- Daily - CERT.at

Tageszusammenfassung - 13.03.2019
by Daily end-of-shift report 13 Mar '19

13 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-03-2019 18:00 − Mittwoch 13-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Zertifizierungsstellen: Millionen TLS-Zertifikate mit fehlendem Zufallsbit ∗∗∗ --------------------------------------------- Viele TLS-Zertifikate wurden nicht nach den geltenden Regeln ausgestellt. Sie müssten eine zufällige 64-Bit-Seriennummer haben, es sind aber real nur 63 Bit. Ein Risiko ist praktisch nicht vorhanden, trotzdem müssen die Zertifikate zurückgezogen werden. --------------------------------------------- https://www.golem.de/news/zertifizierungsstellen-millionen-tls-zertifikate-… ∗∗∗ E-Learnings Digitale Sicherheit ∗∗∗ --------------------------------------------- Informationssicherheit hat für die Stadt Wien einen sehr hohen Stellenwert. Deshalb wurde ein aus sechs Modulen aufgebauter Kompakt-Kurs entwickelt, der den bewussten Umgang mit dem Thema Informationssicherheit in verschiedenen Lebenssituationen ermöglicht. [...] Am Ende kann man das erlangte Wissen bei einem kurzen Quiz überprüfen. --------------------------------------------- https://digitales.wien.gv.at/site/storyboard-e-learning/ ∗∗∗ Augen auf beim Online-Gebrauchtwagenkauf ∗∗∗ --------------------------------------------- Konsument/innen, die im Internet nach Gebrauchtwagen suchen, müssen sich vor folgender Betrugsmasche in Acht nehmen: Laut Verkaufsanzeigen befindet sich das Auto in Österreich. Später wird behauptet, dass es mittlerweile im Ausland ist und daher keine Besichtigung möglich ist. Bezahlung und Lieferung sollen versichert über erfundene Transport- und Zahlungsdienstleister erfolgen. Überwiesene Beträge sind verloren und die kommen nie an. --------------------------------------------- https://www.watchlist-internet.at/news/augen-auf-beim-online-gebrauchtwagen… ∗∗∗ Neue PGP-Keys ∗∗∗ --------------------------------------------- Nachdem unsere "alten" PGP-Keys nahe ihres Ablaufdatums sind, haben wir einen Satz neue Keys generiert. Diese sind wie üblich über den CERT.at PGP keyring verfügbar. --------------------------------------------- http://www.cert.at/services/blog/20190313150627-2400.html ===================== = Vulnerabilities = ===================== ∗∗∗ BSRT 2019 -001 Vulnerability in Management System Impacts BlackBerry AtHoc ∗∗∗ --------------------------------------------- This advisory addresses an XML External Entity Injection (XXE) vulnerability in the Management System (console) of affected versions of BlackBerry AtHoc that could potentially allow a successful attacker to read arbitrary local files from the application server or make requests on the network. BlackBerry is not aware of any exploitation of this vulnerability. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ WordPress 5.1.1 Security and Maintenance Release ∗∗∗ --------------------------------------------- WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. --------------------------------------------- https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance… ∗∗∗ Microsoft March 2019 Patch Tuesday ∗∗∗ --------------------------------------------- This month we got patches for 64 vulnerabilities. Two of them have been exploited and four have been made public before today. Both exploited vulnerabilities (CVE-2019-0808 and CVE-2019-0797) affects win32k component on multiple Windows versions, from Windows 7 to 2019, and may lead to privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. --------------------------------------------- https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/ ∗∗∗ March 2019 Office Update Release ∗∗∗ --------------------------------------------- The March 2019 Public Update releases for Office are now available! This month, there are 6 security updates and 28 non-security updates. All of the security and non-security updates are listed in KB article 4491754. A new version of Office 2013 Click-To-Run is available: 15.0.5119.1000 A new version of Office 2010 Click-To-Run is available: 14.0.7230.5000 --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2019/03/12… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libsndfile, systemd, waagent, and xmltooling), Fedora (guacamole-server, postgresql-jdbc, and xen), Oracle (cockpit and kernel), Red Hat (cockpit, docker, kernel-alt, and openssl), SUSE (ceph, java-1_7_0-ibm, java-1_7_1-ibm, openssl-1_0_0, python-azure-agent, python-numpy, and supportutils), and Ubuntu (kernel, php5, and walinuxagent). --------------------------------------------- https://lwn.net/Articles/782926/ ∗∗∗ Vuln: Wibu Systems WibuKey DRM Multiple Input Validation Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107005 ∗∗∗ Cisco Common Services Platform Collector Static Credential Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ ZDI: Hewlett Packard Enterprise Intelligent Management Center Vulnerabilities ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-271/ http://www.zerodayinitiative.com/advisories/ZDI-19-270/ http://www.zerodayinitiative.com/advisories/ZDI-19-269/ http://www.zerodayinitiative.com/advisories/ZDI-19-268/ http://www.zerodayinitiative.com/advisories/ZDI-19-267/ http://www.zerodayinitiative.com/advisories/ZDI-19-266/ http://www.zerodayinitiative.com/advisories/ZDI-19-265/ http://www.zerodayinitiative.com/advisories/ZDI-19-264/ http://www.zerodayinitiative.com/advisories/ZDI-19-263/ http://www.zerodayinitiative.com/advisories/ZDI-19-262/ http://www.zerodayinitiative.com/advisories/ZDI-19-261/ http://www.zerodayinitiative.com/advisories/ZDI-19-260/ http://www.zerodayinitiative.com/advisories/ZDI-19-259/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.03.2019
by Daily end-of-shift report 12 Mar '19

12 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Montag 11-03-2019 18:00 − Dienstag 12-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Serverbetreiber könnte Schweizer Onlinewahlen manipulieren ∗∗∗ --------------------------------------------- Eine schwere Sicherheitslücke im Onlinewahl-Code der Schweizer Post ermöglicht es dem Betreiber einer Wahl, das Ergebnis zu manipulieren. Die Schweizer Post weiß angeblich schon seit 2017 von dem Problem, der Hersteller hat es jedoch versäumt, den Fehler zu beheben. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-serverbetreiber-koennte-schweiz… ∗∗∗ Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes ∗∗∗ --------------------------------------------- Microsoft wont be patching the bug, but a proof of concept shows the potential for successful malware implantation. --------------------------------------------- https://threatpost.com/windows-bug-spoof-dialog-boxes/142711/ ∗∗∗ Identitätsdiebstahl durch Stellenangebote auf ebay Kleinanzeigen ∗∗∗ --------------------------------------------- Wer auf ebay Kleinanzeigen oder ähnlichen Portalen nach Jobs sucht, muss sich vor betrügerischen Angeboten in Acht nehmen. Gute Bezahlung und Arbeit von zu Hause locken zahlreiche Interessent/innen an. So geschehen auch bei der angeblichen CEBIT GmbH: Jobsuchende, die sich hier bewerben und die geforderten Unterlagen versenden, werden Opfer eines Identitätsdiebstahls und eröffnen im Extremfall Bankkonten im eigenen Namen, die später missbraucht werden. --------------------------------------------- https://www.watchlist-internet.at/news/identitaetsdiebstahl-durch-stellenan… ∗∗∗ WordPress shopping sites under attack ∗∗∗ --------------------------------------------- Hackers using cross-site scripting (XSS) flaw in abandoned cart plugin to take over vulnerable sites. --------------------------------------------- https://www.zdnet.com/article/wordpress-shopping-sites-under-attack/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Digital Editions (APSB19-16) and Adobe Photoshop CC (APSB19-15). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided "AS IS" with no warranties [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1724 ∗∗∗ Siemens Security Advisories ∗∗∗ --------------------------------------------- New: SSA-557804: Mirror Port Isolation Vulnerability in SCALANCE X switches Updated: SSA-168644: Spectre and Meltdown Vulnerabilities in Industrial Products SSA-170881: Vulnerabilities in SINUMERIK Controllers SSA-203306: Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families SSA-254686: Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products SSA-346262: Denial-of-Service in Industrial Products SSA-348629: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software SSA-584286: Denial-of-Service Vulnerability in SIMATIC S7-1200 CPU and SIMATIC S7-1500 CPU SSA-824231: Unauthenticated Firmware Upload Vulnerability in Desigo PX Controllers SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP --------------------------------------------- https://new.siemens.com/global/en/products/services/cert.html ∗∗∗ SAP Security Patch Day - March 2019 ∗∗∗ --------------------------------------------- On 12th of March 2019, SAP Security Patch Day saw the release of 9 Security Notes. Additionally, there were 3 updates to previously released security notes. We would like to inform that the vulnerability fixed by security note 2764283 is expected to be presented by a researcher at a security conference in March 2019. Therefore, we recommend our Customers to apply the SAP Security Note on priority. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 ∗∗∗ BIG-IP Configuration utility vulnerability CVE-2019-6598 ∗∗∗ --------------------------------------------- BIG-IP Configuration utility vulnerability CVE-2019-6598 Security Advisory Security Advisory Description Malformed requests to the Traffic Management User Interface (TMUI), also referred to as the [...] --------------------------------------------- https://support.f5.com/csp/article/K44603900 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (pacman), CentOS (java-1.7.0-openjdk), Debian (zabbix), Fedora (kernel-headers), openSUSE (libcomps), Oracle (kernel), Red Hat (chromium-browser), SUSE (ovmf and qemu), and Ubuntu (tiff). --------------------------------------------- https://lwn.net/Articles/782842/ ∗∗∗ [20190301] - Core - XSS in com_config JSON handler ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/JvJtucwH0Xs/772-20190301-c… ∗∗∗ [20190304] - Core - Missing ACL check in sample data plugins ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/yevVdAyNRRI/775-20190304-c… ∗∗∗ [20190303] - Core - XSS in media form field ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/-7y5ceiY85g/774-20190303-c… ∗∗∗ [20190302] - Core - XSS in item_title layout ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/uD680RYCbkk/773-20190302-c… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a code execution vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Storage – GlusterFS and Minio ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kiali Istio addon ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Certificate Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerability in Kerberos affects Power Hardware Management Console ( CVE-2018-5730 CVE-2018-5729) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-kerb… ∗∗∗ IBM Security Bulletin: Vulnerability in GnuTLS affects Power Hardware Management Console ( CVE-2018-10845 CVE-2018-10844) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-gnut… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects Power Hardware Management Console ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Rational Engineering Lifecycle Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple Cross-site scripting vulnerabilities affect IBM® Rational® Team Concert ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-cross-site-s… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Rational® Quality Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.03.2019
by Daily end-of-shift report 11 Mar '19

