Daily September 2019

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - 16.09.2019
by Daily end-of-shift report 16 Sep '19

16 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-09-2019 18:00 − Montag 16-09-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Gefährliche Sicherheitslücken in Überwachungskameras von Dahua ∗∗∗ --------------------------------------------- Angreifer könnten einige Dahua-Überwachungskameras attackieren und in ein Botnetz zwingen. Sicherheitsupdates stehen zum Download bereit. --------------------------------------------- https://heise.de/-4523355 ∗∗∗ Fake-Bewerbung von "Eva Richter" hat Erpressungstrojaner Ordinypt im Gepäck ∗∗∗ --------------------------------------------- Vorsicht: Derzeit sind wieder gefälschte Bewerbungen mit gefährlichem Dateianhang in Umlauf. Wer darauf reinfällt, steht vor einem digitalen Scherbenhaufen. --------------------------------------------- https://heise.de/-4523365 ∗∗∗ How to Enable Ransomware Protection in Windows 10 ∗∗∗ --------------------------------------------- Windows Defender includes a security feature called "Ransomware Protection" that allows you to enable various protections against ransomware infections. This feature is disabled by default in Windows 10, but with ransomware running rampant, it is important to enable this feature in order to get the most protection on your computer. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/how-to-enable-ransomware-pr… ∗∗∗ iPhone: PIN-Sperre in iOS 13 umgangen ∗∗∗ --------------------------------------------- Der Sperrbildschirm in iOS 13 kann mit einem einfachen Trick umgangen werden. So kann auf das Adressbuch des Besitzers zugegriffen werden. iOS 13 soll am 19. September veröffentlicht werden - die Lücke will Apple bis dahin nicht schließen. --------------------------------------------- https://www.golem.de/news/iphone-pin-sperre-in-ios-13-umgangen-1909-143860-… ∗∗∗ WordPress XSS Bug Allows Drive-By Code Execution ∗∗∗ --------------------------------------------- Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover. --------------------------------------------- https://threatpost.com/wordpress-xss-drive-by-code-execution/148324/ ∗∗∗ Dissecting the WordPress 5.2.3 Update ∗∗∗ --------------------------------------------- Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to day work is to analyse these security releases, discover what security issue it is fixing and come up with a Proof of Concept for further internal testing. --------------------------------------------- https://blog.sucuri.net/2019/09/dissecting-the-wordpress-5-2-3-update.html ∗∗∗ Smishing Explained: What It Is and How to Prevent It ∗∗∗ --------------------------------------------- Do you remember the last time you’ve interacted with a brand, political cause, or fundraising campaign via text message? Have you noticed these communications occurring more frequently as of late? It’s no accident. Whereas marketers and communications professionals can’t count on email opens or users accepting push notifications from apps, they’re well aware that around [...] --------------------------------------------- https://www.webroot.com/blog/2019/09/16/smishing-explained-what-it-is-and-h… ∗∗∗ You Can Run, But You Can't Hide - Detecting Process Reimaging Behavior ∗∗∗ --------------------------------------------- Around 3 months ago, a new attack technique was introduced to the InfoSec community known as "Process Reimaging." This technique was released by the McAfee Security team in a blog titled — "In NTDLL I Trust - Process Reimaging and Endpoint Security Solution Bypass." A few days after this attack technique was released, a co-worker and friend of mine - Dwight Hohnstein - came out with proof of concept code demonstrating this technique, [...] --------------------------------------------- https://posts.specterops.io/you-can-run-but-you-cant-hide-detecting-process… ∗∗∗ Open source breach and attack simulation tool Infection Monkey gets new features ∗∗∗ --------------------------------------------- Guardicore, a leader in internal data center and cloud security, unveiled new capabilities for its Infection Monkey that make it the industry’s first Zero Trust assessment tool. Added features extend the functionality of the already successful Infection Monkey, a free, open source breach and attack simulation tool used by thousands to demonstrate and analyze their environments against lateral movement and attacks. --------------------------------------------- https://www.helpnetsecurity.com/2019/09/16/infection-monkey-tool/ ∗∗∗ LastPass Patches Bug Leaking Last-Used Credentials ∗∗∗ --------------------------------------------- A vulnerability recently addressed in LastPass could be abused by attackers to expose the last site credentials filled by LastPass. A freemium password manager, LastPass stores encrypted passwords online and provides users with a web interface to access them, as well as with plugins for web browsers and apps for smartphones. --------------------------------------------- https://www.securityweek.com/lastpass-patches-bug-leaking-last-used-credent… ∗∗∗ Sophos open-sources Sandboxie, a utility for sandboxing any application ∗∗∗ --------------------------------------------- Sandboxie is now a free download. Source code to be open-sourced at a later date. --------------------------------------------- https://www.zdnet.com/article/sophos-open-sources-sandboxie-a-utility-for-s… ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2019-0013 ∗∗∗ --------------------------------------------- VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities. (CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0013.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ansible, faad2, linux-4.9, and thunderbird), Fedora (jbig2dec, libextractor, sphinx, and thunderbird), Mageia (expat, kconfig, mediawiki, nodejs, openldap, poppler, thunderbird, webkit2, and wireguard), openSUSE (buildah, ghostscript, go1.12, libmirage, python-urllib3, rdesktop, and skopeo), SUSE (python-Django), and Ubuntu (exim4, ibus, and Wireshark). --------------------------------------------- https://lwn.net/Articles/799324/ ∗∗∗ [remote] Inteno IOPSYS Gateway - Improper Access Restrictions ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/47390 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.09.2019
