------- This advisory provides information about, and mitigations for, a vulnerability reported in the Philips Holter 2010 Plus. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsma-19-192-01 ∗∗∗ Delta Industrial Automation CNCSoft ScreenEditor ∗∗∗ --------------------------------------------- This advisory includes mitigations for heap-based buffer overflow and out-of-bounds read vulnerabilities reported in the Delta Electronics CNCSoft ScreenEditor. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-192-01 ∗∗∗ AVEVA Vijeo Citect and Citect SCADA Floating License Manager ∗∗∗ --------------------------------------------- This advisory provides information about, and mitigations for, several vulnerabilities reported in the AVEVA Vijeo Citect and Citect SCADA Floating License Manager applications. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-192-05 ∗∗∗ Schneider Electric Interactive Graphical SCADA System ∗∗∗ --------------------------------------------- This advisory includes mitigations for an out-of-bounds write vulnerability in the Schneider Electric Interactive Graphical SCADA System software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-192-06 ∗∗∗ Schneider Electric Floating License Manager ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation and memory corruption vulnerabilities in the Schneider Electric Floating License Manager software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-192-07 ∗∗∗ CVE-2019-11360: BufferOverflow in iptables-restore v1.8.2 ∗∗∗ --------------------------------------------- This blogpost is about a BufferOverflow vulnerability which I found by fuzzing iptables-restore using AFL in March, 2019. It was fixed by the netfilter team in April 2019 ... All in all, I believe that this vulnerability can only be used for academic/educational purposes and has no particular real-world impact. --------------------------------------------- https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (dbus), Debian (firefox-esr, python3.4, and redis), Mageia (ffmpeg), Oracle (firefox, libvirt, and qemu), Red Hat (firefox and virt:8.0.0), Scientific Linux (firefox), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/793563/ ∗∗∗ QNX-2019-001 Vulnerability in procfs service Impacts BlackBerry QNX Software Development Platform ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory 2019-10: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-10-security-update-for-ot… ∗∗∗ Security Advisory 2019-11: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-11-security-update-for-ot… ∗∗∗ Security Advisory 2019-12: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-12-security-update-for-ot… ∗∗∗ Vuln: Oracle July 2019 Critical Patch Update Multiple Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/109125 ∗∗∗ ZDI-19-660: (Pwn2Own) Xiaomi Mi6 Browser miui.share APK Download Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-660/ ∗∗∗ ZDI-19-659: Xiaomi Mi6 Captive Portal WebView Authorization Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-659/ ∗∗∗ IBM Security Bulletin: Publicly disclosed vulnerability in Java used by IBM FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vu… ∗∗∗ IBM Security Bulletin: Publicly disclosed vulnerability in Oracle Outside In Technology used by IBM FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vu… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Watson Assistant for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to a publicly disclosed vulnerability in Spring Framework (CVE-2018-15756) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerability Affects IBM Campaign, IBM Contact Optimization and IBM Marketing Operations (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-commons-fileup… ∗∗∗ Asterisk: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0606 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.07.2019
by Daily end-of-shift report 11 Jul '19

11 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 10-07-2019 18:00 − Donnerstag 11-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Magento Killer ∗∗∗ --------------------------------------------- A malicious PHP script, aptly given the name “Magento Killer” by its creator(s), has been found targeting Magento websites. While it doesn’t actually kill the Magento installation, it does allow the attacker to modify data in the core_config_data table of the targeted Magento database. --------------------------------------------- https://blog.sucuri.net/2019/07/magento-killer.html ∗∗∗ AMDs SEV tech that protects cloud VMs from rogue servers may as well stand for... Still Extremely Vulnerable ∗∗∗ --------------------------------------------- Evil hypervisors can work out what apps are running, extract data from encrypted guests Five boffins from four US universities have explored AMDs Secure Encrypted Virtualization (SEV) technology – and found its defenses can be, in certain circumstances, bypassed with a bit of effort.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/10/amd_secure_… ∗∗∗ Wondering how to whack Zooms dodgy hidden web server on your Mac? No worries, Apples done it for you ∗∗∗ --------------------------------------------- iGiant acts to protect users Apple has pushed a silent update to Macs, disabling the hidden web server installed by the popular Zoom web-conferencing software.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/11/apple_remov… ∗∗∗ Awesome-Cellular-Hacking ∗∗∗ --------------------------------------------- Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the communitys knowledge. Thank you, I plan on frequently updating this "Awesome Cellular Hacking" curated list with the most up to date exploits, blogs, research, and papers. --------------------------------------------- https://github.com/W00t3k/Awesome-Cellular-Hacking ∗∗∗ Your Pa$$word doesnt matter ∗∗∗ --------------------------------------------- Every week I have at least one conversation with a security decision maker explaining why a lot of the hyperbole about passwords – “never use a password that has ever been seen in a breach,” “use really long passwords”, “passphrases-will-save-us”, and so on – is inconsistent with our research and with the reality our team sees as we defend against 100s of millions of password-based attacks every day. Focusing on password rules, rather than things that can really help – like multi-factor authentication (MFA), or great threat detection – is just a distraction. --------------------------------------------- https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your… ∗∗∗ Wenn Shoppen per Smartphone zur Falle wird ∗∗∗ --------------------------------------------- Online-Shoppen wird immer beliebter. Bereits 60 % der Österreicher/innen bestellen im Internet und klicken sich via Computer, Laptop oder Smartphone durch das Angebot. Speziell mobiles Einkaufen mit dem Smartphone hat jedoch neben den vielen Vorteilen einen großen Nachteil: betrügerische Shops sind am Handy schwieriger zu entlarven, als am Computer. --------------------------------------------- https://www.watchlist-internet.at/news/wenn-shoppen-per-smartphone-zur-fall… ===================== = Vulnerabilities = ===================== ∗∗∗ Jira Server and Data Center Update Patches Critical Vulnerability ∗∗∗ --------------------------------------------- Atlassian has patched a critical vulnerability affecting Jira Server and Data Center since version 4.4.0, launched in the summer of 2011. --------------------------------------------- https://www.bleepingcomputer.com/news/security/jira-server-and-data-center-… ∗∗∗ Custom Permissions - Critical - Access bypass - SA-CONTRIB-2019-055 ∗∗∗ --------------------------------------------- This module enables you to add and manage additional custom permissions through the administration UI.The module doesnt sufficiently check for the proper access permissions to this page. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-055 ∗∗∗ Nagios XI CVE-2018-17147 Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- Nagios XI is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. --------------------------------------------- https://www.securityfocus.com/bid/109116/discuss ∗∗∗ Exiv2 CVE-2019-13504 Remote Denial of Service Vulnerability ∗∗∗ --------------------------------------------- An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. --------------------------------------------- https://www.securityfocus.com/bid/109117/discuss ∗∗∗ Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. ... Note: Only traffic directed to the affected system can be used to exploit this vulnerability. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Citrix SD-WAN Multiple Security Updates ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been identified in the management console of the Citrix SD-WAN Center and NetScaler SD-WAN Center. Multiple Vulnerabilities have also been identified on the Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. Collectively, these vulnerabilities could result in an unauthenticated attacker executing commands as root against the SD-WAN Center management console, or potentially be used to gain root privileges on the SD-WAN appliance. --------------------------------------------- https://support.citrix.com/article/CTX251987 ∗∗∗ FSC-2019-3: Unauthenticated Remote Code Execution in F-Secure Internet Gatekeeper ∗∗∗ --------------------------------------------- A vulnerability was discovered in the web user interface of the F-Secure Internet Gatekeeper product. An unauthenticated user can cause a heap overflow by issuing a malformed HTTP request to the web user interface. A successful attack can lead to remote code execution on the F-Secure Internet Gatekeeper server. --------------------------------------------- https://www.f-secure.com/en/web/labs_global/fsc-2019-3 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dosbox and openjpeg2), Oracle (dbus and kernel), Scientific Linux (dbus), Slackware (mozilla), and SUSE (fence-agents, libqb, postgresql10, and sqlite3). --------------------------------------------- https://lwn.net/Articles/793442/ ∗∗∗ IBM Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-bind… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting (XSS) (CVE-2019-4211) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM Jazz for Service Management is missing function level access control that could allow a user to delete authorized resources (CVE-2019-4194) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-jazz-for-service-… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to an Information exposure (CVE-2019-4054) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a publicly disclosed vulnerability in Apache Tika (CVE-2018-17197) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-incident-f… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to an Information Exposure (CVE-2018-2022) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-2021) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to OpenSSL vulnerability CVE-2018-5407 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-released-unif… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Campaign (CVE-2018-1921) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: IBM QRadar Incident Forensics is vulnerable to publicly disclosed vulnerabilities from Apache Tika (CVE-2018-11761, CVE-2018-11762, CVE-2018-8017, CVE-2018-11796) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-incident-f… ∗∗∗ Excess resource consumption due to low MSS values vulnerability CVE-2019-11479 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35421172 ∗∗∗ Juniper JUNOS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0597 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.07.2019
by Daily end-of-shift report 10 Jul '19

10 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 09-07-2019 18:00 − Mittwoch 10-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ eCh0raix — New Ransomware Targets QNAP NAS Devices ∗∗∗ --------------------------------------------- A new ransomware family has been found targeting Network Attached Storage (NAS) devices made by Taiwan-based QNAP Systems and holding users data hostage until a ransom is paid, researchers told The Hacker News. Ideal for home and small business, NAS devices are dedicated file storage units connected to a network or through the Internet ... --------------------------------------------- https://thehackernews.com/2019/07/ransomware-nas-devices.html ∗∗∗ New FinSpy iOS and Android implants revealed ITW ∗∗∗ --------------------------------------------- FinSpy is used to collect a variety of private user information on various platforms. Since 2011 Kaspersky has continuously monitored the development of this malware and the emergence of new versions in the wild. According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019. --------------------------------------------- https://securelist.com/new-finspy-ios-and-android-implants-revealed-itw/916… ∗∗∗ ENISA puts out EU ICT Industrial Policy paper for consultation ∗∗∗ --------------------------------------------- The EU Agency for Cybersecurity, ENISA, launches its consultation paper ‘EU ICT Industrial Policy: Breaking the Cycle of Failure’, a paper that aims to explore issues such as digital sovereignty and the supply chain of cybersecurity products in Europe, as well as to present an overview of the relationship between the global ICT market and the cybersecurity market. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-puts-out-eu-ict-industria… ∗∗∗ Error in DNSSEC implementation on F5 BIG-IP load balancers ∗∗∗ --------------------------------------------- The vendor (F5) was informed about the error in August 2018 and now it has released the recommended configuration to workaround the problem. As the operators of DNS resolvers are already encountering the bug in normal operation, we are publishing a detailed description of the error to inform the professional public and raise awareness of the problem. --------------------------------------------- https://en.blog.nic.cz/2019/07/10/error-in-dnssec-implementation-on-f5-big-… ∗∗∗ Verschlüsseln mit PGP: Das neue GnuPG und der langsame Tod des Web of Trust ∗∗∗ --------------------------------------------- Die neue Version von GnuPG soll die Auswirkungen des Signatur-Spams einschränken. Deshalb ignoriert es ab sofort alle Signaturen der importierten Schlüssel. --------------------------------------------- https://heise.de/-4467052 ∗∗∗ Angreifbare Logitech-Tastaturen: Antworten auf die dringendsten Fragen ∗∗∗ --------------------------------------------- Was muss man bei kabellosen Tastaturen und Mäusen von Logitech jetzt beachten? Wie gefährliche sind die Lücken? Unsere FAQ beantworten die häufigsten Fragen. --------------------------------------------- https://heise.de/-4466921 ∗∗∗ Discovering and fingerprinting BACnet devices ∗∗∗ --------------------------------------------- BACnet is a communication protocol deployed for building automation and control networks. The most widely accepted networks include Internet Protocol (BACnet/IP) and the Master-Slave Token-Passing network (BACnet MS/TP). Generally, routers are required to interconnect BACnet networks while gateways are preferred for connecting non-compliant devices to a primary BACnet network. It is anticipated that 64% of the building automation industry uses