11 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 08-03-2019 18:00 − Montag 11-03-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ E-Mail-Marketing: Datenbank mit 800 Millionen E-Mail-Adressen online ∗∗∗ --------------------------------------------- Wozu sammelt ein völlig unbekanntes Unternehmen Hunderte Millionen E-Mail-Adressen und weitere Nutzerdaten? Dahinter steckt eine Dienstleistung, die für Spammer nützlich ist. --------------------------------------------- https://www.golem.de/news/e-mail-marketing-datenbank-mit-800-millionen-e-ma… ∗∗∗ Free decrypters for BigBobRoss ransomware released ∗∗∗ --------------------------------------------- Here’s some good news for users whose files have been encrypted by the BigBobRoss ransomware: both Avast and Emsisoft have released decrypters. How do you know that you've been hit with BigBobRoss? The ransomware gets its name from the email address included in the ransom note, which comes in a file named Read Me.txt. Another indication that the user's files have been encrypted by this particular malware is the .obfuscated extension added to the encrypted [...] --------------------------------------------- https://www.helpnetsecurity.com/2019/03/11/decrypt-bigbobross-ransomware/ ∗∗∗ A quick lesson in confirmation bias ∗∗∗ --------------------------------------------- In my experience, hacking investigations are driven by ignorance and confirmation bias. We regularly see things we cannot explain. We respond by coming up with a story where our pet theory explains it. Since there is no alternative explanation, this then becomes evidence of our theory, where this otherwise inexplicable thing becomes proof.For example, take that "Trump-AlfaBank" theory. One of the oddities noted by researchers is lookups for [...] --------------------------------------------- https://blog.erratasec.com/2019/03/a-quick-lesson-in-confirmation-bias.html ∗∗∗ Vorsicht vor überteuerten Einreisegenehmigungen und E-Visa ∗∗∗ --------------------------------------------- Momentan stecken viele Konsument/innen mitten in der Planung ihrer nächsten Reise. Bei einigen Urlaubszielen, beispielsweise den USA, Kanada, der Türkei oder Ägypten, ist die Beantragung eines E-Visums oder einer Einreisegenehmigung vorab notwendig. Hierbei ist Vorsicht geboten, denn neben den offiziellen behördlichen Websites sind auch zahlreiche Dienstleister im Internet zu finden, die für die gleiche Leistung stark überhöhte Gebühren verrechnen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-ueberteuerten-einreiseg… ∗∗∗ The Hitchhiker's Guide To Initial Access ∗∗∗ --------------------------------------------- Abusing Bias - Part 2 --------------------------------------------- https://posts.specterops.io/the-hitchhikers-guide-to-initial-access-57b66aa… ===================== = Vulnerabilities = ===================== ∗∗∗ NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution ∗∗∗ --------------------------------------------- BEopt suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (sdl2.dll and libegl.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file .BEopt located on a remote WebDAV or SMB share. --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5513.php ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (polkit), Debian (chromium, openjpeg2, php7.0, poppler, and symfony), Fedora (evolution, kernel, and kernel-headers), Gentoo (curl, firefox, keepalived, rdesktop, systemd, tar, wget, and zsh), openSUSE (gdm and hiawatha), Slackware (ntp), SUSE (audit, containerd, docker, docker-runc, golang-github-docker-libnetwork, runc, file, java-1_8_0-openjdk, mariadb, openssl-1_0_0, and sssd), and Ubuntu (poppler). --------------------------------------------- https://lwn.net/Articles/782780/ ∗∗∗ Vuln: NTP CVE-2019-8936 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107337 ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Metering ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities have been identified in FasterXML Jackson library shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-1000873) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Service Catalog ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ glibc vulnerability CVE-2016-10739 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35040315 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.03.2019
by Daily end-of-shift report 08 Mar '19

08 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-03-2019 18:00 − Freitag 08-03-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Serious Security: When randomness isn’t – and why it matters ∗∗∗ --------------------------------------------- The password ji32k7au4a83 looks pretty random and feels as though it should be unique - read this article to find out why its neither! --------------------------------------------- https://nakedsecurity.sophos.com/2019/03/08/serious-security-when-randomnes… ∗∗∗ Google warnt vor Zero-Day-Lücke in Windows 7 ∗∗∗ --------------------------------------------- Angreifer nutzten eine Kombination aus Lücken in Chrome und Windows 7, um Rechner mit Spionage-Software zu infizieren. Nur eine von beiden ist geschlossen. --------------------------------------------- http://heise.de/-4329796 ∗∗∗ Jetzt updaten: Kritische Lücke in Apache Solr ∗∗∗ --------------------------------------------- Einige Versionen der Open-Source-Suchplattform Solr weisen ein mögliches Einfallstor für entfernte Angreifer auf. Updates sind verfügbar. --------------------------------------------- http://heise.de/-4329895 ∗∗∗ From Fake Updates to Unwanted Redirects ∗∗∗ --------------------------------------------- At the end of February, we wrote about a massive wave of site infections that pushed fake browser updates. In the beginning of March, the attack evolved into redirecting site visitors to sketchy ad URLs. --------------------------------------------- http://labs.sucuri.net/?note=2019-03-08 ∗∗∗ Smart unhackable car alarms open the doors of 3 million vehicles to hackers ∗∗∗ --------------------------------------------- The moment you call a product "unhackable" you are asking for trouble. --------------------------------------------- https://www.zdnet.com/article/smart-car-alarms-opened-the-doors-of-3-millio… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2019-02: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- March 08, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. --------------------------------------------- https://community.otrs.com/security-advisory-2019-02-security-update-for-ot… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (php-typo3-phar-stream-wrapper2), Mageia (gnutls, nagios, openssl, and python-gnupg), openSUSE (apache2, ceph, chromium, openssh, and webkit2gtk3), and Ubuntu (nvidia-graphics-drivers-390). --------------------------------------------- https://lwn.net/Articles/782653/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2019 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-12547 and CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-ident… ∗∗∗ IBM Security Bulletin: FileNet CMIS (FNCMIS) leveraging Spring Framework is vulnerable to a denial of service caused by improper handling of range request by the ResourceHttpRequestHandler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-filenet-cmis-fncmis-l… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Vulnerability Advisor Kafka and Notification Dispatcher ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private MongoDB ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Logging ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ could allow a local user to inject code that could be executed with root privileges. (CVE-2018-1998) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-could-allow-a-… ∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack when using multiplexed channels (CVE-2018-1974) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-… ∗∗∗ IBM Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2018-1922, CVE-2018-1923, CVE-2018-1978, CVE-2018-1980, CVE-2019-4015, CVE-2019-4016). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-buffer-overf… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.03.2019
by Daily end-of-shift report 07 Mar '19

07 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-03-2019 18:00 − Donnerstag 07-03-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Emotet: Eine Übersicht über die Schadsoftware ∗∗∗ --------------------------------------------- Emotet ist bereits 2014 entdeckt worden, unterscheidet sich allerdings in vielen Facetten von anderer Schadsoftware. An dieser Stelle fassen wir die Facetten und Eigenschaften zusammen, die diese Schadsoftware so besonders macht und geben eine kurze Übersicht, wie man sich schützen kann. --------------------------------------------- https://www.dfn-cert.de/aktuell/emotet-beschreibung.html ∗∗∗ Financial Cyberthreats in 2018 ∗∗∗ --------------------------------------------- The presented report continues the series of Kaspersky Lab reports that provide an overview of how the financial threat landscape has evolved over the years. It covers the common phishing threats that users encounter, along with Windows-based and Android-based financial malware. --------------------------------------------- https://securelist.com/financial-cyberthreats-in-2018/89788/ ∗∗∗ Keine Schnäppchen bei cws-elektro.com ∗∗∗ --------------------------------------------- Bei cws-elektro.com finden Konsument/innen jegliche Elektroartikel zu teils günstigeren Preisen als bei anderen Händler/innen. Der Online-Shop ist jedoch nicht seriös. Berichten zufolge bleibt eine Lieferung aus. Sie verlieren Ihr Geld. --------------------------------------------- https://www.watchlist-internet.at/news/keine-schnaeppchen-bei-cws-elektroco… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-19-257: (0Day) Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-257/ ∗∗∗ Weak Configuration File Encryption in AVAYA One-X communicator ∗∗∗ --------------------------------------------- SEC Consult found a vulnerability within the encryption process used for configuration files of the Avaya One-X communicator. Being able to encrypt arbitrary plaintext by abusing the client, it was possible to decrypt sensitive passwords stored in configuration files. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/weak-configuration-file-encr… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (amavisd-new, apache2, and containerd, docker, docker-runc,), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), and Ubuntu (linux, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, linux-azure, and php5, php7.0). --------------------------------------------- https://lwn.net/Articles/782572/ ∗∗∗ xpdf: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- Mit Xpdf können PDF-Dokumente betrachtet werden. Dieser PDF-Betrachter ist zudem auch für Microsoft Windows verfügbar. Ein lokaler Angreifer kann mehrere Schwachstellen in xpdf ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0193 ∗∗∗ Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a Denial of Service vulnerability in Kubernetes API server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: API Connect is affected by an information disclosure vulnerability in the consumer API (CVE-2018-2009) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-affect… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Apache Tomcat Publicly disclosed vulnerability (CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Publicly disclosed Samba vulnerabilities (CVE-2018-10858, CVE-2018-1139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for PHP (CVE-2018-19518) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability from GNU glibc (CVE-2018-11237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affects Optim Data Growth, Test Data Management and Application Retirement ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.03.2019
by Daily end-of-shift report 06 Mar '19