by Daily end-of-shift report 13 Sep '19

13 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 12-09-2019 18:00 − Freitag 13-09-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Rig Exploit Kit Delivering VBScript, (Thu, Sep 12th) ∗∗∗ --------------------------------------------- I detected the following suspicious traffic on a corporate network. It was based on multiples infection stages and looked interesting enough to publish a diary about it. This is also a good reminder that, just by surfing the web, you can spot malicious scripts that will try to infect your computer (Exploit Kits). --------------------------------------------- https://isc.sans.edu/diary/rss/25318 ∗∗∗ Hacking LED Wristbands: A ‘Lightning’ Recap of RF Security Basics ∗∗∗ --------------------------------------------- We’re always eager for new research and learning opportunities, but this time, serendipitously, the opportunity found us. At the closing party of the Hack In The Box Amsterdam conference — where we presented our industrial radio research and ran a CTS contest — we were given LED wristbands to wear. They’re flashing wristbands meant to enhance the experience of an event, party, or show. At the beginning, we were not interested in the security impact; we just wanted to [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/MzmWyorokxA/ ∗∗∗ InnfiRAT: A new RAT aiming for your cryptocurrency and more ∗∗∗ --------------------------------------------- Recently, the Zscaler ThreatLabZ team came across a new RAT called InnfiRAT, which is written in .NET and designed to perform specific tasks from an infected machine. This blog provides an analysis of this new RAT, including the way it communicates, all the tasks it performs, and the information it steals. --------------------------------------------- https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptoc… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, dnsmasq, and golang-go.crypto), Mageia (docker, firefox, flash-player-plugin, ghostscript, links, squid, sympa, tcpflow, thunderbird, and znc), openSUSE (srt), Oracle (.NET Core, kernel, libwmf, and poppler), Scientific Linux (firefox), SUSE (cri-o, curl, java-1_8_0-ibm, python-SQLAlchemy, and python-urllib3), and Ubuntu (curl and expat). --------------------------------------------- https://lwn.net/Articles/799127/ ∗∗∗ Philips IntelliVue WLAN ∗∗∗ --------------------------------------------- This medical advisory contains mitigations for use of hard-coded password, and download of code without integrity check vulnerabilities in Philips IntelliVue WLAN firmware. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsma-19-255-01 ∗∗∗ 3S-Smart Software Solutions GmbH CODESYS V3 Web Server ∗∗∗ --------------------------------------------- This advisory contains mitigations for path traversal and stack-based buffer overflow vulnerabilities in 3S-Smart Software Solutions CODESYS V3 runtime systems. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-255-01 ∗∗∗ 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager ∗∗∗ --------------------------------------------- This advisory contains mitigations for a cross-site scripting vulnerability in 3S-Smart Software Solutions CODESYS V3 library manager software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-255-02 ∗∗∗ 3S-Smart Software Solutions GmbH CODESYS Control V3 Online User Management ∗∗∗ --------------------------------------------- This advisory contains mitigations for an incorrect permission assignment for critical resource vulnerability in 3S-Smart Software Solutions CODESYS Control V3 online user management software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-255-03 ∗∗∗ 3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server ∗∗∗ --------------------------------------------- This advisory contains mitigations for a NULL pointer dereference vulnerability in 3S-Smart Software Solutions CODESYS Control V3 OPC UA Server. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-255-04 ∗∗∗ 3S-Smart Software Solutions GmbH CODESYS V3 Products Containing a CODESYS Communication Server ∗∗∗ --------------------------------------------- This advisory contains mitigations for an improper input validation vulnerability in 3S-Smart Software Solutions CODESYS V3 runtime systems. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-255-05 ∗∗∗ Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs) ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN11708203/ ∗∗∗ libssh2 vulnerability CVE-2019-13115 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13322484 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.09.2019
by Daily end-of-shift report 12 Sep '19