BACnet for effective operations. --------------------------------------------- https://www.helpnetsecurity.com/2019/07/10/bacnet-devices/ ∗∗∗ Windows zero-day CVE-2019-1132 exploited in targeted attacks ∗∗∗ --------------------------------------------- The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component. Once the exploit was discovered and analyzed, it was reported to the Microsoft Security Response Center, who promptly fixed the vulnerability and released a patch. --------------------------------------------- https://www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-ex… ∗∗∗ Bank Austria Phishing-Nachricht mit PDF-Anhang in Umlauf ∗∗∗ --------------------------------------------- Vorsicht vor einer betrügerischen E-Mail im Namen der Bank Austria. Kriminelle versenden eine Nachricht mit .pdf-Anhang, die zur Eingabe der Online-Banking-Daten auffordert, da Datenbankprobleme aufgetreten sein sollen. Anschließend sollen Betroffene einen SMS-Code erhalten. Achtung! Es handelt sich vermutlich um eine SMS-Tan für eine betrügerische Abbuchungen. --------------------------------------------- https://www.watchlist-internet.at/news/bank-austria-phishing-nachricht-mit-… ∗∗∗ Using Wireshark: Exporting Objects from a PCAP ∗∗∗ --------------------------------------------- When reviewing packet captures (pcaps) of suspicious activity, security professionals may need to export objects from the pcaps for a closer examination.This tutorial offers tips on how to export different types of objects from a pcap. The instructions assume you understand network traffic fundamentals. We will use these pcaps of network traffic to practice extracting objects using Wireshark. --------------------------------------------- https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-… ∗∗∗ New Android malware replaces legitimate apps with ad-infested doppelgangers ∗∗∗ --------------------------------------------- New "Agent Smith" malware operation is preparing to invade the Google Play Store. --------------------------------------------- https://www.zdnet.com/article/new-android-malware-replaces-legitimate-apps-… ===================== = Vulnerabilities = ===================== ∗∗∗ Medizin: Sicherheitslücken in Beatmungsgeräten ∗∗∗ --------------------------------------------- Über das Krankenhausnetzwerk lassen sich Befehle an Anästhesie- und Beatmungsgeräte des Herstellers GE senden. Eine Sicherheitslücke ermöglicht unter anderem, Dosierung und Typ des Narkosemittels zu ändern. --------------------------------------------- https://www.golem.de/news/medizin-sicherheitsluecken-in-beatmungsgeraeten-1… ∗∗∗ [20190701] - Core - Filter attribute in subform fields allows remote code execution ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. --------------------------------------------- https://developer.joomla.org/security-centre/787-20190701-core-filter-attri… ∗∗∗ VMWare Security Advisory on DoS Vulnerability in ESXi, (Tue, Jul 9th) ∗∗∗ --------------------------------------------- VMWare has released patches for ESXi that address a denial of service vulnerablility in hostd. ESXi 6.0 is unaffected, 6.5 has a patch, and 6.7 has a patch pending. This addresses a vulnerability described in CVE-2019-5528 and is rated important (CVSSv3 = 5.3). A workaround has also been published. If you run ESXi, you should take a look at this as well today. --------------------------------------------- https://isc.sans.edu/diary/rss/25112 ∗∗∗ Vuln: Intel Processor Diagnostic Tool CVE-2019-11133 Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- A local attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. --------------------------------------------- http://www.securityfocus.com/bid/109096 ∗∗∗ Vuln: Symantec Messaging Gateway CVE-2019-12751 Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- An attacker can exploit this issue to gain elevated privileges on an affected system. Symantec Messaging Gateway versions prior to 10.7.1 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108925 ∗∗∗ Patchday: Angreifer attackieren Windows und Windows Server ∗∗∗ --------------------------------------------- Microsoft schließt fast 80 Sicherheitslücken in Windows & Co. Davon gelten mehrere Schwachstellen als kritisch. --------------------------------------------- https://heise.de/-4466722 ∗∗∗ Security Advisory - Three Vulnerabilities in Huawei PCManager Product ∗∗∗ --------------------------------------------- There are two information leak vulnerabilities in Huawei PCManager product. Successful exploitation may cause the attacker to read/write some information. The two vulnerabilities have been assigned two Common Vulnerabilities and Exposures (CVE) IDs: CVE-2019-5237 and CVE-2019-5238. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190710-… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (redis), Fedora (expat), Mageia (dosbox, irssi, microcode, and postgresql11), Red Hat (bind, dbus, openstack-ironic-inspector, openstack-tripleo-common, python-novajoin, and qemu-kvm-rhev), Scientific Linux (kernel), SUSE (kernel-firmware, libdlm, libqb, and libqb), and Ubuntu (apport). --------------------------------------------- https://lwn.net/Articles/793360/ ∗∗∗ ImageMagick: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in ImageMagick ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0589 ∗∗∗ Emerson DeltaV Distributed Control System ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-190-01 ∗∗∗ Rockwell Automation PanelView 5510 ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-190-02 ∗∗∗ Schneider Electric Zelio Soft 2 ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-190-03 ∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Intel Microarchitectural Data Sampling (MDS) Side Channel vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-released-unif… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: The IBM Runtime Environment Java Version 8 used by Transparent Cloud Tiering has a vulnerability which disclosed as part of the IBM Java SDK updates in April 2019 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-ibm-runtime-envir… ∗∗∗ IBM Security Bulletin: IBM® Java™ SDK Technology Edition, Apr 2019, affects IBM Security Identity Manager Virtual Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-java-sdk-technolo… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2019-0196, CVE-2019-0197, and CVE-2019-0220 in the IBM i HTTP Server affect IBM i. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2… ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM WebSphere Application Server affects IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem 840 and 900 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem V840 and V9000 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – IAM WebSphere Liberty (CVE-2018-1683, CVE-2018-1755) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Mozilla Firefox vulnerability in IBM SONAS (CVE-2019-11708) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-mozilla-firefox-vulne… ∗∗∗ IBM Security Bulletin: Mozilla Firefox vulnerability in IBM SONAS (CVE-2019-11707) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-mozilla-firefox-vulne… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Intel CPUs affect IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-in… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.07.2019
by Daily end-of-shift report 09 Jul '19