06 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-03-2019 18:00 − Mittwoch 06-03-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ FIRST releases DDoS mitigation training course ∗∗∗ --------------------------------------------- The Forum of Incident Response and Security Teams (FIRST), which brings together incident responders from around the world, invested in the creation of a new training course “DDoS Mitigation Fundamentals”. Authored by Krassimir T. Tzvetanov, a recognized expert in the field, the training teaches incident responders to handle attacks and securing their organisations. --------------------------------------------- https://www.first.org/newsroom/releases/20190305 ∗∗∗ Sicherheitsupdate: Chrome-Schwachstelle wird aktiv genutzt ∗∗∗ --------------------------------------------- Google hat in Chrome eine Sicherheitslücke behoben, die offenbar bereits aktiv ausgenutzt wird. Details gibt es bislang wenige, aber alle Nutzer von Chrome und dessen Derivaten sollten schnellstmöglich ihren Browser aktualisieren. (Chrome, Google) --------------------------------------------- https://www.golem.de/news/sicherheitsupdate-chrome-schwachstelle-wird-aktiv… ∗∗∗ Spotlight on Troldesh ransomware, aka ‘Shade’ ∗∗∗ --------------------------------------------- Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows its been successful against businesses in the first few months of 2019.Categories: MalwareThreat analysisTags: decryptordecryptorsransom.troldeshransomwareransomware remediationshadethreat spotlightTroldesh(Read more...)The post Spotlight on Troldesh ransomware, aka ‘Shade’ appeared first on Malwarebytes Labs. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2019/03/spotlight-troldesh-ra… ∗∗∗ Phishing-Versuch durch gefälschte Bawag-Sicherheits-App ∗∗∗ --------------------------------------------- Zahlreiche Konsument/innen melden eine gefälschte Bawag P.S.K. Mail an uns. Kriminelle versuchen darin, potenzielle Opfer zur Installation einer vermeintlichen Sicherheits-App zu bewegen. Die Applikation darf nicht installiert werden, denn ansonsten gelangen die Kriminellen an die Online-Banking-Daten Ihrer Opfer und es kann zu großen finanziellen Schäden kommen. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-versuch-durch-gefaelschte-b… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: SAP NetWeaver J2EE Engine CVE-2018-17861 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. SAP NetWeaver J2EE Engine 7.01 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/107269 ∗∗∗ Vuln: NetApp SnapCenter CVE-2017-15515 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, gain sensitive information, cause denial-of-service conditions and launch other attacks. NetApp SnapCenter prior to 4.0 is vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/107272 ∗∗∗ Vuln: Apache Mesos CVE-2018-11793 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. Apache Mesos version 1.4.0 through 1.7.0 are vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/107281 ∗∗∗ Default Privileged Account Vulnerability in the NetApp Service Processor (CVE-2019-5490) ∗∗∗ --------------------------------------------- Certain versions of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. --------------------------------------------- https://security.netapp.com/advisory/ntap-20190305-0001/ ∗∗∗ OpenSSL Security Advisory: ChaCha20-Poly1305 with long nonces (CVE-2019-1543) ∗∗∗ --------------------------------------------- Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. --------------------------------------------- https://www.openssl.org/news/secadv/20190306.txt ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.7.0-openjdk and java-11-openjdk), Debian (mumble and sox), Fedora (drupal7, drupal7-link, firefox, gpsd, ignition, ming, php-erusev-parsedown, and php-Smarty), openSUSE (hiawatha, python, and supportutils), Oracle (java-1.7.0-openjdk), Red Hat (java-1.7.0-openjdk), Scientific Linux (java-1.7.0-openjdk), and Ubuntu (linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 and linux-hwe, linux-aws-hwe, linux-azure, --------------------------------------------- https://lwn.net/Articles/782462/ ∗∗∗ Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software ∗∗∗ --------------------------------------------- Patches released by Rockwell Automation for its RSLinx Classic software address a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly for remote code execution. --------------------------------------------- https://www.securityweek.com/rockwell-automation-patches-critical-dosrce-fl… ∗∗∗ PEPPERL+FUCHS Path traversal in WirelessHART Gateway ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-002 ∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Image Signature Verification Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Netstack Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software NX-API Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Action Recommended to Secure the Cisco Nexus PowerOn Auto Provisioning Feature ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by arbitrary PHP code execution vulnerability in Drupal (CVE-2019-6340) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a critical vulnerability in Kubernetes via runc (CVE-2019-5736) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to publicly disclosed vulnerabilities from OpenSSL (CVE-2018-0739, CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.03.2019
by Daily end-of-shift report 05 Mar '19

05 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Montag 04-03-2019 18:00 − Dienstag 05-03-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes ∗∗∗ --------------------------------------------- The flaw allows attackers to hide exploits in weaponized Word documents in a way that won’t trigger most antivirus solutions, the researchers said. In a recent spam campaign observed by Mimecast, attached Word attachments contained a hidden exploit for an older vulnerability in Microsoft Equation Editor (CVE-2017-11882). --------------------------------------------- https://threatpost.com/zero-day-exploit-microsoft/142327/ ∗∗∗ SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability ∗∗∗ --------------------------------------------- Leakage ... is visible in all Intel generations starting from 1st-gen Intel Core CPUs Further demonstrating the computational risks of looking into the future, boffins have found another way to abuse speculative execution in Intel CPUs to leak secrets and other data from running applications.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/03/05/spoiler_int… ∗∗∗ Keine Alibis und Urkundenfälschungen auf dokumenten-guru.de bestellen! ∗∗∗ --------------------------------------------- Auf dokumenten-guru.de finden Konsument/innen ein höchst zwielichtiges Angebot. Gegen Zahlung per Vorkasse werden gefälschte Alibis, Scheinrechnungen, Dokumente sowie die Fälschung von Zeugnissen und Zertifikaten angeboten. Die Dienste sollten auf keinen Fall in Anspruch genommen werden, denn während Lieferungen Erfahrungsberichten zufolge ohnedies ausbleiben, machen sich Konsument/innen durch die Nutzung gefälschter Urkunden und Zeugnisse strafbar! --------------------------------------------- https://www.watchlist-internet.at/news/keine-alibis-und-urkundenfaelschunge… ∗∗∗ Keine Dienste von installateur-24.info nutzen ∗∗∗ --------------------------------------------- Bei der Google-Suche nach Installateursunternehmen stoßen Konsument/innen auf installateur-24.info. Die Betreiber/innen der Seite werben mit einem rund um die Uhr Notservice, fairen Preisen und viel Erfahrung. Wer die Dienste in Anspruch nimmt, wird böse überrascht, denn die Preise fallen extrem hoch aus und die erbrachten Leistungen lassen zu wünschen übrig. --------------------------------------------- https://www.watchlist-internet.at/news/keine-dienste-von-installateur-24inf… ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - March 2019 ∗∗∗ --------------------------------------------- [...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-03-01.html ∗∗∗ VMSA-2018-0023 ∗∗∗ --------------------------------------------- The AirWatch Agent for iOS devices contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted. The VMware Content Locker for iOS devices contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0023.html ∗∗∗ Xen XSA-294 ∗∗∗ --------------------------------------------- Malicious 64bit PV guests may be able to cause a host crash (Denial of Service). Additionally, vulnerable configurations are unstable even in the absence of an attack. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-294.html ∗∗∗ Xen XSA-293 ∗∗∗ --------------------------------------------- A malicious unprivileged guest userspace process can escalate its privilege to that of other userspace processes in the same guest, and potentially thereby to that of the guest operating system. Additionally, some guest software which attempts to use this CPU feature may trigger the bug accidentally, leading to crashes or corruption of other processes in the same guest. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-293.html ∗∗∗ Xen XSA-292 ∗∗∗ --------------------------------------------- Malicious PV guests may be able to cause a host crash (Denial of Service) or to gain access to data pertaining to other guests. Privilege escalation opportunities cannot be ruled out. Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-292.html ∗∗∗ Xen XSA-291 ∗∗∗ --------------------------------------------- Malicious or buggy x86 PV guest kernels can mount a Denial of Service (DoS) attack affecting the whole system. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-291.html ∗∗∗ Xen XSA-290 ∗∗∗ --------------------------------------------- Malicious or buggy x86 PV guest kernels can mount a Denial of Service (DoS) attack affecting the whole system. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-290.html ∗∗∗ Xen XSA-288 ∗∗∗ --------------------------------------------- An untrusted PV domain with access to a physical device can DMA into its own pagetables, leading to privilege escalation. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-288.html ∗∗∗ Xen XSA-287 ∗∗∗ --------------------------------------------- A single PV guest can leak arbitrary amounts of memory, leading to a denial of service. A cooperating pair of PV and HVM/PVH guests can get a writable pagetable entry, leading to information disclosure or privilege escalation. Privilege escalation attacks using only a single PV guest or a pair of PV guests have not been ruled out. Note that both of these attacks require very precise timing, which may be difficult to exploit in practice. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-287.html ∗∗∗ Xen XSA-285 ∗∗∗ --------------------------------------------- Malicious PV guests can escalate their privilege to that of the hypervisor. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-285.html ∗∗∗ Xen XSA-284 ∗∗∗ --------------------------------------------- The primary impact is a memory leak. Malicious or buggy guests with passed through PCI devices may also be able to escalate their privileges, crash the host, or access data belonging to other guests. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-284.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nss), openSUSE (procps), Red Hat (redhat-virtualization-host, rhvm-appliance, and vdsm), SUSE (freerdp, kernel, and obs-service-tar_scm), and Ubuntu (openssh). --------------------------------------------- https://lwn.net/Articles/781363/ ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190305-… ∗∗∗ IBM Security Bulletin: A vulnerability in Spice affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-sp… ∗∗∗ IBM Security Bulletin: A vulnerability in Polkit affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-po… ∗∗∗ IBM Security Bulletin: A vulnerability in Bind affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-bi… ∗∗∗ IBM Security Bulletin: Vulnerabiliies in systemd affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-sys… ∗∗∗ IBM Security Bulletin: A vulnerability in Perl affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-pe… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4030) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: A vulnerability in keepalived affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ke… ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ IBM Security Bulletin: Vulnerabiliies in libmspack affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-lib… ∗∗∗ IBM Security Bulletin: A vulnerability in NetworkManager affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ne… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.03.2019
by Daily end-of-shift report 04 Mar '19