12 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 11-09-2019 18:00 − Donnerstag 12-09-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ 1B Mobile Users Vulnerable to Ongoing 'SimJacker' Surveillance Attack ∗∗∗ --------------------------------------------- More than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors, researchers warn. --------------------------------------------- https://threatpost.com/1b-mobile-users-vulnerable-to-ongoing-simjacker-surv… ∗∗∗ Attacking the VM Worker Process ∗∗∗ --------------------------------------------- In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. --------------------------------------------- https://msrc-blog.microsoft.com:443/2019/09/11/attacking-the-vm-worker-proc… ∗∗∗ From BinDiff to Zero-Day: A Proof of Concept Exploiting CVE-2019-1208 in Internet Explorer ∗∗∗ --------------------------------------------- Last June, I disclosed a use-after-free (UAF) vulnerability in Internet Explorer (IE) to Microsoft. It was rated as critical, designated as CVE-2019-1208, and then addressed in Microsoft’s September Patch Tuesday. I discovered this flaw through BinDiff (a binary code analysis tool) and wrote a proof of concept (PoC) showing how it can be fully and consistently exploited in Windows 10 RS5.A more in-depth analysis of this vulnerability is in this technical brief. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/NkmJvxTNnHM/ ∗∗∗ Phishing & Co: Betrüger nutzen Start der PSD2-Richtlinie aus ∗∗∗ --------------------------------------------- Die neue Zahlungsdienste-Richtlinie der EU steht vor der Umsetzung. Das sorgt für Verwirrung, die Betrüger schamlos ausnutzen. --------------------------------------------- https://heise.de/-4522179 ∗∗∗ Five years later, Heartbleed vulnerability still unpatched ∗∗∗ --------------------------------------------- The Heartbleed vulnerability was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems. --------------------------------------------- https://blog.malwarebytes.com/malwarebytes-news/2019/09/everything-you-need… ∗∗∗ Sind meine persönlichen Daten im Internet bekannt? ∗∗∗ --------------------------------------------- Wenn es Kriminellen gelingt, in Datenbanken von Unternehmen zu gelangen, können sie KundInnendaten stehlen. Mit den erbeuteten Informationen ist es ihnen möglich, dass sie Verbrechen unter fremden Namen begehen. KonsumentInnen sollten deshalb regelmäßig überprüfen, ob sie von einem Datendiebstahl betroffen sind, um geeignete Gegenmaßnahmen ergreifen zu können. --------------------------------------------- https://www.watchlist-internet.at/news/sind-meine-persoenlichen-daten-im-in… ∗∗∗ Warnung vor Ron Inkasso-Mahnungen ∗∗∗ --------------------------------------------- KonsumentInnen erhalten eine Mahnung, die angeblich von der Ron Adams Ltd stammt. Darin heißt es, dass sie sich auf grindplay.com registriert haben. Sie sollen dem Anbieter für ein Premium–Jahresabo 395,88 Euro zuzüglich Mahnspesen und Verzugszinsen gesamt 516,24 Euro bezahlen. KonsumentInnen müssen den Betrag nicht an ron-inkasso.eu bezahlen, denn das Schreiben ist betrügerisch. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-ron-inkasso-mahnungen/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (exim, firefox, and webkit2gtk), Debian (libonig and opensc), Fedora (cobbler), Oracle (firefox and kernel), Red Hat (flash-plugin, kernel, kernel-rt, rh-maven35-jackson-databind, rh-nginx110-nginx, and rh-nginx112-nginx), Scientific Linux (kernel), Slackware (curl, mozilla, and openssl), SUSE (ceph, libvirt, and python-Werkzeug), and Ubuntu (vlc and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/799052/ ∗∗∗ Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Linux Kernel vulnerabilities affect IBM Spectrum Protect Plus CVE-2019-10140, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-13233, CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-15090, CVE-2019-15807, ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-linux-kernel-vulnerab… ∗∗∗ IBM Security Bulletin: SQL Injection Vulnerability Affects IBM Sterling File Gateway (CVE-2019-4147) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-sql-injection-vulnera… ∗∗∗ Stored and reflected XSS vulnerabilities in LimeSurvey (CVE-2019-16172, CVE-2019-16173) ∗∗∗ --------------------------------------------- https://sec-consult.com/en/blog/advisories/stored-and-reflected-xss-vulnera… ∗∗∗ Wireshark: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0813 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.09.2019
by Daily end-of-shift report 11 Sep '19

11 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 10-09-2019 18:00 − Mittwoch 11-09-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ OpenDMARC: Aktiv ausgenutzte DMARC-Sicherheitslücke ohne Fix ∗∗∗ --------------------------------------------- Mitarbeiter von Protonmail haben in OpenDMARC eine Sicherheitslücke entdeckt, mit der sich die Signaturprüfung austricksen lässt. Angreifer haben die Lücke bereits für Phishingangriffe gegen Journalisten genutzt. OpenDMARC wird offenbar nicht weiterentwickelt und es gibt kein Update. --------------------------------------------- https://www.golem.de/news/opendmarc-aktiv-ausgenutzte-dmarc-sicherheitsluec… ∗∗∗ Office 365: prone to security breaches? ∗∗∗ --------------------------------------------- Author: Willem Zeeman "Office 365 again?". At the Forensics and Incident Response department of Fox-IT, this is heard often. Office 365 breach investigations are common at our department. You'll find that this blog post actually doesn't make a case for Office 365 being inherently insecure – rather, it discusses some of the predictability of Office [...] --------------------------------------------- https://blog.fox-it.com/2019/09/11/office-365-prone-to-security-breaches/ ∗∗∗ NetCAT ∗∗∗ --------------------------------------------- NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). With NetCAT, we show this threat extends to untrusted clients over the network, which can now leak sensitive data such as keystrokes in a SSH session from remote servers with no local access. --------------------------------------------- https://www.vusec.net/projects/netcat/ ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Angreifer attackieren Windows und machen sich zum Admin ∗∗∗ --------------------------------------------- Microsoft hat wichtige Sicherheitsupdates für Office, Windows & Co. veröffentlicht. Einige Lücken gelten als kritisch. --------------------------------------------- https://heise.de/-4519699 ∗∗∗ Patchday: SAP behebt unter anderem kritische Lücke in NetWeaver ∗∗∗ --------------------------------------------- Am September-Patchday hat SAP zahlreiche Lücken geschlossen und überdies einige ältere Security Advisories aktualisiert. --------------------------------------------- https://heise.de/-4519758 ∗∗∗ Delta Electronics TPEditor ∗∗∗ --------------------------------------------- This advisory contains mitigations for stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds write vulnerabilities in Delta Electronics TPEditor, a programming software for Delta text panels. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-253-01 ∗∗∗ OSIsoft PI SQL Client ∗∗∗ --------------------------------------------- This advisory contains mitigations for an integer overflow or wraparound vulnerability in OSIsofts PI SQL Client component interface. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-253-06 ∗∗∗ Intel Releases Security Updates ∗∗∗ --------------------------------------------- Original release date: September 10, 2019Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/09/10/intel-releases-sec… ∗∗∗ OpenSSL Security Advisory [10 September 2019] ∗∗∗ --------------------------------------------- ECDSA remote timing attack (CVE-2019-1547) Fork Protection (CVE-2019-1549) Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) --------------------------------------------- https://openssl.org/news/secadv/20190910.txt ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (python38), openSUSE (nginx, nodejs10, nodejs8, python-Twisted, python-Werkzeug, SDL2_image, SDL_image, and util-linux and shadow), Oracle (firefox and nghttp2), Red Hat (.NET Core, firefox, kernel, libwmf, pki-deps:10.6, and poppler), Scientific Linux (firefox), SUSE (ghostscript, libgcrypt, podman, python-SQLAlchemy, qemu, and webkit2gtk3), and Ubuntu (curl, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, systemd, and tomcat8). --------------------------------------------- https://lwn.net/Articles/798966/ ∗∗∗ Citrix SD-WAN Security Update ∗∗∗ --------------------------------------------- CTX256918 NewApplicable Products : Citrix SD-WANMultiple denial of service vulnerabilities have been identified in the Citrix SD-WAN Appliance and Citrix SD-WAN Center Management Console. --------------------------------------------- https://support.citrix.com/article/CTX256918 ∗∗∗ IBM Security Bulletin: Spectrum Protect Operations Center vulnerable to Logjam (CVE-2015-4000) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spectrum-protect-oper… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.09.2019
by Daily end-of-shift report 10 Sep '19

10 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Montag 09-09-2019 18:00 − Dienstag 10-09-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ How to Audit & Cleanup WordPress Plugins & Themes ∗∗∗ --------------------------------------------- In an interview with Smashing Magazine our CoFounder (now Head of Security Products at GoDaddy) Tony Perez was asked the following question. What Makes WordPress Vulnerable? "Here's the simple answer. Old versions of WordPress, along with theme and plugin vulnerabilities, multiplied by the CMS' popularity, with the end user thrown into the mix, make for a vulnerable website." --------------------------------------------- https://blog.sucuri.net/2019/09/wordpress-plugin-audit.html ∗∗∗ IoT Attack Opportunities Seen in the Cybercrime Underground ∗∗∗ --------------------------------------------- We looked into IoT-related discussions from several cybercrime underground communities. We found discussions ranging from tutorials to actual monetization schemes for IoT-related attacks. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/i588EjgxMnI/ ∗∗∗ When corporate communications look like a phish ∗∗∗ --------------------------------------------- Before organizations engage in gnashing of teeth over the "ignorant user" and the cost of training, think about how much email users encounter and whether corporate communications look like phishes themselves. --------------------------------------------- https://blog.malwarebytes.com/business-2/2019/09/when-corporate-communicati… ∗∗∗ Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study ∗∗∗ --------------------------------------------- Executive Summary Malware evasion techniques are widely used to circumvent detection as well as analysis and understanding. One of the dominant categories of evasion is anti-sandbox detection, simply because today’s sandboxes are becoming the fastest and easiest way to have an overview of the threat. --------------------------------------------- https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/evolution-of-ma… ∗∗∗ Achung Phishing: betrügerische Raiffeisen E-Mails im Umlauf ∗∗∗ --------------------------------------------- Kriminelle behaupten Ihre Kreditkarte wäre gesperrt: Mit der neuen EU-Richtlinie als Vorwand, erhalten momentan zahlreiche Bank-Kundinnen und Kunden Phishing-Mails. Laut den E-Mails schreibt die Richtlinie angeblich die Bestätigung Ihrer persönlichen Daten vor. Der angeführte Link führt Sie jedoch auf eine gefälschte Login-Seite. Kriminelle erspähen Ihre Daten. --------------------------------------------- https://www.watchlist-internet.at/news/achung-phishing-betruegerische-raiff… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Application Manager (APSB19-45) and Adobe Flash Player (APSB19-46). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided "AS IS" with no warranties and confers no rights. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1785 ∗∗∗ Multiple Vulnerabilities in Comba and D-Link Routers ∗∗∗ --------------------------------------------- There are five new credential leaking vulnerabilities discovered and disclosed by Simon Kenin. Two are in a D-Link DSL modem typically installed to connect a home network to an ISP. The other three are in multiple Comba Telecom WiFi devices. All the vulnerabilities involve insecure storage of credentials including three where cleartext credentials available to any user with network access to the device. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-vu… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (docker.io, icedtea-web, and trafficserver), openSUSE (opera), Red Hat (bind, firefox, go-toolset:rhel8, kernel, nghttp2, and polkit), SUSE (buildah, curl, java-1_7_1-ibm, and skopeo), and Ubuntu (freetype, memcached, python2.7, python3.4, and python2.7, python3.5, python3.6, python3.7). --------------------------------------------- https://lwn.net/Articles/798883/ ∗∗∗ MISP 2.4.115 released (aka CVE-2019-16202 and sync speed improvement) ∗∗∗ --------------------------------------------- A new version of MISP (2.4.115) with a major security fix (CVE-2019-16202) and various small improvements has been released. We strongly recommend all MISP users update to this version. --------------------------------------------- https://www.misp-project.org/2019/09/10/MISP.2.4.115.released.html ∗∗∗ SSA-187667 (Last Update: 2019-09-10): DejaBlue Vulnerabilities - Siemens Healthineers Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-187667.pdf ∗∗∗ SSA-189842 (Last Update: 2019-09-10): TCP URGENT/11 Vulnerabilities in RUGGEDCOM Win ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf ∗∗∗ SSA-191683 (Last Update: 2019-09-10): Cross-Site Scripting Vulnerability in IE/WSN-PA Link WirelessHART Gateway ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf ∗∗∗ SSA-250618 (Last Update: 2019-09-10): Denial-of-Service Vulnerability in SIMATIC TDC CP51M1 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-250618.pdf ∗∗∗ SSA-462066 (Last Update: 2019-09-10): Vulnerability known as TCP SACK PANIC in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf ∗∗∗ SSA-834884 (Last Update: 2019-09-10): Vulnerability in SINETPLAN ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf ∗∗∗ SSA-884497 (Last Update: 2019-09-10): Multiple Vulnerabilities in SINEMA Remote Connect Server ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf ∗∗∗ GnuPG vulnerability CVE-2019-13050 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K08654551 ∗∗∗ Wireshark vulnerability CVE-2019-12295 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K06725231 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.09.2019
by Daily end-of-shift report 09 Sep '19

09 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 06-09-2019 18:00 − Montag 09-09-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ 7 most common application backdoors ∗∗∗ --------------------------------------------- The popular adage "we often get in quicker by the back door than the front" has withstood the test of time even in our advanced, modern world. Application backdoors have become rampant in today's business environment, making it mandatory for us to take the same level of precaution we'd do to safeguard the backdoor [...] --------------------------------------------- https://resources.infosecinstitute.com/7-most-common-application-backdoors/ ∗∗∗ 'Purple Fox' Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell ∗∗∗ --------------------------------------------- This new iteration of Purple Fox that we came across, also being delivered by Rig, has a few new tricks up its sleeve. It retains its rootkit component by abusing publicly available code. It now also eschews its use of NSIS in favor of abusing PowerShell, making Purple Fox capable of fileless infection. It also incorporated additional exploits to its infection chain, most likely as a foolproof mechanism to ensure that it can still infect the system. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/rRfjdvF4DOI/ ∗∗∗ Open Sourcing StringSifter ∗∗∗ --------------------------------------------- Malware analysts routinely use the Strings program during static analysis in order to inspect a binarys printable characters. However, identifying relevant strings by hand is time consuming and prone to human error. Larger binaries produce upwards of thousands of strings that can quickly evoke analyst fatigue, relevant strings occur less often than irrelevant ones, and the definition of "relevant" can vary significantly among analysts. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/09/open-sourcing-stringsif… ∗∗∗ BlueKeep Exploit Added to Metasploit ∗∗∗ --------------------------------------------- An initial public exploit targeting the recently addressed BlueKeep vulnerability in Microsoft Windows has been added to Rapid7's Metasploit framework. --------------------------------------------- https://www.securityweek.com/bluekeep-exploit-added-metasploit ∗∗∗ Kriminelle nützen Promis und Medien für Bitcoin-Betrug ∗∗∗ --------------------------------------------- Die Schadensummen reichen von etwa 200 Euro bis weit über 100.000 Euro: KonsumentInnen werden durch erfundene News-Artikel auf gefälschten Nachrichten-Websites zu Investments bei unseriösen Plattformen wie "Bitcoin Code", "Bitcoin Profit" oder "The News Spy" bewegt. Bekannte Persönlichkeiten wie Christoph Waltz oder Bill Gates und einflussreiche Medien wie orf.at oder Der Spiegel werden dabei von Kriminellen missbraucht, um Opfer [...] --------------------------------------------- https://www.watchlist-internet.at/news/kriminelle-nuetzen-promis-und-medien… ∗∗∗ Sicherheitsforscher warnen vor GPS-Uhren für Kinder: Sofort wegwerfen ∗∗∗ --------------------------------------------- Smartwatches für Kids mit horrender Sicherheit - Angreifer können mit Leichtigkeit, Heranwachsende und Eltern ausspionieren --------------------------------------------- https://www.derstandard.at/story/2000108423850/sicherheitsforscher-warnen-v… ∗∗∗ Telnet backdoor vulnerabilities impact over a million IoT radio devices ∗∗∗ --------------------------------------------- Devices can be remotely exploited as root without any need for user interaction. --------------------------------------------- https://www.zdnet.com/article/critical-vulnerabilities-impact-over-a-millio… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: Denial-of-service vulnerabilities in some NETGEAR routers ∗∗∗ --------------------------------------------- The NETGEAR N300 line of wireless routers contains two denial-of-service vulnerabilities. The N300 is a small and affordable wireless router that contains the basic features of a wireless router. An attacker could exploit these bugs by sending specific SOAP and HTTP requests to different functions of the router, causing it to crash entirely. --------------------------------------------- https://blog.talosintelligence.com/2019/09/vuln-spotlight-Netgear-N300-rout… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (expat, ghostscript, libreoffice, and memcached), Fedora (chromium, grafana, kea, nsd, pdfbox, roundcubemail, and SDL), Gentoo (apache, dbus, exim, libsdl2, pango, perl, vlc, and webkit-gtk), Mageia (dovecot, giflib, golang, icedtea-web, irssi, java-1.8.0-openjdk, libgcrypt, libmspack, mercurial, monit, php, poppler, python-urllib3, rdesktop, SDL12, sdl2, sigil, sqlite3, subversion, tomcat, and zstd), openSUSE (chromium, exim, go1.12, httpie, [...] --------------------------------------------- https://lwn.net/Articles/798826/ ∗∗∗ LibreOffice: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/09/warn… ∗∗∗ Instagram - Open Redirect Vulnerability ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2019090061 ∗∗∗ Photo Gallery by 10Web < 1.5.35 - SQL Injection & XSS ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9872 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer, Watson Content Analytics and Watson Explorer Content Analytics Studio (CVE-2018-1890, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.09.2019
by Daily end-of-shift report 06 Sep '19

06 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 05-09-2019 18:00 − Freitag 06-09-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ GootKit Malware Bypasses Windows Defender by Setting Path Exclusions ∗∗∗ --------------------------------------------- As Windows Defender matures and becomes tightly integrated into Windows 10, malware writers are creating techniques to evade its detection. Such is the case with the GootKit banking Trojan, which use a UAC bypass and WMIC commands to exclude the malware executable from being scanned by Windows Defender Antivirus. --------------------------------------------- https://www.bleepingcomputer.com/news/security/gootkit-malware-bypasses-win… ∗∗∗ [SANS ISC] PowerShell Script with a builtin DLL ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: “PowerShell Script with a builtin DLL“: Attackers are always trying to bypass antivirus detection by using new techniques to obfuscate their code. I recently found a bunch of scripts that encode part of their code in Base64. The code is decoded at execution [...] --------------------------------------------- https://blog.rootshell.be/2019/09/06/sans-isc-powershell-script-with-a-buil… ∗∗∗ Thousands of servers infected with new Lilocked (Lilu) ransomware ∗∗∗ --------------------------------------------- Researchers spot new ransomware targeting Linux-based servers. --------------------------------------------- https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilock… ===================== = Vulnerabilities = ===================== ∗∗∗ Buffer Overflow: Exim-Sicherheitslücke beim Verarbeiten von TLS-Namen ∗∗∗ --------------------------------------------- Im Mailserver Exim wurde eine Sicherheitslücke gefunden, die Angreifern das Ausführen von Code ermöglicht. Ein Update steht bereit. --------------------------------------------- https://www.golem.de/news/buffer-overflow-exim-sicherheitsluecke-beim-verar… ∗∗∗ BD Pyxis ∗∗∗ --------------------------------------------- This medical advisory contains mitigations for a session fixation vulnerability reported in BD’s Pyxis medication management platform. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsma-19-248-01 ∗∗∗ Red Lion Controls Crimson ∗∗∗ --------------------------------------------- This advisory includes mitigations for use after free, improper restriction of operations within the bounds of a memory buffer, pointer issues, and use of hard-coded cryptographic key vulnerabilities in the Red Lion Controls Crimson software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-248-01 ∗∗∗ MS-ISAC Releases Advisory on PHP Vulnerabilities ∗∗∗ --------------------------------------------- Original release date: September 5, 2019The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/09/05/ms-isac-releases-a… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (exim4 and firefox-esr), Fedora (lxc, lxcfs, pdfresurrect, python3-lxc, rdesktop, and seamonkey), Oracle (kernel), and SUSE (nginx, python-Werkzeug, SUSE Manager Client Tools, and util-linux and shadow). --------------------------------------------- https://lwn.net/Articles/798600/ ∗∗∗ Nagios Enterprises Nagios XI: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0790 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.09.2019
by Daily end-of-shift report 05 Sep '19