09 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 08-07-2019 18:00 − Dienstag 09-07-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ FPM-Sicherheitslücke: Daten exfiltrieren mit Facebooks HHVM ∗∗∗ --------------------------------------------- Server für den sogenannten FastCGI Process Manager (FPM) können, wenn sie übers Internet erreichbar sind, unbefugten Zugriff auf Dateien eines Systems geben. Das betrifft vor allem HHVM von Facebook, bei PHP sind die Risiken geringer. --------------------------------------------- https://www.golem.de/news/fpm-sicherheitsluecke-daten-exfiltrieren-mit-face… ∗∗∗ Fileless Attack Attempts to Run Astaroth Backdoor Directly in Memory ∗∗∗ --------------------------------------------- Microsoft says it recently detected and stopped a fileless campaign looking to deliver the Astaroth Trojan to unsuspecting victims. read more --------------------------------------------- https://www.securityweek.com/fileless-attack-attempts-run-astaroth-backdoor… ∗∗∗ Fake-Shops entertaini.eu & gartenhimmel.eu mit gefälschtem Klarna-Checkout! ∗∗∗ --------------------------------------------- Vorsicht vor betrügerischen Online-Shops, die vorgeben, Klarnas Sofort-Überweisung anzubieten, Konsument/innen aber auf eine gefälschte Klarna-Website weiterleiten. Das geschieht bei entertaini.eu, der Gaming- und Entertainment-Artikel anbietet, sowie gartenhimmel.eu, der Haushaltsware und Sportartikel führt. Nicht bestellen! Eingegebene Daten sind in Gefahr und die Ware existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/fake-shops-entertainieu-gartenhimmel… ∗∗∗ IT-Security - Videokonferenz-App gibt Unbekannten Zugriff auf Mac-Webcam ∗∗∗ --------------------------------------------- Lücke in Zoom erlaubte "Videoanrufe", selbst wenn das Programm nicht mehr installiert war – Millionen User und bis zu 750.000 Firmen betroffen --------------------------------------------- https://derstandard.at/2000106075694/Videokonferenz-App-gibt-Unbekannten-Zu… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Bridge CC (APSB19-37), Adobe Experience Manager (APSB19-38) and Adobe Dreamweaver (APSB19-40). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1765 ∗∗∗ [20190701] - Core - Filter attribute in subform fields allows remote code execution ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.9.7 - 3.9.8 Exploit type: Remote Code Execution Reported Date: 2019-June-20 Fixed Date: 2019-July-09 CVE Number: CVE-2019-xxx Description Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/6jkIqCFwOTE/787-20190701-c… ∗∗∗ Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to insufficient validation of input SIP traffic. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Xen Security Advisory XSA-300 ∗∗∗ --------------------------------------------- Guest may be able to crash domain 0 (Host Denial-of-Service); or may be able to starve out I/O requests from other guests (Guest Denial-of-Service). --------------------------------------------- https://xenbits.xen.org/xsa/advisory-300.html ∗∗∗ Xpdf: CERT-Bund warnt vor ungepatchten Schwachstellen in freiem PDF-Viewer ∗∗∗ --------------------------------------------- Die aktuelle Version des freien PDF-Betrachters enthält mehrere Schwachstellen. Fixes gibt es bislang noch nicht. --------------------------------------------- https://heise.de/-4465908 ∗∗∗ Linux kernel vulnerability CVE-2019-11811 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01512680 ∗∗∗ HPESBST03918 rev.1 - HPE 3PAR Service Processor (SP), remote Disclosure of Privileged Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (irssi, python-django, and python2-django), Debian (libspring-security-2.0-java and zeromq3), Red Hat (python27-python), SUSE (ImageMagick, postgresql10, python-Pillow, and zeromq), and Ubuntu (apport, Docker, glib2.0, gvfs, whoopsie, and zeromq3). --------------------------------------------- https://lwn.net/Articles/793235/ ∗∗∗ SAP Patchday Juli: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0580 ∗∗∗ Citrix Hypervisor Security Update. ∗∗∗ --------------------------------------------- CTX256725 NewApplicable Products : Citrix Hypervisor 8.0, XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 2, XenServer 7.6A vulnerability has been found in Citrix Hypervisor (formerly Citrix XenServer) that may allow an unauthenticated attacker with the ability to send traffic to a host over a management or storage network to cause the host to crash. --------------------------------------------- https://support.citrix.com/article/CTX256725 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Governance and Intelligence ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect Rational Publishing Engine ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Multicloud Manager contains sensitive information upon deployment (CVE-2019-4118) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-multicloud-manage… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus, IBM App Connect Enterpise v11 and WebSphere Message Broker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ SSA-121293 (Last Update: 2019-07-09): Code Upload Vulnerability in SIMATIC WinCC and SIMATIC PCS7 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-121293.txt ∗∗∗ SSA-307392 (Last Update: 2019-07-09): Denial-of-Service in OPC UA in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt ∗∗∗ SSA-556833 (Last Update: 2019-07-09): TLS Vulnerabilities in SIMATIC RF6XXR ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-556833.txt ∗∗∗ SSA-616472 (Last Update: 2019-07-09): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-616472.txt ∗∗∗ SSA-697412 (Last Update: 2019-07-09): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-697412.txt ∗∗∗ SSA-721298 (Last Update: 2019-07-09): Missing Authentication Vulnerability in TIA Administrator (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-721298.txt ∗∗∗ SSA-747162 (Last Update: 2019-07-09): Cross-Site Scripting Vulnerability in Spectrum Power™ ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-747162.txt ∗∗∗ SSA-899560 (Last Update: 2019-07-09): Vulnerabilities in SIPROTEC 5 relays and DIGSI 5 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-899560.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.07.2019
by Daily end-of-shift report 08 Jul '19

08 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 05-07-2019 18:00 − Montag 08-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Anubis Android Malware Returns with Over 17,000 Samples ∗∗∗ --------------------------------------------- In mid-January of 2019, we saw Anubis use a plethora of techniques, including the use of motion-based sensors to elude sandbox analysis and overlays to steal personally identifiable information. The latest samples of Anubis (detected by Trend Micro as AndroidOS_AnubisDropper) we recently came across are no different. While tracking Anubis’ activities, we saw two related servers containing 17,490 samples. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence /anubis-android-malware-returns-with-over-17000-samples/ ∗∗∗ Godlua, Missverständnisse und der Streit um DNS over HTTPS ∗∗∗ --------------------------------------------- Der Linux-Schadcode Godlua verschlüsselt seinen DNS-Traffic mit HTTPS, benutzt allerdings nicht das DoH-Protokoll. --------------------------------------------- https://heise.de/-4464640 ∗∗∗ Malicious Code Planted in strong_password Ruby Gem ∗∗∗ --------------------------------------------- A developer discovered that an update released for the 'strong_password' Ruby gem contained malicious code that allowed an attacker to remotely execute arbitrary code. Developer Tute Costa was updating gems used by a Rails application when he noticed that version 0.0.7 of strong_password was pushed out on RubyGems.org, the Ruby community's gem hosting service, but not on GitHub. --------------------------------------------- https://www.securityweek.com /malicious-code-planted-strongpassword-ruby-gem ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-19-640: (0Day) Google Android Bluetooth hci_len Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows attackers in close proximity to execute arbitrary code on vulnerable installations of Google Android. User interaction is required to exploit this vulnerability in that the target must accept a malicious file transfer. ... 