04 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-03-2019 18:00 − Montag 04-03-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ The Overlooked Security Threat of Sign-In Kiosks ∗∗∗ --------------------------------------------- New research from IBM shows that several visitor management systems had a rash of vulnerabilities. --------------------------------------------- https://www.wired.com/story/visitor-management-system-vulnerabilities ∗∗∗ Cisco-Router: Forscher melden Hinweise auf aktive Angriffe ∗∗∗ --------------------------------------------- Eine vergangene Woche gepatchte Sicherheitslücke in mehreren Cisco-Geräten scheint nun aktiv von Angreifern ausgenutzt zu werden. Nutzer sollten zügig handeln. --------------------------------------------- http://heise.de/-4325072 ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Adobe veröffentlicht Sicherheitsupdate für Coldfusion ∗∗∗ --------------------------------------------- Adobe hat für die Coldfusion-Versionen 11, 2016 und 2018 ein wichtiges Sicherheitsupdate veröffentlicht. Anwender sollten es möglichst schnell installieren. Der Grund sind laufende Angriffe. (Adobe, Sicherheitslücke) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-adobe-veroeffentlicht-sicherhei… ∗∗∗ Frist verstrichen: Google enthüllt ungepatchte Schwachstelle im macOS-Kernel ∗∗∗ --------------------------------------------- Apple hat einen Bug in XNU nach 90 Tagen nicht beseitigt, nun wurden Details veröffentlicht. Googles Project Zero stuft die Schwere der Lücke als "hoch" ein. --------------------------------------------- http://heise.de/-4325636 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, file, gdm, lib32-openssl-1.0, openssl-1.0, and pcre), Debian (advancecomp, ceph, jackson-databind, openssh, and openssl), Fedora (community-mysql, distcc, freerdp, gdm, gnome-boxes, libexif, openocd, pidgin-sipe, remmina, SDL, and xpdf), openSUSE (kernel-firmware and php5), Oracle (java-1.8.0-openjdk and java-11-openjdk), Slackware (infozip and python), and SUSE (caasp-container-manifests, changelog-generator-data-sles12sp3-velum, --------------------------------------------- https://lwn.net/Articles/781243/ ∗∗∗ Vuln: EMC RSA Authentication Manager CVE-2019-3711 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107210 ∗∗∗ IBM Security Bulletin: Potential WebSphere Application Server weakness in security affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1996) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-websphere-a… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by a jackson-core open source library vulnerability (CVE-2018-0125) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-change… ∗∗∗ IBM Security Bulletin: InfoSphere Data Replication is affected by a Guava open source library vulnerability (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-infosphere-data-repli… ∗∗∗ IBM Security Bulletin: OpenSSL DSA signature algorithm security vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-dsa-signature… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-privilege-escalation-… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-change… ∗∗∗ IBM Security Bulletin: IBM Cloud Private middleware is vulnerable to attack from redirect calls ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-mid… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – CVE-2018-1938 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – CVE-2018-1937 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in runc ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ HPESBHF03913 rev.1 - HPE OneSphere, Container Breakout ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.03.2019
by Daily end-of-shift report 01 Mar '19

01 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-02-2019 18:00 − Freitag 01-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Netzwerkanalyse: Wireshark 3.0 nutzt Paketsniffer von Nmap ∗∗∗ --------------------------------------------- Die aktuelle Version 3.0 des Werkzeugs zur Netzwerkanalyse, Wireshark, nutzt unter Windows den proprietären Paketsniffer von Nmap. Das Projekt entfernt außerdem alte Abhängigkeiten und unterstützt einige 5G-Protokolle. --------------------------------------------- https://www.golem.de/news/netzwerkanalyse-wireshark-3-0-nutzt-paketsniffer-… ∗∗∗ eBay-Phishing auf eBay-Seite ∗∗∗ --------------------------------------------- Betrügern ist es gelungen, eine gefälschte Login-Seite auf einem SSL-gesicherten eBay-Server abzulegen. Der Phishing-Versuch ist für Nutzer schwer erkennbar. --------------------------------------------- http://heise.de/-4324266 ∗∗∗ A Case Study in Wagging the Dog: Computer Takeover ∗∗∗ --------------------------------------------- Last month, Elad Shamir released a phenomenal, in depth post on abusing resource-based constrained delegation (RBCD) in Active Directory. One of the big points he discusses is that if the TrustedToAuthForDelegation UserAccountControl flag is not set, the S4U2self process will still work but the resulting TGS is not FORWARDABLE. This resulting service ticket will fail for traditional constrained delegation, but will still work in the S4U2proxy process for resource-based constrained delegation. --------------------------------------------- https://posts.specterops.io/a-case-study-in-wagging-the-dog-computer-takeov… ∗∗∗ Finding Perpetrators behind DDoS Attacks ∗∗∗ --------------------------------------------- Reflective Amplification Denial-of-Service attacks continue to be a serious threat.We measured roughly 10,000 attacks per day in a post last year, and the numbers have not gone down since:In the first two months of 2019 our honeypot network already saw [...] --------------------------------------------- https://sissden.eu/blog/finding-perpetrators-behind-ddos-attacks ===================== = Vulnerabilities = ===================== ∗∗∗ PSI GridConnect Telecontrol ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in PSI GridConnects Telecontrol compact DIN rail device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-059-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9, file, ikiwiki, ldb, openssl1.0, php7.0, uw-imap, and wordpress), Fedora (ansible, file, flatpak, kernel, kernel-headers, and python-django), openSUSE (kernel and systemd), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (openssl-1_1 and webkit2gtk3), and Ubuntu (libgd2). --------------------------------------------- https://lwn.net/Articles/781083/ ∗∗∗ IBM Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4063) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential SQL Injection vulnerability (CVE-2019-4032) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Multiple Cross-Site Scripting Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4027, CVE-2019-4028, CVE-2019-4029) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-cross-site-s… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – Node.js ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is affected by an Improper Access Control vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-govern… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is vulnerable to an Open Redirection vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-govern… ∗∗∗ IBM Security Bulletin: IBM Security Identity Adapters affected by OpenSSL RSA Key vulnerability (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM Java SDK ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM WebSphere Liberty Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.02.2019
by Daily end-of-shift report 28 Feb '19

28 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-02-2019 18:00 − Donnerstag 28-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ ENISA makes recommendations on EU-wide election cybersecurity ∗∗∗ --------------------------------------------- In the context of the upcoming elections for the European Parliament, today the EU Agency for Cybersecurity ENISA publishes an opinion paper on the cybersecurity of elections and provides concrete and forward-looking recommendations to improve the cybersecurity of electoral processes in the EU. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-makes-recommendations-on-… ∗∗∗ Schluss mit Krypto-Mining im Browser: Coinhive stellt Betrieb ein ∗∗∗ --------------------------------------------- Webseitenbesucher mehr oder minder freiwillig Kryptogeld schürfen lassen lohnt wohl nicht mehr: Der Krypto-Mining-Dienst Coinhive gibt auf. --------------------------------------------- http://heise.de/-4322936 ∗∗∗ Vorsicht beim Kauf von Konzertkarten über Facebook ∗∗∗ --------------------------------------------- Konsument/innen finden auf den Facebookseiten unterschiedlichster Konzerte und Events Ticket-Verkaufsangebote von Privatpersonen. Wer die Tickets kaufen möchte, tritt häufig in Kontakt mit Kriminellen, die Fake-Profile nutzen. Das Geld soll ins Ausland überwiesen werden, die Konzertkarten existieren nicht und die Nutzer/innenkonten der Betroffenen werden später für die gleiche Betrugsmasche missbraucht. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-beim-kauf-von-konzertkarten… ∗∗∗ perfect-housekeeping.store und hauslinie.store sind Fake-Shops ∗∗∗ --------------------------------------------- Auf der Suche nach günstigen Haushaltsgeräten stoßen Sie womöglich auf perfect-housekeeping.store oder hauslinie.store. Kaffeemaschinen, Kühlschränke, Waschmaschinen und Co können dort deutlich günstiger als in anderen Shops erworben werden. Wir raten von einer Bestellung ab, denn die Ware kann ausschließlich vorab bezahlt werden. Geliefert wird jedoch nie! --------------------------------------------- https://www.watchlist-internet.at/news/perfect-housekeepingstore-und-hausli… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gpac, qemu, and sox), openSUSE (libqt5-qtbase), Red Hat (java-1.8.0-openjdk and java-11-openjdk), SUSE (bluez), and Ubuntu (nss and openssl, openssl1.0). --------------------------------------------- https://lwn.net/Articles/780960/ ∗∗∗ ZDI-19-230: (0day) Advantech WebAccess Node tv_enua Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-230/ ∗∗∗ ZDI-19-229: (0day) Advantech WebAccess Node spchapi Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-229/ ∗∗∗ ZDI-19-228: (0day) Microsoft Visual Studio settings XML External Entity Processing Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-228/ ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190228-… ∗∗∗ IBM Security Bulletin: IBM Cloud Private is affected by an issue with runc used by Docker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-is-… ∗∗∗ IBM Security Bulletin: Kernel Buffer Overflow in IBM Security Trusteer Rapport for MacOS (CVE-2018-1985) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-kernel-buffer-overflo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.02.2019
by Daily end-of-shift report 27 Feb '19

27 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 26-02-2019 18:00 − Mittwoch 27-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Google Analytics and Angular in Magento Credit Card Stealing Scripts ∗∗∗ --------------------------------------------- Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners. The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js, js/meigee/jquery.min.js, and js/varien/js.js. The obfuscated code loads another script from www.google-analytics[.]cm/analytics.js. Continue reading --------------------------------------------- https://blog.sucuri.net/2019/02/google-analytics-and-angular-in-magento-cre… ∗∗∗ Top ten most popular docker images each contain at least 30 vulnerabilities ∗∗∗ --------------------------------------------- [...] The findings show that in every docker image we scanned, we found vulnerable versions of system libraries. The official Node.js image ships 580 vulnerable system libraries, followed by the others each of which ship at least 30 publicly known vulnerabilities. --------------------------------------------- https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-lea… ∗∗∗ Thunderclap: Macs und PCs anfällig für bösartige Thunderbolt-Peripherie ∗∗∗ --------------------------------------------- Bestehende Schutzmechanismen reichen laut Sicherheitsforschern nicht aus, um Angriffe über USB-C-Peripherie abzuwehren. --------------------------------------------- http://heise.de/-4321946 ∗∗∗ Chrome Zero-Day Exploited to Harvest User Data via PDF Files ∗∗∗ --------------------------------------------- Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google’s web browser. read more --------------------------------------------- https://www.securityweek.com/chrome-zero-day-exploited-harvest-user-data-pd… ∗∗∗ Ärger mit vermeintlich kostenlosen Bestellungen! ∗∗∗ --------------------------------------------- Zahlreiche Konsument/innen beschweren sich über Online-Shops wie vermano.de, vimabel.de, deinschmuckladen.com oder lieblings-mensch.com bei uns. Diese werben mit kostenlosen Produkten, für die lediglich Versandkosten anfallen. Die Bestellungen können viel Ärger mit sich bringen. So sind die sie beispielsweise minderwertig, kommen nicht an, führen zu hohen Mahngebühren oder Rücktritte sind nicht möglich. Wir raten von Einkäufen ab. --------------------------------------------- https://www.watchlist-internet.at/news/aerger-mit-vermeintlich-kostenlosen-… ===================== = Vulnerabilities = ===================== ∗∗∗ Moxa IKS, EDS ∗∗∗ --------------------------------------------- This advisory includes mitigations for classic buffer overflow, cross-site request forgery, cross-site scripting, improper access controls, improper restriction of excessive authentication attempts, missing encryption of sensitive data, out-of-bounds read, unprotected storage of credentials, predictable from observable state, and uncontrolled resource consumption vulnerabilities reported in the Moxa IKS and EDS industrial switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 ∗∗∗ Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (elasticsearch and logstash), CentOS (java-1.8.0-openjdk, kernel, and polkit), Debian (chromium, exiv2, and phpmyadmin), Fedora (java-1.8.0-openjdk-aarch32 and mgetty), openSUSE (docker-runc, gvfs, qemu, systemd, and thunderbird), Oracle (java-1.8.0-openjdk, kernel, and polkit), Red Hat (polkit), Scientific Linux (java-1.8.0-openjdk, kernel, and polkit), Slackware (openssl), SUSE (amavisd-new, apache2, ceph, containerd, docker, docker-runc, [...] --------------------------------------------- https://lwn.net/Articles/780859/ ∗∗∗ IBM Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5391) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-the-… ∗∗∗ IBM Security Bulletin: Multiple Samba vulnerabilities affect IBM Spectrum Protect Plus (CVE-2018-1139, CVE-2018-1140, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-samba-vulner… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.02.2019
by Daily end-of-shift report 26 Feb '19