05 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 04-09-2019 18:00 − Donnerstag 05-09-2019 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Android Zero-Day Bug Does Not Make It on Google's Fix List ∗∗∗ --------------------------------------------- Google yesterday rolled out security patches for the Android mobile operating system but did not include the fix for at least one bug that enables increasing permissions to kernel level. --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-zero-day-bug-does-no… ∗∗∗ WordPress 5.2.3 Released with Security and Bug Fixes ∗∗∗ --------------------------------------------- WordPress 5.2.3 has been released and includes fixes for six vulnerabilities and 29 bugs or enhancements. As WordPress is a common target for threat actors looking to host their malicious campaigns, it is important that all WordPress users upgrade to the latest release as soon as possible. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-523-released-with-… ∗∗∗ Unifying: Sicherheitsupdate für Logitech-Tastaturen umgangen ∗∗∗ --------------------------------------------- Mit einem einfachen Trick kann ein Sicherheitsupdate von Logitech umgangen werden. Damit lassen sich weiterhin Eingaben von kabellosen Tastaturen abgreifen - oder Schadcode eintippen. Dabei hatte Logitech nicht einmal alle Sicherheitslücken behoben. --------------------------------------------- https://www.golem.de/news/unifying-sicherheitsupdate-fuer-logitech-tastatur… ∗∗∗ Das Smart‑Ding‑Dilemma ∗∗∗ --------------------------------------------- Vom 6.-11. September 2019 öffnet die Internationale Funkausstellung (IFA) in Berlin wieder ihre Pforten. Auch diesjährig wird das Thema "Vollvernetzung" die Messehallen beherrschen. Doch wie steht es nun, ein Jahr weiter, um die Sicherheit? --------------------------------------------- https://www.welivesecurity.com/deutsch/2019/09/05/das-smart-ding-dilemma/ ∗∗∗ henrikson-research.de: Umfrage führt zu Geldwäsche in Ihrem Namen! ∗∗∗ --------------------------------------------- Auf diversen Job-Portalen stoßen Sie momentan auf Ausschreibungen einer HENRIKSON Research GmbH. Schon bei der Registrierung verlangt man Ihre Ausweiskopie sowie Selfies mit Pass oder Personalausweis. Melden Sie sich hier nicht an! Kriminelle stehlen Ihre Daten und tarnen die Eröffnung eines Bankkontos in Ihrem Namen als bezahlte Umfrage. --------------------------------------------- https://www.watchlist-internet.at/news/henrikson-researchde-umfrage-fuehrt-… ∗∗∗ Betrügerische Angebote für Cineplexx-Gutscheine locken in die Abo-Falle ∗∗∗ --------------------------------------------- Mit Facebook-Anzeigen und über Facebook-Messenger werben Kriminelle für ein Gewinnspiel. Angeblich können Cineplexx-Geschenkgutscheine gewonnen werden. Das Gewinnspiel gibt es nicht. Die Kriminellen locken in eine Abofalle und sind auf Kreditkartendaten aus! --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-angebote-fuer-cineple… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Cisco sichert macOS- und Windows-Software ab – und noch mehr ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für verschiedene Cisco-Produkte. Angreifer könnten Schadcode auf Systemen ausführen. --------------------------------------------- https://heise.de/-4514009 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (webkit2gtk), Fedora (systemd), openSUSE (go1.11, python-Twisted, SDL2_image, SDL_image, and wavpack), Oracle (kdelibs and kde-settings, kernel, and qemu-kvm), Red Hat (chromium-browser and firefox), Slackware (seamonkey), SUSE (java-1_8_0-ibm, kernel, and python-urllib3), and Ubuntu (firefox and npm/fstream). --------------------------------------------- https://lwn.net/Articles/798487/ ∗∗∗ Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X ∗∗∗ --------------------------------------------- https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-cisc… ∗∗∗ Various 3rd Party Vulnerabilities - PSA-2019-09-04 ∗∗∗ --------------------------------------------- https://www.drupal.org/psa-2019-09-04 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.09.2019
by Daily end-of-shift report 04 Sep '19

04 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 03-09-2019 18:00 − Mittwoch 04-09-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hacked SharePoint Sites Used to Bypass Secure Email Gateways ∗∗∗ --------------------------------------------- Phishers behind a new campaign have switched to using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hacked-sharepoint-sites-used… ∗∗∗ Half of Android Handsets Susceptible to Clever SMS Phishing Attack ∗∗∗ --------------------------------------------- Researchers say an attacker could send a rogue over-the-air provisioning message to susceptible phones and route all internet traffic through a hacker-controlled proxy. --------------------------------------------- https://threatpost.com/half-of-android-handsets-susceptible-to-clever-sms-p… ∗∗∗ BRATA Android RAT Steals Banking Info in Real Time ∗∗∗ --------------------------------------------- The RAT targets users via fake WhatsApp updates in Google Play. --------------------------------------------- https://threatpost.com/brata-android-rat-steals-banking-info/148003/ ∗∗∗ ENISA: Secure Group Communications for incident response and operational communities ∗∗∗ --------------------------------------------- This document serves as a starting point for incident response communities to conduct their own evaluation and see how the various communication tools can fit their sizes and needs. --------------------------------------------- https://www.enisa.europa.eu/publications/secure-group-communications ∗∗∗ Spam In your Calendar? Here’s What to Do. ∗∗∗ --------------------------------------------- Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time and attention stops working. But periodically they circle back to old tricks, and few spam trends are as perennial as calendar spam, in which invitations to click on dodgy links show up unbidden in your digital calendar application from Apple, Google and Microsoft. Heres a brief primer on what you can do about it. --------------------------------------------- https://krebsonsecurity.com/2019/09/spam-in-your-calendar-heres-what-to-do/ ===================== = Vulnerabilities = ===================== ∗∗∗ Samba Releases Security Updates ∗∗∗ --------------------------------------------- Original release date: September 4, 2019 The Samba Team has released security updates to address a vulnerability in all versions of Samba from 4.9.0 onward. An attacker could exploit this vulnerability to obtain sensitive information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/09/04/samba-releases-sec… ∗∗∗ Forthcoming OpenSSL Releases ∗∗∗ --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1d, 1.1.0l and 1.0.2t. These releases will be made available on 10th September 2019 between approximately 1200-1600 UTC. These are security fix releases. The highest severity security issue fixed by these releases is rated as LOW. --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2019-September/000156.ht… ∗∗∗ Android Security Bulletin - September 2019 ∗∗∗ --------------------------------------------- [...] The most severe of these issues is a critical security vulnerability in the Media framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-09-01.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (grafana, irssi, and jenkins), Debian (freetype, samba, and varnish), Fedora (community-mysql, kernel, kernel-headers, kernel-tools, and python-mitogen), openSUSE (postgresql10 and python-SQLAlchemy), Oracle (kdelibs and kde-settings and squid:4), Red Hat (kdelibs and kde-settings, kernel, kernel-rt, openstack-nova, qemu-kvm, and redis), Scientific Linux (kdelibs and kde-settings, kernel, and qemu-kvm), SUSE (ansible, java-1_7_1-ibm, libosinfo, [...] --------------------------------------------- https://lwn.net/Articles/798357/ ∗∗∗ Security Advisory - Version Downgrade Vulnerabilities on Smartphones and HiSuite ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190904-… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4149) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.09.2019
by Daily end-of-shift report 03 Sep '19

03 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Montag 02-09-2019 18:00 − Dienstag 03-09-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Nemty Ransomware Gets Distribution from RIG Exploit Kit ∗∗∗ --------------------------------------------- The operators of Nemty ransomware appear to have struck a distribution deal to target systems with outdated technology that can still be infected by exploit kits. --------------------------------------------- https://www.bleepingcomputer.com/news/security/nemty-ransomware-gets-distri… ∗∗∗ Fake BleachBit Website Built to Distribute AZORult Info Stealer ∗∗∗ --------------------------------------------- Cybercriminals are taking advantage of the popularity of the BleachBit disk cleaning tool to spread Azorult information stealer. For this purpose, they created a static web page that purports to be the official website for the utility. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-bleachbit-website-built… ∗∗∗ Credential Management and Enforcement for ICS/SCADA environments ∗∗∗ --------------------------------------------- In the world of Operational Technology (OT), Industrial Control Systems (ICS) comprise the majority of the segment. Where ICS assets are dispersed and require centralized data acquisition and control, Supervisory Control and Data Acquisition (SCADA) systems are used. --------------------------------------------- https://resources.infosecinstitute.com/credential-management-and-enforcemen… ∗∗∗ Ratgeber vom Hersteller: So erkennt man gehackte Cisco-Geräte ∗∗∗ --------------------------------------------- Der Netzwerkausrüster Cisco hat vier Guides für verschiedene Software veröffentlicht, die helfen sollen, Hinweise auf mögliche Kompromittierungen zu finden. --------------------------------------------- https://heise.de/-4512704 ∗∗∗ Meet Domen, a New and Sophisticated Social Engineering Toolkit ∗∗∗ --------------------------------------------- A new social engineering toolkit has been discovered. The operational premise has been used many times, but the execution of that premise is new and described by security researchers "a beautiful piece of work". --------------------------------------------- https://www.securityweek.com/meet-domen-new-and-sophisticated-social-engine… https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2019… ∗∗∗ Diese Kleinanzeigen-Betrugsmasche sollten Sie kennen ∗∗∗ --------------------------------------------- BetrügerInnen versuchen auf Online-Marktplätzen wie willhaben, shpock und Co, ohne Bezahlung an Ihre Ware zu kommen. Sie geben sich als vermeintliche Zahlungsdienstleister und Zwischenvermittler aus und senden Ihnen eine gefälschte Zahlungsbestätigung. Das Geld wird angeblich erst für Sie freigegeben, wenn Sie den zu viel überwiesenen Betrag für das Speditionsunternehmen oder eine Versandbestätigung des Paketes übermitteln. --------------------------------------------- https://www.watchlist-internet.at/news/diese-kleinanzeigen-betrugsmasche-so… ===================== = Vulnerabilities = ===================== ∗∗∗ 'USBAnywhere' Bugs Open Supermicro Servers to Remote Attackers ∗∗∗ --------------------------------------------- Trivial-to-exploit authentication flaws can give an unsophisticated remote attacker omnipotent control over a server and its contents. --------------------------------------------- https://threatpost.com/usbanywhere-bugs-supermicro-remote-attack/147899/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (qemu), Fedora (ansible and wavpack), openSUSE (apache-commons-beanutils, apache2, go1.12, httpie, libreoffice, qemu, and slurm), Oracle (ghostscript), Scientific Linux (ghostscript), SUSE (ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, [...] --------------------------------------------- https://lwn.net/Articles/798225/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily September 2019