06/07/19 - The vendor replied the fix was not public yet but would soon be included in the next release of a major version --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-640/ ∗∗∗ Multiple Vulnerabilities in innovaphone VoIP Products Fixed ∗∗∗ --------------------------------------------- innovaphone fixed several vulnerabilities in two VoIP products that we disclosed a while ago. The affected products are the Linux Application Platform and the IPVA. Unfortunately, the release notes are not public (yet?) and the vendor does not include information about the vulnerabilities for the Linux Application Platform. Therefore, we decided to publish some more technical details for the issues. --------------------------------------------- https://insinuator.net/2019/07 /multiple-vulnerabilities-in-innovaphone-voip-products-fixed/ ∗∗∗ ct deckt auf: Tastaturen und Mäuse von Logitech weitreichend angreifbar ∗∗∗ --------------------------------------------- In etlichen Tastaturen, Mäusen und Presentern von Logitech klaffen Sicherheitslücken. ct erklärt, welche Produkte betroffen sind und was Sie jetzt tun sollten. --------------------------------------------- https://heise.de/-4464149 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dosbox, python-django, squid3, and unzip), Fedora (filezilla, libfilezilla, and samba), openSUSE (gvfs), Oracle (kernel), Red Hat (firefox and redhat-virtualization-host), SUSE (bash and libpng16), and Ubuntu (libvirt). --------------------------------------------- https://lwn.net/Articles/793057/ ∗∗∗ CVE-2019–13142: Razer Surround 1.1.63.0 EoP ∗∗∗ --------------------------------------------- Version: Razer Surround 1.1.63.0 Operating System tested on: Windows 10 1803 (x64) Vulnerability: Razer Surround Elevation of Privilege through Insecure folder/file permissions --------------------------------------------- https://posts.specterops.io /cve-2019-13142-razer-surround-1-1-63-0-eop-f18c52b8be0c ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-mozilla-firefox-vulnerability-in-ibm -sonas-2/ ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-mozilla-firefox-vulnerability-in-ibm -sonas/ ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-mozilla-firefox-vulnerabilities-in-i bm-sonas-6/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime- affect-ibm-cloud-transformation-advisor-2/ ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Websphere Application Server could affect IBM Cloud App Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-a-vulnerability-in-ibm-websphere-application- server-could-affect-ibm-cloud-app-management/ ∗∗∗ HPESBHF03937 rev.1 - HPE UIoT Unauthorized Remote Access and Access to Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public /display?docLocale=en_US&docId=emr_na-hpesbhf03937en_us ∗∗∗ HPESBMU03941 rev.1 - HPE IceWall SSO Agent Option and IceWall MFA Remote Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public /display?docLocale=en_US&docId=emr_na-hpesbmu03941en_us -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.07.2019
by Daily end-of-shift report 05 Jul '19

05 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 04-07-2019 18:00 − Freitag 05-07-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Automated Magecart Campaign Hits Over 960 Breached Stores ∗∗∗ --------------------------------------------- A large-scale payment card skimming campaign that successfully breached 962 e-commerce stores was discovered today by Magento security research company Sanguine Security. --------------------------------------------- https://www.bleepingcomputer.com/news/security/automated-magecart-campaign-… ∗∗∗ Understanding Elliptic Curve Cryptography And Embedded Security ∗∗∗ --------------------------------------------- All About Circuits is publishing a series of articles on embedded security, with a strong focus on network security. In addition to the primer article, so far they have covered the Diffie-Hellman exchange (using prime numbers, exponentiation and modular arithmetic) and the evolution of this exchange using elliptic curve cryptography (ECC) --------------------------------------------- https://hackaday.com/2019/07/04/understanding-elliptic-curve-cryptography-a… ∗∗∗ Tor Project to fix bug used for DDoS attacks on Onion sites for years ∗∗∗ --------------------------------------------- Tor vulnerability has been exploited for years and has been used for censorship, sabotage, and extortion of Onion sites. --------------------------------------------- https://www.zdnet.com/article/tor-project-to-fix-bug-used-for-ddos-attacks-… ∗∗∗ Croatian government targeted by mysterious hackers ∗∗∗ --------------------------------------------- Government agencies targeted with never before seen malware payload — named SilentTrinity. --------------------------------------------- https://www.zdnet.com/article/croatian-government-targeted-by-mysterious-ha… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by SUSE (firefox, mozilla-nss, mozilla-nspr, helm-mirror, libu2f-host, and libu2f-host, pam_u2f) and Ubuntu (bzip2 and irssi). --------------------------------------------- https://lwn.net/Articles/792890/ ∗∗∗ IBM Security Bulletin: IBM Jazz for Service Management stores sensitive information in URL parameters (CVE-2019-4193) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-jazz-for-service-… ∗∗∗ IBM Security Bulletin: Vulnerability in Google Guava affects IBM Cúram Social Program Management (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-goog… ∗∗∗ Foxit Reader und Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0574 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.07.2019
by Daily end-of-shift report 04 Jul '19

04 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 03-07-2019 18:00 − Donnerstag 04-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device ∗∗∗ --------------------------------------------- Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victims computer. --------------------------------------------- https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html ∗∗∗ New Golang malware plays the Linux field in quest for cryptocurrency ∗∗∗ --------------------------------------------- F5 researchers say that Golang spreads through a total of seven methods; four exploits targeting ThinkPHP, Drupal, and Confluence; the use of SSH and Redis database misconfigurations or credentials, and the subsequent spread to other machines using any SSH keys the malware stumbles across. --------------------------------------------- https://www.zdnet.com/article/new-golang-malware-plays-the-field-in-quest-f… ∗∗∗ Unfixable Seed Extraction on Trezor - A practical and reliable attack ∗∗∗ --------------------------------------------- An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$. This vulnerability affects Trezor One, Trezor T, Keepkey and all other Trezor clones. Unfortunately, this vulnerability cannot be patched and, for this reason, we decided not to give technical details about the attack to mitigate a possible exploitation in the field. However SatoshiLabs and Keepkey suggested users to either exclude physical attacks --------------------------------------------- https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/ ∗∗∗ File-Storage App 4shared Caught Serving Invisible Ads and Making Purchases Without