26 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 25-02-2019 18:00 − Dienstag 26-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Studie: Verwundbare Geräte in vier von zehn Heimnetzwerken ∗∗∗ --------------------------------------------- 16 Millionen Heimnetzwerke wurden für eine Studie der Sicherheitsfirma Avast überprüft: In fast jedem zweiten Netzwerk wurden verwundbare Geräte gefunden. Viele Nutzer haben noch nie ihren Router aktualisiert. --------------------------------------------- https://www.golem.de/news/studie-verwundbare-geraete-in-vier-von-zehn-heimn… ∗∗∗ BSI warnt vor IT-Geräten mit vorinstallierter Schadsoftware ∗∗∗ --------------------------------------------- Auf Tablets und Smartphones, die über Online-Plattformen auch in Deutschland gekauft werden können, kann sich vorinstallierte Schadsoftware befinden. Das hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) zunächst an einem Tablet nachgewiesen. Das BSI warnt vor dem Einsatz dieses Geräts auf Grundlage von §7 des BSI-Gesetzes und rät allen Anwenderinnen und Anwendern zu besonderer Vorsicht. Im Zuge der Analyse sind zudem weitere Geräte [...] --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Warnung_vor… ∗∗∗ Sicherheitsupdates: Nvidia schützt Grafikkartentreiber vor Angriffen ∗∗∗ --------------------------------------------- Aktualisierte Treiber für verschiedene Nvidia-Grafikkarten schließen mehrere Sicherheitslücken. --------------------------------------------- http://heise.de/-4320123 ===================== = Vulnerabilities = ===================== ∗∗∗ OpenSSL Security Advisory [26 February 2019] ∗∗∗ --------------------------------------------- 0-byte record padding oracle (CVE-2019-1559) --------------------------------------------- https://www.openssl.org/news/secadv/20190226.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bind, kibana, systemd, and thunderbird), Debian (elfutils and liblivemedia), Fedora (kernel, kernel-headers, kernel-tools, and SDL), openSUSE (dovecot23, firefox, kauth, python-Jinja2, python-numpy, and thunderbird), Red Hat (java-1.8.0-openjdk and kernel), SUSE (python, python-amqp, python-oslo.messaging, python-ovs, python-paramiko, python-psql2mysql, qemu, and supportutils), and Ubuntu (ghostscript, gnome-keyring, and ldb). --------------------------------------------- https://lwn.net/Articles/780769/ ∗∗∗ Vulnerability involving IBM Cloud Baseboard Management Controller (BMC) Firmware ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/vulnerability-involving-ibm-cloud-baseboard… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ Advanced CloudPaks are vulnerable to a denial of service attack within the Systemd package (CVE-2019-6454) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud… ∗∗∗ IBM Security Bulletin: IBM Content Navigator uses a common key to encrypt certain user names and passwords ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: Vulnerability in tcpdump affects AIX (CVE-2018-19519) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-tcpd… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Java SE affect IBM Spectrum Protect Plus (CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214, CVE-2018-13785) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2018-3139. CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerabilities in IBM Spectrum Protect Operations Center (CVE-2018-1854, CVE-2018-1855) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2018-1685, CVE-2018-1710, CVE-2018-1711, CVE-2018-1780, CVE-2018-1781, CVE-2018-1799, CVE-2018-1802, CVE-2018-1834, CVE-2018-1857, CVE-2018-1897) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerab… ∗∗∗ IBM Security Bulletin: Password disclosure via trace log in IBM Spectrum Protect Operations Center (CVE-2018-1769) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-disclosure-v… ∗∗∗ The BIG-IP APM system may log passwords in plaintext when the Debug log level is enabled ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31757417 ∗∗∗ BIG-IP TMM vulnerability CVE-2019-6594 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K91026261 ∗∗∗ BIG-IP APM XSS vulnerability CVE-2019-6595 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31424926 ∗∗∗ TMM SSL profile vulnerability CVE-2019-6592 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54167061 ∗∗∗ BIG-IP APM web pages may be indexed by search engines ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K88126845 ∗∗∗ TMM TLS virtual server vulnerability CVE-2019-6593 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10065173 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.02.2019
by Daily end-of-shift report 25 Feb '19

25 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-02-2019 18:00 − Montag 25-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitslücken: PDF-Signaturen fälschen leicht gemacht ∗∗∗ --------------------------------------------- Signaturen von PDF-Dateien sind offenbar nicht besonders sicher: Einem Forscherteam der Uni Bochum gelang es, die Signaturprüfung in nahezu allen PDF-Programmen auszutricksen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-pdf-signaturen-faelschen-leich… ∗∗∗ How to Use an Audit Log to Practice WordPress Forensics ∗∗∗ --------------------------------------------- User accountability, improved security & forensics, adhering to compliance and easy troubleshooting are just a few of the benefits of keeping an activity log on your WordPress site. --------------------------------------------- https://www.htbridge.com/blog/benefits-activity-logs-wordpress-site.html ∗∗∗ Geldwäsche durch Bewerbung bei nebenverdienst-jobs.de ∗∗∗ --------------------------------------------- Über diverse Job-Plattformen und Inseratsseiten locken Kriminelle Konsument/innen auf nebenverdienst-jobs.de. Job-Suchenden werden hier monatliche Überweisungen für das Eröffnen und Zurverfügungstellen eines Bankkontos versprochen. Interessent/innen dürfen sich keinesfalls bewerben, denn es handelt sich um eine Methode der Geldwäsche, durch die sich Konsument/innen unter Umständen strafbar machen. --------------------------------------------- https://www.watchlist-internet.at/news/geldwaesche-durch-bewerbung-bei-nebe… ∗∗∗ New browser attack lets hackers run bad code even after users leave a web page ∗∗∗ --------------------------------------------- MarioNet attack lets hackers create botnets from users browsers. --------------------------------------------- https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-… ===================== = Vulnerabilities = ===================== ∗∗∗ SSA-844562: Multiple Vulnerabilities in Licensing Software for WinCC OA ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been identified in the WibuKey Digital Rights Management (DRM) solution, which affect WinCC OA. Siemens recommends users to apply the updates to WibuKey Digital Rights Management (DRM) provided by WIBU SYSTEMS AG. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-844562.txt ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (msmtp and python-mysql-connector), Debian (freedink-dfarc, rssh, sox, and waagent), Fedora (docker-latest, java-1.8.0-openjdk, koji, pagure, poppler, and spice), openSUSE (ansible, GraphicsMagick, mosquitto, pspp, spread-sheet-widget, and python-python-gnupg), Red Hat (chromium-browser), Slackware (file), SUSE (kernel, python-Django, qemu, and thunderbird), and Ubuntu (bind9). --------------------------------------------- https://lwn.net/Articles/780692/ ∗∗∗ SA-CORE-2019-003 Notice of increased risk and Additional exploit path - PSA-2019-02-22 ∗∗∗ --------------------------------------------- [...] This Public Service Announcement is a follow-up to SA-CORE-2019-003. This is not an announcement of a new vulnerability. If you have not updated your site as described in SA-CORE-2019-003 you should do that now. There are public exploits now available for this SA. --------------------------------------------- https://www.drupal.org/psa-2019-02-22 ∗∗∗ PHP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0166 ∗∗∗ IBM Security Bulletin: BigFix deployments with internet-facing relays that are not configured as authenticating are prone to security threats (CVE-2019-4061) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-deployments-wi… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage SDK Java (Feb 2019) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by a potential SQL Injection vulnerability CVE-2018-1819 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services 2.1.1: Information Leakage in configuration listing (CVE-2018-1670) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSLP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2017-17833) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: Vulnerability in Service Assistant affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-1775) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-serv… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability in DHCP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-dhcp… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.02.2019
by Daily end-of-shift report 22 Feb '19