Consent ∗∗∗ --------------------------------------------- With more than 100 million installs, file-sharing service 4shared is one of the most popular apps in the Android app store. But security researchers say the app is secretly displaying invisible ads and subscribes users to paid services, racking up charges without the users knowledge -- or their permission --------------------------------------------- https://it.slashdot.org/story/19/07/03/1738253/file-storage-app-4shared-cau… ∗∗∗ Hohe finanzielle Verluste durch betrügerische Investments! ∗∗∗ --------------------------------------------- Konsument/innen stoßen auf aggressiv beworbene Investment-Möglichkeiten bei unzähligen Offshore-Unternehmen, die unglaubliche Gewinne versprechen. Angebote wie FXLeader, KeyMarkets, ELCurrency oder CFReserve sind hier beispielsweise zu nennen. Während einige Betroffene lediglich die 250 Euro Mindesteinsatz verlieren, gehen die Schäden bei anderen häufig in den fünf- oder gar sechsstelligen Bereich! --------------------------------------------- https://www.watchlist-internet.at/news/hohe-finanzielle-verluste-durch-betr… ===================== = Vulnerabilities = ===================== ∗∗∗ Benutzt hier jemand Little Snitch?Das ist so eine Personal ... ∗∗∗ --------------------------------------------- Benutzt hier jemand Little Snitch?Das ist so eine Personal Firewall für OS X, falls das jemandem nichts sagt. Immerhin ist das wohl nur eine locale privilege escalation, nicht über Netz. --------------------------------------------- http://blog.fefe.de/?ts=a3e3de34 ∗∗∗ Sicherheitsupdates: Cisco-Produkte für DoS-Angriffe und Schadcode anfällig ∗∗∗ --------------------------------------------- Es gibt abgesicherte Software für beispielsweise Web Security Appliance und Small Business Series Switches von Cisco. --------------------------------------------- https://heise.de/-4462730 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libssh2 and qemu-kvm), Debian (lemonldap-ng), Fedora (tomcat), Oracle (kernel), and SUSE (elfutils, kernel, and php5). --------------------------------------------- https://lwn.net/Articles/792831/ ∗∗∗ Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance HTTPS Certificate Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Series Switches Memory Corruption Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Series Switches HTTP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Issues in Cisco Small Business 250/350/350X/550X Series Switches Firmware and Cisco FindIT Network Probe ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber for Windows DLL Preloading Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center RSS Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Content Filter Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Content Filter Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Web Proxy Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Security vulnerability has been identified in IBM Java Runtime shipped with AppScan Standard (CVE-2019-2602) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Governance and Intelligence ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Brocade Fabric OS (FOS) Advisory vulnerabilities affect Brocade 8Gb SAN Switch Module for BladeCenter and IBM Flex System FC5022 16Gb SAN Scalable Switch ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-brocade-fabric-os-fos… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2018-1902, CVE-2018-1968, CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileg… ∗∗∗ BIG-IP DNS and GTM DNSSEC security exposure ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00724442 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.07.2019
by Daily end-of-shift report 03 Jul '19

03 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 02-07-2019 18:00 − Mittwoch 03-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Trickbot Trojan Now Has a Separate Cookie Stealing Module ∗∗∗ --------------------------------------------- Trickbot trojan now comes with a separate module for stealing browser cookies, threat researchers found on Tuesday, marking new progress in the malwares development. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trickbot-trojan-now-has-a-se… ∗∗∗ Heres a great idea: Why dont we hardcode the same private key into all our smart home hubs? ∗∗∗ --------------------------------------------- Another day, another appalling Internet of S**t security flaw Smart home company Zipato hardcoded the same private SSH key into every one of its hubs, leaving its system open to hacking, researchers revealed this week. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/03/zipato_hard… ∗∗∗ Vulnerabilities in Nexus Repository left thousands of artifacts exposed ∗∗∗ --------------------------------------------- In the Nexus repository there are 2 main problems (unrelated to each other) that arise from the default settings: * The default user is always set to be admin/admin123 – CWE-521 * Any unauthenticated user can read/download resources from Nexus – CWE-276 This means all the images in the repository can be download just by accessing the repository, with no authentication needed, or by authenticating as the default admin account if unchanged. --------------------------------------------- https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-t… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Camera Firm Arlo Zaps High-Severity Bugs ∗∗∗ --------------------------------------------- Bugs in Arlo Technologies’ equipment allow a local attacker to take control of Alro wireless home video security cameras. --------------------------------------------- https://threatpost.com/arlo-zaps-high-severity-bugs/146216/ ∗∗∗ Magento 2.3.1: Unauthenticated Stored XSS to RCE ∗∗∗ --------------------------------------------- This blog post shows how the combination of a HTML sanitizer bug and a Phar Deserialization in the popular eCommerce solution Magento <=2.3.1 lead to a high severe exploit chain. This chain can be abused by an unauthenticated attacker to fully takeover certain Magento stores and to redirect payments. --------------------------------------------- https://blog.ripstech.com/2019/magento-rce-via-xss/ ∗∗∗ Websites can feed Tridactyl fake key events ∗∗∗ --------------------------------------------- Malicious websites could feed keys to Tridactyl which it would execute as if a user had pressed them, outside of the command line. If the native messenger was installed, an attacker could execute arbitrary programs ... All Tridactyl versions released between September 2018 and June 14th 2019 were affected, i.e. 1.14.0 <= v <= 1.14.10 and 1.15.0. --------------------------------------------- https://github.com/tridactyl/tridactyl/security/advisories/GHSA-7qr7-93pf-h… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pdns), Fedora (kernel and kernel-headers), Mageia (cgit and firefox), Oracle (libssh2 and qemu-kvm), Red Hat (openstack-ironic-inspector, openstack-tripleo-common, and qemu-kvm-rhev), Scientific Linux (libssh2 and qemu-kvm), SUSE (bzip2, cronie, libtasn1, nmap, php7, php72, python-Twisted, and taglib), and Ubuntu (thunderbird and znc). --------------------------------------------- https://lwn.net/Articles/792705/ ∗∗∗ QEMU: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert. Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0563 ∗∗∗ FreeBSD Project FreeBSD OS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in FreeBSD Project FreeBSD OS ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand hervorrufen, Informationen einzusehen oder seine Privilegien zu eskalieren. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0561 ∗∗∗ Vuln: Schneider Electric Modicon Controllers CVE-2019-6819 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/109004 ∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Virtual Domain Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM Java SDK affect Rational Build Forge (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin:IBM Content Navigator is affected by a local file inclusion vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletinibm-content-navigator-… ∗∗∗ IBM Security Bulletin: Vulnerability in kernel affects Power Hardware Management Console (CVE-2018-14633) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-kern… ∗∗∗ IBM Security Bulletin: Guardium StealthBits Integration is affected by an SQLite vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-guardium-stealthbits-… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact Session Management – Session Fixation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-netcool-im… ∗∗∗ IBM Security Bulletin: IBM Application Performance Management could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names (CVE-2019-4131) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-application-perfo… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM® WebSphere™ Application Server and IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: It is possible to download arbitrary server files via ViewONE server (CVE-2019-4260) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-it-is-possible-to-dow… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM HTTP Server affects IBM Netezza Performance Portal ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ HPESBHF03943 rev.1 - Certain HPE Servers using AMD EPYC 7001 series Processors, Local Disclosure of Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.07.2019
by Daily end-of-shift report 02 Jul '19

02 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 01-07-2019 18:00 − Dienstag 02-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Network Time Security: Sichere Uhrzeit übers Netz ∗∗∗ --------------------------------------------- Fast alle modernen Geräte synchronisieren ihre Uhrzeit übers Internet. Das dafür genutzte Network Time Protocol ist nicht gegen Manipulationen geschützt - bisher. Mit der Erweiterung Network Time Security soll sich das ändern. --------------------------------------------- https://www.golem.de/news/network-time-security-sichere-uhrzeit-uebers-netz… ∗∗∗ IT-Sicherheit: BSI erarbeitet neue Mindeststandards für Browser ∗∗∗ --------------------------------------------- Vor zwei Jahren formulierte das Bundesamt für Sicherheit in der Informationstechnik Anforderungen an sichere Browser. Nun soll das Dokument aktualisiert werden, um Kommentierung wird gebeten. --------------------------------------------- https://www.golem.de/news/it-sicherheit-bsi-erarbeitet-neue-mindeststandard… ∗∗∗ Using Powershell in Basic Incident Response - A Domain Wide "Kill-Switch", (Tue, Jul 2nd) ∗∗∗ --------------------------------------------- Now that we have the hashes for all the running processes in the AD Domain, and also have the VT Score for each hash in the system, how can we use this information? Incident Response comes immediately to mind for me. If you've ever been in a medium-to-large-scale "incident", the situation that you often find is 'we know everything seems to be infected, but out of thousands of machines, which ones are actually infected right now? --------------------------------------------- https://isc.sans.edu/diary/rss/25088 ∗∗∗ Tale of a Windows Error Reporting Zero-Day (CVE-2019-0863) ∗∗∗ --------------------------------------------- In December 2018, a hacker who goes by the alias ‘SandboxEscaper’ publicly disclosed a zero-day vulnerability in the Windows Error Reporting (WER) component. Digging deeper into her submission, I discovered another zero-day vulnerability, which could be abused to elevate system privileges. According to the Microsoft advisory, attackers exploited this bug as a zero-day in the wild until the patch was released in May 2019. So how did this bug work exactly? --------------------------------------------- https://unit42.paloaltonetworks.com/tale-of-a-windows-error-reporting-zero-… ∗∗∗ Firefox 68: Mozilla behebt Konflikte zwischen Browser und Antiviren-Software ∗∗∗ --------------------------------------------- Frühere Firefox-Versionen kollidierten häufig mit AV-Software; Fehlermeldungen und Verbindungsprobleme waren die Folge. Mit Version 68 soll sich das ändern. --------------------------------------------- https://heise.de/-4460657 ∗∗∗ The art and science of password hashing ∗∗∗ --------------------------------------------- The recent FlipBoard breach shines a spotlight again on password security and the need for organizations to be more vigilant. Password storage is a critical area where companies must take steps to ensure they don’t leave themselves and their customer data vulnerable. Storing passwords in plaintext is recognized as a major cybersecurity blunder. --------------------------------------------- https://www.helpnetsecurity.com/2019/07/02/password-hashing/ ∗∗∗ SD-WAN Security Assessment: The First Hours ∗∗∗ --------------------------------------------- SD-WAN Security Assessment: The First HoursIntroductionSuppose you need to perform a security assessment of an SD-WAN solution.There are several reasons for this and one of them is selecting an SD-WAN provider or product.A traditional SD-WAN system involves many planes, technologies, mechanisms, services, protocols and features.It has distributed and multilayered architecture. So where should you start? --------------------------------------------- http://www.scada.sl/2019/07/sd-wan-security-assessment-first-hours.html ∗∗∗ Achtung Fake: cyberino.store ∗∗∗ --------------------------------------------- Bestellen Sie nicht bei cyberino.store, denn Sie werden Ihre Ware nie erhalten. Es handelt sich um einen Fake-Shop! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-fake-cyberinostore/ ∗∗∗ In eigener Sache: CERT.at sucht Verstärkung ∗∗∗ --------------------------------------------- Für unsere täglichen Routineaufgaben suchen wir derzeit 1 Berufsein- oder -umsteiger/in mit ausgeprägtem Interesse an IT-Security, welche/r uns bei den täglich anfallenden Standard-Aufgaben unterstützt. Details finden sich auf unserer Jobs-Seite. --------------------------------------------- http://www.cert.at/services/blog/20190702153623-2489.html ===================== = Vulnerabilities = ===================== ∗∗∗ SquirrelMail XSS ∗∗∗ --------------------------------------------- When viewing e-mails in HTML mode (not active by default) SquirrelMail applies a custom sanitization step in an effort to remove possibly malicious script and other content from the viewed e-mail. Due to improper handling of RCDATA and RAWTEXT type elements, the HTML parser used in this process shows differences compared to real user agent behavior. Exploiting these differences JavaScript code can be introduced which is not removed. --------------------------------------------- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-… ∗∗∗ Patchday: Android und das löchrige Media Framework ∗∗∗ --------------------------------------------- Google hat Sicherheitsupdates veröffentlicht, die kritische Lücken in Pixel-Smartphones schließen. --------------------------------------------- https://heise.de/-4460308 ∗∗∗ VMSA-2019-0010 ∗∗∗ --------------------------------------------- VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0010.