22 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-02-2019 18:00 − Freitag 22-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Statische Analyse von bösartigen Makros in Office-Dokumenten (am Beispiel der Schadsoftware Emotet) ∗∗∗ --------------------------------------------- Verdächtige Office-Dokumente können mit frei verfügbaren Werkzeugen auf Schadsoftware geprüft werden. Dieser Artikel gibt einen Einblick in die statische Analyse solcher Dokumente. --------------------------------------------- https://www.dfn-cert.de/aktuell/malicious-macros-emotet.html ∗∗∗ Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware ∗∗∗ --------------------------------------------- The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online phishing campaigns impersonate a popular brand or product through specially crafted emails, SMS, or social media networks. These campaigns employ various methods including email spoofing, fake or real employee names, and recognized branding to trick users into believing they are from a legitimate source. --------------------------------------------- https://blog.sucuri.net/2019/02/hackers-use-fake-google-recaptcha-to-cloak-… ∗∗∗ VB2018 paper: The modality of mortality in domain names ∗∗∗ --------------------------------------------- Domains play a crucial role in most cyber attacks, from the very advanced to the very mundane. Today, we publish a VB2018 paper by Paul Vixie (Farsight Security) who undertook the first systematic study into the lifetimes of newly registered domains. --------------------------------------------- https://www.virusbulletin.com:443/blog/2019/02/vb2018-paper-modality-mortal… ∗∗∗ The lazy person’s guide to cybersecurity: minimum effort for maximum protection ∗∗∗ --------------------------------------------- How can we help our less tech-savvy friends stay more secure online? By giving them a lazy persons guide to cybersecurity, we can offer maximum protection for minimal effort.Categories: 101How-tosTags: cybersecuritypassword managerpotentially unwanted programspush notificationstech support scamsuser awarenessuser education(Read more...)The post The lazy person’s guide to cybersecurity: minimum effort for maximum protection appeared first on Malwarebytes Labs. --------------------------------------------- https://blog.malwarebytes.com/101/2019/02/the-lazy-persons-guide-to-cyberse… ===================== = Vulnerabilities = ===================== ∗∗∗ Cr1ptT0r Ransomware Infects D-Link NAS Devices, Targets Embedded Systems ∗∗∗ --------------------------------------------- A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cr1ptt0r-ransomware-infects-… ∗∗∗ Sicherheitsupdates: Lücken in Cisco HyperFlex machen Angreifer zum Root ∗∗∗ --------------------------------------------- Cisco hat wichtige Sicherheitsupdates für verschiedenen Produkte veröffentlicht. Keine der Lücken gilt als kritisch. --------------------------------------------- http://heise.de/-4315921 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (libreoffice, libtiff, spice, and spice-gtk), openSUSE (build, mosquitto, and nodejs6), Red Hat (firefox, flatpak, and systemd), Scientific Linux (firefox, flatpak, and systemd), SUSE (kernel-firmware and texlive), and Ubuntu (bind9 and ghostscript). --------------------------------------------- https://lwn.net/Articles/780543/ ∗∗∗ Internet Systems Consortium BIND: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen oder Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0161 ∗∗∗ WinRAR: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in WinRAR ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0162 ∗∗∗ Adobe Acrobat DC: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Adobe Acrobat DC, Adobe Acrobat Reader DC, Adobe Acrobat und Adobe Reader ausnutzen, um Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0163 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js and OpenSSL affect IBM Watson Assistant on IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Watson Assistant on IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2014-7810) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2018-1767) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ BIND vulnerability CVE-2018-5744 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00040234 ∗∗∗ BIND vulnerability CVE-2018-5745 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K25244852 ∗∗∗ BIND vulnerability CVE-2019-6465 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01713115 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.02.2019
by Daily end-of-shift report 21 Feb '19

21 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-02-2019 18:00 − Donnerstag 21-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Schadcode: 19 Jahre alte Sicherheitslücke in Winrar ∗∗∗ --------------------------------------------- Vorsicht beim Entpacken von ACE-Archiven: Sie können Dateien an beliebige Orte des Systems schreiben - und damit auch Code ausführen. Ein stabiles Update von Winrar wurde noch nicht veröffentlicht. --------------------------------------------- https://www.golem.de/news/schadcode-19-jahre-alte-sicherheitsluecke-in-winr… ∗∗∗ The new developments Of the FBot ∗∗∗ --------------------------------------------- Background introductionBeginning on February 16, 2019, 360Netlab has discovered that a large number of HiSilicon DVR/NVR Soc devices have been exploited by attackers to load an updated Fbot botnet program. Fbot was originally discovered and disclosed by 360Netlab [1] , it has been active and is constantly being upgraded. --------------------------------------------- https://blog.netlab.360.com/the-new-developments-of-the-fbot-en/ ∗∗∗ Achtung bei angeblichen Anrufen von Apple ∗∗∗ --------------------------------------------- Kriminelle kontaktieren iPhone-Nutzer/innen und erklären, dass es bei Apple angeblich zu einer Datenpanne gekommen sei und ihre Apple-ID betroffen sei. Sie werden aufgefordert eine weitere Service-Nummer anzurufen, um das Problem zu beheben. Das tückische dahinter: Auf Ihrem Bildschirm scheint die Apple-Support-Nummer samt Logo auf. Brechen Sie das Gespräch ab oder gehen Sie nicht ran! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-bei-angeblichen-anrufen-von-… ∗∗∗ nordischesdesign.com ist unseriös ∗∗∗ --------------------------------------------- Der Online-Shop nordischesdesign.com bietet moderne Möbel, Lampen, Dekorationsartikel und Geschirr im nordischen Design. Wir raten von einer Bestellung ab, da nicht sicher ist, ob Sie die bestellte Ware erhalten. nordischesdesign.com hat kein Impressum und bietet Konsument/innen keine Kontaktmöglichkeit. --------------------------------------------- https://www.watchlist-internet.at/news/nordischesdesigncom-ist-unserioes/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB19-13) ∗∗∗ --------------------------------------------- Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB19-13). These updates address a reported bypass to the fix for CVE-2019-7089 first introduced in 2019.010.20091, 2017.011.30120 and 2015.006.30475 and released on February 12, 2019. Successful exploitation could lead to sensitive [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1711 ∗∗∗ Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003 ∗∗∗ --------------------------------------------- Project: Drupal coreDate: 2019-February-20Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Remote Code ExecutionCVE IDs: CVE-2019-6340Description: Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. --------------------------------------------- https://www.drupal.org/sa-core-2019-003 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, flatpak, and systemd), Fedora (createrepo_c, dnf, dnf-plugins-core, dnf-plugins-extras, docker, libcomps, libdnf, and runc), Mageia (giflib, irssi, kernel, kernel-linus, libexif, poppler, tcpreplay, and zziplib), and SUSE (php5, procps, and qemu). --------------------------------------------- https://lwn.net/Articles/780454/ ∗∗∗ Microsoft Internet Information Services (IIS): Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0159 ∗∗∗ Linux kernel vulnerability CVE-2018-5953 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K94735334 ∗∗∗ Linux kernel vulnerability CVE-2018-10883 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K94735334 ∗∗∗ libcurl vulnerability CVE-2016-8618 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10196624 ∗∗∗ cURL and libcurl vulnerability CVE-2017-2628 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35453761 ∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2018-17199, CVE-2018-17189, and CVE-2019-0190 in the IBM i HTTP Server affect IBM i. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a kernel vulnerability (CVE-2018-5391) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by krb5 vulnerabilities (CVE-2018-5730 and CVE-2018-5729) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by GnuTLS vulnerabilities (CVE-2018-10845 and CVE-2018-10844) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a Mozilla Network Security Services (NSS) vulnerability (CVE-2018-12384) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a UI message injection vulnerability (CVE-2018-1666) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by an unauthorized access vulnerability (CVE-2018-1668) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site request forgery vulnerability (CVE-2018-1661) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.02.2019
by Daily end-of-shift report 20 Feb '19

20 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-02-2019 18:00 − Mittwoch 20-02-2019 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SQL injection explained: How SQLi attacks work and how to prevent them ∗∗∗ --------------------------------------------- What is SQL injection?SQL injection is a type of attack that can give an adversary complete control over your web application database by inserting arbitrary SQL code into a database query.Immortalized by "Little Bobby Drop Tables" in XKCD 327, SQL injection (SQLi) was first discovered in 1998, yet continues to plague web applications across the internet. Even the OWASP Top Tenlists injection as the number one threat to web application security. --------------------------------------------- https://www.csoonline.com/article/3257429/application-security/what-is-sql-… ∗∗∗ Sicherheit: Github startet Safe Harbor für Bug-Bounty-Programm ∗∗∗ --------------------------------------------- Um Teilnehmer seines Bug-Bounty-Programms rechtlich besser abzusichern, startet Github ein Safe-Harbor-Programm, das die Aktionen der Sicherheitsforscher absichern soll. Die Richtlinien basieren auf eigener Erfahrung und Vorlagen aus der Community. Das Programm selbst wird ebenfalls erweitert. (Github, Urheberrecht) --------------------------------------------- https://www.golem.de/news/sicherheit-github-startet-safe-harbor-fuer-bug-bo… ∗∗∗ Password Managers: Under the Hood of Secrets Management ∗∗∗ --------------------------------------------- [...] In this paper we propose security guarantees password managers should offer and examine the underlying workings of five popular password managers targeting the Windows 10 platform: 1Password 7, 1Password 4, Dashlane, KeePass, and LastPass. --------------------------------------------- https://www.securityevaluators.com/casestudies/password-manager-hacking/ ∗∗∗ Phishers’ new trick for bypassing email URL filters ∗∗∗ --------------------------------------------- Phishers have come up with another trick to make Office documents carrying malicious links undetectable by many e-mail security services: they delete the links from the document’s relationship file (xml.rels). The trick has been spotted being used in a email spam campaign aimed at leading victims to a credential harvesting login page. --------------------------------------------- https://www.helpnetsecurity.com/2019/02/20/phishers-new-trick-for-bypassing… ∗∗∗ Combing Through Brushaloader Amid Massive Detection Uptick ∗∗∗ --------------------------------------------- Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Matthew Molyett.Executive SummaryOver the past several months, Cisco Talos has been monitoring various malware distribution campaigns leveraging the malware loader Brushaloader to deliver malware payloads to systems. Brushaloader is currently characterized by the use of various scripting elements, such as PowerShell, to minimize the number of artifacts left on infected systems. --------------------------------------------- https://blog.talosintelligence.com/2019/02/combing-through-brushaloader.html ∗∗∗ Siegeware: When criminals take over your smart building ∗∗∗ --------------------------------------------- Siegeware is what you get when cybercriminals mix the concept of ransomware with building automation systems: abuse of equipment control software to threaten access to physical facilities. --------------------------------------------- https://www.welivesecurity.com/2019/02/20/siegeware-when-criminals-take-ove… ===================== = Vulnerabilities = ===================== ∗∗∗ Intel Data Center Manager SDK ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for improper authentication, protection mechanism failure, permission issues, key management errors, and insufficient control flow management vulnerabilities reported in Intels Data Center Manger software development kit. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01 ∗∗∗ Delta Industrial Automation CNCSoft ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an out-of-bounds read vulnerability reported in the Delta Electronics Delta Industrial Automation CNCSoft. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-050-02 ∗∗∗ Horner Automation Cscape ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability in the Horner Automation Cscape software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-050-03 ∗∗∗ Rockwell Automation Allen-Bradley PowerMonitor 1000 ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for cross-site scripting and authentication bypass vulnerabilities reported in Rockwell Automations Allen-Bradley PowerMonitor 1000, a compact power monitor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04 ∗∗∗ WordPress 5.0.0 Remote Code Execution ∗∗∗ --------------------------------------------- This blog post details how a combination of a Path Traversal and Local File Inclusion vulnerability lead to Remote Code Execution in the WordPress core. The vulnerability remained uncovered in the WordPress core for over 6 years. --------------------------------------------- https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ansible, drupal7, and systemd), Fedora (botan2, ceph, and firefox), Oracle (firefox, flatpak, and systemd), Red Hat (firefox), SUSE (gvfs, kernel, libqt5-qtbase, python-numpy, and qemu), and Ubuntu (gdm3). --------------------------------------------- https://lwn.net/Articles/780344/ ∗∗∗ Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure Certificate Validation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director XML External Entity Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco HyperFlex Software Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Hyperflex Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco HyperFlex Arbitrary Statistics Write Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Threat Defense Software SSL or TLS Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco HyperFlex Software Unauthenticated Root Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Double Free Vulnerability on Bastet Module of Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-… ∗∗∗ Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-… ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.02.2019
by Daily end-of-shift report 19 Feb '19