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, firefox-developer-edition, libarchive, and vlc), CentOS (firefox, thunderbird, and vim), Debian (firefox-esr, openssl, and python-django), Fedora (glpi and xen), Mageia (thunderbird), openSUSE (ImageMagick, irssi, libheimdal, and phpMyAdmin), Red Hat (libssh2 and qemu-kvm), Scientific Linux (firefox, thunderbird, and vim), SUSE (389-ds, cf-cli, curl, dbus-1, dnsmasq, evolution, glib2, gnutls, graphviz, java-1_8_0-openjdk, and libxslt), [...] --------------------------------------------- https://lwn.net/Articles/792595/ ∗∗∗ Linux kernel vulnerability CVE-2019-3896 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04327111 ∗∗∗ TMM vulnerability CVE-2019-6628 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04730051 ∗∗∗ F5 TMUI and iControl Rest vulnerability CVE-2019-6634 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K64855220 ∗∗∗ iControl REST vulnerability CVE-2019-6637 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K29149494 ∗∗∗ TMM vulnerability CVE-2019-6629 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95434410 ∗∗∗ BIG-IP HTTP profile vulnerability CVE-2019-6631 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19501795 ∗∗∗ iControl REST vulnerability CVE-2019-6620 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20445457 ∗∗∗ iControl REST and tmsh vulnerability CVE-2019-6621 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20541896 ∗∗∗ iControl REST vulnerability CVE-2019-6641 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K22384173 ∗∗∗ BIG-IP TMUI vulnerability CVE-2019-6625 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K79902360 ∗∗∗ iControl REST vulnerability CVE-2019-6638 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K67825238 ∗∗∗ SNMP vulnerability CVE-2019-6640 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K40443301 ∗∗∗ BIG-IP Appliance mode vulnerability CVE-2019-6633 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K73522927 ∗∗∗ BIG-IP Appliance mode vulnerability CVE-2019-6635 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11330536 ∗∗∗ vCMP vulnerability CVE-2019-6632 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01413496 ∗∗∗ F5 SSL Orchestrator vulnerability CVE-2019-6630 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33444350 ∗∗∗ F5 SSL Orchestrator vulnerability CVE-2019-6627 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K36320691 ∗∗∗ BIG-IP AFM and PEM TMUI XSS vulnerability CVE-2019-6639 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K61002104 ∗∗∗ iControl REST vulnerability CVE-2019-6622 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44885536 ∗∗∗ TMM vulnerability CVE-2019-6623 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K72335002 ∗∗∗ BIG-IP TMUI XSS vulnerability CVE-2019-6626 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00432398 ∗∗∗ IP Intelligence Feed List TMUI vulnerability CVE-2019-6636 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K68151373 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.07.2019
by Daily end-of-shift report 01 Jul '19

01 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 28-06-2019 18:00 − Montag 01-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mehrere Sicherheitslücken im Datenbankmanagementsystem IBM Db2 ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für IBM Db2. Insgesamt gilt das Sicherheitsrisiko als "hoch". --------------------------------------------- https://heise.de/-4457961 ∗∗∗ Verschlüsselte Kommunikation: Angriff auf PGP-Keyserver demonstriert hoffnungslose Situation ∗∗∗ --------------------------------------------- Mit einem gezielten Angriff auf zwei PGP-Schlüssel demonstrieren Unbekannte, dass ein zentraler Teil der PGP-Infrastruktur wahrscheinlich unrettbar kaputt ist. --------------------------------------------- https://heise.de/-4458354 ∗∗∗ Sicherheitsupdates: BIG-IP-Appliances von F5 angreifbar ∗∗∗ --------------------------------------------- In verschiedenen Netzwerkprodukten vom Hersteller F5 findet sich eine Root-Schwachstelle. --------------------------------------------- https://heise.de/-4457976 ∗∗∗ RATs and stealers rush through “Heaven’s Gate” with new loader ∗∗∗ --------------------------------------------- By Holger Unterbrink and Edmund Brumaghin. Executive summaryMalware is constantly finding new ways to avoid detection. This doesnt mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the radar for just a few days is enough to infect sufficient machines to earn a decent amount of revenue for an attack. --------------------------------------------- https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-h… ∗∗∗ Achtung vor Job-Angeboten der Wentics GmbH ∗∗∗ --------------------------------------------- Arbeitssuchende, die Job-Börsen bei der Suche nach dem neuen Beruf nutzen, müssen sich vor betrügerischen Angeboten in Acht nehmen. So kontaktieren Kriminelle beispielsweise als Wentics GmbH Internetnutzer/innen und bieten verlockende Jobs im Home Office gegen hervorragende Bezahlung an. Betroffene dürfen keine Daten übermitteln, denn es handelt sich um einen Identitätsmissbrauch zum Zweck der Geldwäsche! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-job-angeboten-der-wentic… ∗∗∗ Netzpolitik - Phishing-Mails: Betrüger setzen nun auf QR-Codes ∗∗∗ --------------------------------------------- Betrüger versuchen, Sharepoint-Logindaten zu bekommen – Bildcodes gelangen durch Spamfilter --------------------------------------------- https://derstandard.at/2000105726829/Phishing-Mails-Betrueger-setzen-nun-au… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Kritische Lücke in Firewalls und Hotspots von Zyxel ∗∗∗ --------------------------------------------- Verschiedene Netzwerkgeräte von Zyxel sind über eine kritische Schwachstelle attackierbar. --------------------------------------------- https://heise.de/-4458725 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (expat, golang-go.crypto, gpac, and rdesktop), Fedora (chromium, GraphicsMagick, kernel, kernel-headers, pdns, and xen), openSUSE (chromium, dbus-1, evince, libvirt, postgresql96, tomcat, and wireshark), Oracle (thunderbird and vim), Scientific Linux (thunderbird), Slackware (irssi), SUSE (gvfs), and Ubuntu (linux-lts-xenial, linux-aws, linux-azure and linux-oem, linux-oracle, linux-raspi2, linux-snapdragon). --------------------------------------------- https://lwn.net/Articles/792463/ ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is impacted by multiple PHP vulnerabilities(CVE-2019-11038 CVE-2019-11039 CVE-2019-11040) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a FileServer functionality vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: A vulnerabilityin IBM Java Runtime affect Financial Transaction Manager for Check Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerabilityin-ibm… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: API Connect is impacted by an information leakage vulnerability in Oracle MySQL (CVE-2018-3123) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-impact… ∗∗∗ IBM Security Bulletin: Password disclosure in IBM Spectrum Protect Server (CVE-2019-4140) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-disclosure-i… ∗∗∗ IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2018-1922, CVE-2018-1923, CVE-2018-1936, CVE-2018-1978, CVE-2018-1980, CVE-2019-4014, CVE-2019-4015, CVE-2019-4016, CVE-2019-4094) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerab… ∗∗∗ IBM Security Bulletin: IBM Planning Analytics Administration is affected by a vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-planning-analytic… ∗∗∗ IBM Security Bulletin: IBM Cloud Private Monitoring is vulnerable to XSS attack in Prometheus (CVE-2018-14041) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-mon… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily July 2019