19 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 18-02-2019 18:00 − Dienstag 19-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers Use Compromised Banks as Starting Points for Phishing Attacks ∗∗∗ --------------------------------------------- Cybercriminals attacking banks and financial organizations use their foothold in a compromised infrastructure to gain access to similar targets in other regions or countries. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-use-compromised-bank… ∗∗∗ No More Ransom to the Rescue: New Decryption Tool Released for Latest Version of GandCrab ransomware ∗∗∗ --------------------------------------------- The wait for the victims of GandCrab is over: a new decryption tool has been released today for free on the No More Ransom depository for the latest strand of GandCrab, one of the world’s most prolific ransomware to date. This tool was developed by the Romanian Police in close collaboration with the internet security company Bitdefender and Europol, together with the support of law enforcement authorities from Austria, Belgium, Cyprus, France, Germany, Italy, the Netherlands, UK, Canada [...] --------------------------------------------- https://www.europol.europa.eu/newsroom/news/no-more-ransom-to-rescue-new-de… ∗∗∗ SHA-2-Patch für Windows 7 und Windows Server 2008/R2 kommt im März ∗∗∗ --------------------------------------------- Microsoft plant ein Update für Windows 7/Server 2008 (R2). Es soll das Betriebssystem für die Erkennung SHA-2 signierter Updates fit machen. --------------------------------------------- http://heise.de/-4312194 ∗∗∗ Criminal hacking hits Managed Service Providers: Reasons and responses ∗∗∗ --------------------------------------------- Recent news articles show that MSPs are now being targeted by criminals, and for a variety of nefarious reasons. Why is this happening, and what should MSPs do about it? --------------------------------------------- https://www.welivesecurity.com/2019/02/19/criminal-hacking-hits-managed-ser… ∗∗∗ Rietspoof malware spreads via Facebook Messenger and Skype spam ∗∗∗ --------------------------------------------- Avast researchers spot new malware spreading via instant messaging clients. --------------------------------------------- https://www.zdnet.com/article/rietspoof-malware-spreads-via-facebook-messen… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, rdesktop, rssh, systemd, and uriparser), Fedora (bouncycastle, eclipse-jgit, eclipse-linuxtools, jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-dataformat-xml, jackson-dataformats-binary, jackson-dataformats-text, jackson-datatype-jdk8, jackson-datatype-joda, jackson-datatypes-collections, jackson-jaxrs-providers, jackson-module-jsonSchema, jackson-modules-base, jackson-parent, moby-engine, and subversion), [...] --------------------------------------------- https://lwn.net/Articles/780245/ ∗∗∗ Critical Release - PSA-2019-02-19 ∗∗∗ --------------------------------------------- Date: 2019-February-19Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Critical ReleaseDescription: There will be a security release of 8.5.x and 8.6.x on February 20th 2019 between 1PM to 5PM America/New York (1800 to 2200 UTC). (To see this in your local timezone, refer to the Drupal Core Calendar) . The risk on this is currently rated at 20/25 (Highly critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:Uncommon. --------------------------------------------- https://www.drupal.org/psa-2019-02-19 ∗∗∗ Vuln: SolarWinds Orion Network Performance Monitor (NPM) CVE-2019-8917 Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107061 ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0150 ∗∗∗ IBM Security Bulletin: Directory traversal vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-2006) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-directory-traversal-v… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-8931 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a CVE-2018-1901 vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem 840 and 900 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem V840 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.02.2019
by Daily end-of-shift report 18 Feb '19

18 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-02-2019 18:00 − Montag 18-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Finding Property Values in Office Documents, (Sat, Feb 16th) ∗∗∗ --------------------------------------------- In diary entry "Maldoc Analysis of the Weekend", I use the strings method explained in diary entry "Quickie: String Analysis is Still Useful" to quickly locate the PowerShell command hidden in a malicious Word document. --------------------------------------------- https://isc.sans.edu/diary/rss/24652 ∗∗∗ Distributing Malware - one "Word" at a Time ∗∗∗ --------------------------------------------- Using Microsoft Word to distribute malware is a common tactic used by criminals. Given the popularity of Word, criminals can often "live off the land" and use mechanisms that are already in place to do their dirty work. --------------------------------------------- https://www.gdatasoftware.com/blog/2019/02/31429-distributing-malware-word ∗∗∗ A Deep Dive on the Recent Widespread DNS Hijacking Attacks ∗∗∗ --------------------------------------------- The U.S. government - along with a number of leading security companies - recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the [...] --------------------------------------------- https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dn… ∗∗∗ IT-Grundschutz-Kompendium Edition 2019 erschienen ∗∗∗ --------------------------------------------- Ab sofort steht das IT-Grundschutz-Kompendium in der neuen Edition 2019 zur Verfügung. In dieser Edition sind insgesamt 94 IT-Grundschutz-Bausteine enthalten, 14 Bausteine sind zu neuen Themen aufgenommen worden. Das IT-Grundschutz-Kompendium ist auf die Sicherheitsanforderungen in Unternehmen und Behörden zugeschnitten. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/IT-Grundschutz-Ko… ∗∗∗ Exploit Code Published for Recent Container Escape Vulnerability ∗∗∗ --------------------------------------------- Proof-of-concept (PoC) code is now publicly available for a recently disclosed container escape vulnerability impacting popular cloud platforms, including AWS, Google Cloud, and numerous Linux distributions. read more --------------------------------------------- https://www.securityweek.com/exploit-code-published-recent-container-escape… ∗∗∗ Sinking a ship and hiding the evidence ∗∗∗ --------------------------------------------- Our earlier work on Voyage Data Recorder manipulation got us thinking about how a malicious individual or organisation might bring about the demise of a ship and hide the evidence. There are plenty of ways to get malware on to a ship. Whether it’s via satcoms, phishing, USB, crew Wi-Fi, dodgy DVDs etc. Now the [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/sinking-a-ship-and-hiding-the… ∗∗∗ Different 'smart' lock, similar security issues ∗∗∗ --------------------------------------------- I was looking through Amazon and found this padlock at the cheaper end of the scale. For twenty of my well-earnt English pounds I could become the owner of a new and shiny SLOK lock. Image credit: Amazon It can be unlocked by BLE and can be shared to others, what could I do but [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/different-smart-lock-similar-… ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2019-0001 ∗∗∗ --------------------------------------------- VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0001.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (cairo, firefox, flatpak, hiawatha, and webkit2gtk), Debian (gsoap, mosquitto, php5, thunderbird, and tiff), Fedora (elfutils, ghostscript, gsi-openssh, kernel, kernel-headers, kernel-tools, kf5-kauth, mingw-podofo, mingw-poppler, mosquitto, podofo, and python-markdown2), Mageia (firefox, flash-player-plugin, lxc, and thunderbird), openSUSE (avahi, docker, libu2f-host, LibVNCServer, nginx, phpMyAdmin, and pspp, spread-sheet-widget), Red Hat [...] --------------------------------------------- https://lwn.net/Articles/780076/ ∗∗∗ Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019 ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Information Leakage Vulnerability on Some Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190218-… ∗∗∗ D-LINK Router DIR-823G: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0147 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.02.2019
by Daily end-of-shift report 15 Feb '19

15 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-02-2019 18:00 − Freitag 15-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cryptojacking Coinhive Miners Land on the Microsoft Store For the First Time ∗∗∗ --------------------------------------------- A batch of eight potentially unwanted applications (PUAs) were found on the Microsoft Store dropping malicious Monero (XMR) Coinhive cryptomining scripts, delivered with the help of Googles legitimate Google Tag Manager (GTM) library. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cryptojacking-coinhive-miner… ∗∗∗ Demystifying the crypter used in Emotet, Qbot, and Dridex ∗∗∗ --------------------------------------------- A crypter is software that can encrypt, obfuscate, and manipulate malware to make it harder to detect by security programs. The Zscaler ThreatLabZ research team recently spotted a common crypter being used in the recent Emotet, Qbot, and Dridex campaigns. This same crypter was observed in some of the Ursnif and BitPaymer campaigns as well. --------------------------------------------- https://www.zscaler.com/blogs/research/demystifying-crypter-used-emotet-qbo… ∗∗∗ Many ICS Vulnerability Advisories Contain Errors: Report ∗∗∗ --------------------------------------------- Roughly one-third of the ICS-specific vulnerability advisories published in 2018 contained basic factual errors, including when describing and rating the severity of a flaw, according to the 2018 Year in Review report published on Thursday by industrial cybersecurity firm Dragos. --------------------------------------------- https://www.securityweek.com/many-ics-vulnerability-advisories-contain-erro… ∗∗∗ Facebook Login Phishing Campaign ∗∗∗ --------------------------------------------- A falsely reported bug in the Myki Auto-Fill functionality led us to discover a phishing campaign that even the most vigilant users could fall for. --------------------------------------------- https://myki.com/blog/facebook-login-phishing-campaign/ ∗∗∗ Sicherheitsupdate schließt Angriffspunkte in Thunderbird ∗∗∗ --------------------------------------------- Schwachstellen in der Grafik-Bibliothek Skia gefährden Thunderbird. Die aktuelle Version ist abgesichert. --------------------------------------------- http://heise.de/-4310283 ∗∗∗ Dirty Sock: Canonical schließt Sicherheitslücke in Paketverwaltung Snap ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in Canonicals Paketverwaltung Snap ermöglichte normalen Benutzern Root-Rechte. Eine abgesicherte Version ist mittlerweile verfügbar. --------------------------------------------- http://heise.de/-4309424 ∗∗∗ Vulnerabilities Patched in WP Cost Estimation Plugin ∗∗∗ --------------------------------------------- At the end of January, Wordfence security analysts identified attackers exploiting vulnerabilities in outdated versions of the commercial plugin WP Cost Estimation & Payment Forms Builder, or WP Cost Estimation for short. These flaws were found and patched by the developer a few months ago, but no official public disclosure was made at the time. --------------------------------------------- https://www.wordfence.com/blog/2019/02/vulnerabilities-patched-in-wp-cost-e… ∗∗∗ Oracle MAF store bypass, a how-to ∗∗∗ --------------------------------------------- On a recent assignment I was asked to look at the security of a cloud-based solution for expenses, the Oracle® ExpensesCloud with Fusion applications. It was being used for employees to create/save/edit/submit claims to the employer. TL;DR Having default hardcoded credentials allows an attacker effortless compromise of the credentialed action. --------------------------------------------- https://www.pentestpartners.com/security-blog/oracle-maf-store-bypass-a-how… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr and unbound), Fedora (docker, libexif, and runc), openSUSE (mozilla-nss, python, rmt-server, and thunderbird), Slackware (mozilla), and SUSE (couchdb, dovecot23, kvm, nodejs6, php53, podofo, python-PyKMIP, rubygem-loofah, util-linux, and velum). --------------------------------------------- https://lwn.net/Articles/779933/ ∗∗∗ IBM Security Bulletin: Weaker than expected security in WebSphere Application Server with SP800-131 transition mode (CVE-2018-1996) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weaker-than-expected-… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Java vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities were identified in Node.js that affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Linux kernel vulnerability CVE-2018-15594 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26301924 ∗∗∗ Schwachstelle in gpsd und microjson erlaubt Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0144 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.02.2019
by Daily end-of-shift report 14 Feb '19

14 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-02-2019 18:00 − Donnerstag 14-02-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Shlayer Malware Disables macOS Gatekeeper to Run Unsigned Payloads ∗∗∗ --------------------------------------------- A new variant of the multi-stage Shlayer malware known to target macOS users has been observed in the wild, now being capable to escalate privileges using a two-year-old technique and to disable the Gatekeeper protection mechanism to run unsigned second stage payloads. --------------------------------------------- https://www.bleepingcomputer.com/news/security/shlayer-malware-disables-mac… ∗∗∗ Firefox, Firefox ESR und Tor Browser rüsten sich gegen Schadcode ∗∗∗ --------------------------------------------- Mozilla und die Entwickler des Tor Browsers haben in aktuellen Versionen mehrere mit dem Bedrohungsgrad "hoch" eingestufte Lücken geschlossen. --------------------------------------------- http://heise.de/-4308974 ∗∗∗ Kauf von Welpen und Tierbabys auf adiso.at nicht ratsam ∗∗∗ --------------------------------------------- Konsument/innen finden auf adiso.at Hundewelpen und Tierbabys unterschiedlichster Rassen. Die abgebildeten Tierfotos verlocken zwar zu einem Kauf, doch davon ist dringend abzuraten. Personen, die sich für einen Welpen entscheiden, müssen meist vorab Geld bezahlen ohne den Hund gesehen zu haben. Es kommt immer wieder zu weiteren Geldforderungen, bis die Opfer begreifen, dass es die Welpen gar nicht gibt. --------------------------------------------- https://www.watchlist-internet.at/news/kauf-von-welpen-und-tierbabys-auf-ad… ∗∗∗ Betrug auf insboote.eu und ltnagro.eu ∗∗∗ --------------------------------------------- Auf der Website insboote.eu können Konsument/innen Boote und auf der Website ltnagro.eu Bau- oder Landmaschinen kaufen. Die Bezahlung der Ware ist nur im Voraus möglich. Käufer/innen, die das Geld für die Maschinen bezahlen, verlieren es, denn es kommt zu keiner Übergabe --------------------------------------------- https://www.watchlist-internet.at/news/betrug-auf-insbooteeu-und-ltnagroeu/ ===================== = Vulnerabilities = ===================== ∗∗∗ Entity Registration - Critical - Multiple Vulnerabilities - SA-CONTRIB-2019-017 ∗∗∗ --------------------------------------------- Project: Entity RegistrationDate: 2019-February-13Security risk: Critical 18∕25 AC:Basic/A:None/CI:Some/II:Some/E:Exploit/TD:DefaultVulnerability: Multiple Vulnerabilities Description: This module enables you to take registrations for events, gathering information from registrants including email address and any other questions you wish to configure.In some cases, an anonymous user may view, edit, or delete other anonymous registrations by guessing the URL of that registration based on a [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2019-017 ∗∗∗ OAuth 2.0 Client Login (Single Sign-On) - Critical - Multiple Vulnerabilities - SA-CONTRIB-2019-016 ∗∗∗ --------------------------------------------- Project: OAuth 2.0 Client Login (Single Sign-On)Date: 2019-February-13Security risk: Critical 17∕25 AC:Basic/A:None/CI:Some/II:Some/E:Proof/TD:AllVulnerability: Multiple Vulnerabilities Description: This module enables you to allow login into the Drupal websites through an external provider over the OAuth 2.0 protocol.The module sets a Drupal variable used for redirection based on unsanitised user input, leading to an Open Redirect vulnerability. It also fails to sanitise user input [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2019-016 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python-gnupg), Mageia (avahi, dom4j, gvfs, kauth, libwmf, logback, mad, python, python-django, and radvd), openSUSE (curl, haproxy, lua53, python-slixmpp, runc, spice, and uriparser), Red Hat (flash-plugin), Slackware (mozilla), and SUSE (build and docker-runc). --------------------------------------------- https://lwn.net/Articles/779810/ ∗∗∗ Synology-SA-19:06 Docker ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary commands via a susceptible version of Docker. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_06 ∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0142 ∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager and IBM Enterprise Content Management Text Search security vulnerability in Apache PDFBox ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-filenet-content-m… ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerability Can Affect IBM Sterling Order Management (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-commons-fileup… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.02.2019
by Daily end-of-shift report 13 Feb '19

13 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-02-2019 18:00 − Mittwoch 13-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 13 Popular Wireless Hacking Tools [Updated for 2019] ∗∗∗ --------------------------------------------- Introduction to 13 Popular Wireless Hacking Tools Internet is now the basic need of our daily life. With the increasing use of smartphones, most of the things are now online. Every time we have to do something, we just use our smartphone or desktop. This is the reason wi-fi hotspots can be found everywhere. People also [...] --------------------------------------------- https://resources.infosecinstitute.com/13-popular-wireless-hacking-tools/ ∗∗∗ Siemens Warns of Critical Remote-Code Execution ICS Flaw ∗∗∗ --------------------------------------------- The affected SICAM 230 process control system is used as an integrated energy system for utility companies, and as a monitoring system for smart-grid applications. --------------------------------------------- https://threatpost.com/siemens-critical-remote-code-execution/141768/ ∗∗∗ Fake Updates campaign still active in 2019 ∗∗∗ --------------------------------------------- Last week on 2019-02-06, @baberpervez2 tweeted about a compromised website used by the Fake Updates campaign (link to tweet). The Fake Updates campaign uses compromised websites that generate traffic to a fake update page. The type of fake update page depends on your web browser. Victims would see a fake Flash update page when using Internet Explorer, a fake Chrome update page when using Google Chrome, or a fake Firefox update page when using Firefox. --------------------------------------------- https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+201… ∗∗∗ Patchday: Attacken gegen Internet Explorer ∗∗∗ --------------------------------------------- Microsoft hat wichtige Sicherheitsupdates für Office, Windows & Co. veröffentlicht. Mehre Schwachstellen gelten als kritisch. --------------------------------------------- http://heise.de/-4307548 ∗∗∗ Patchday: Adobe schützt ColdFusion und Reader vor Schadcode ∗∗∗ --------------------------------------------- Adobe Acrobat, ColdFusion und Reader sind über kritische Sicherheitslücken angreifbar. Updates schaffen Abhilfe. --------------------------------------------- http://heise.de/-4307619 ∗∗∗ Patchday: SAP stopft kritische Lücken im Software-Portfolio ∗∗∗ --------------------------------------------- Der deutsche Softwarehersteller SAP hat wichtige Sicherheitsupdates für zum Beispiel Commerce und BW/4HANA veröffentlicht. --------------------------------------------- http://heise.de/-4308113 ∗∗∗ Xiaomi-Scooter lässt sich über Bluetooth kapern ∗∗∗ --------------------------------------------- Unbefugte können den Xiaomi M365 stoppen oder beschleunigen, was für den Fahrer lebensgefährlich ist. Auch andere Marken könnten betroffen sein. --------------------------------------------- http://heise.de/-4307588 ∗∗∗ Phishing-Welle: Warnung vor falschen Microsoft-Mails und Telekom-Rechnungen ∗∗∗ --------------------------------------------- Gefälschte Microsoft-E-Mails, die den Trojaner Emotet verbreiten, sowie vermeintliche Telekom-Rechnungen sind im Umlauf. --------------------------------------------- http://heise.de/-4308122 ∗∗∗ Kein Geld an vermeintliche Airbnb-Agent/innen ins Ausland zahlen! ∗∗∗ --------------------------------------------- Wohnungssuchende stoßen bei Immobilienplattformen auf unglaublich günstige Inserate. Konsument/innen, die Kontakt aufnehmen, erhalten von Vermieter/innen schnell positive Rückmeldung. Da diese sich im Ausland befinden, soll Airbnb für Schlüsselübergabe und Besichtigungstermin als Treuhand fungieren. Konsument/innen dürfen nichts überweisen! Die Inserate sind gefälscht und das Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/kein-geld-an-vermeintliche-airbnb-ag… ===================== = Vulnerabilities = ===================== ∗∗∗ OSIsoft PI Vision ∗∗∗ --------------------------------------------- This advisory includes mitigations for a cross-site scripting vulnerability in OSIsofts PI Vision web page application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-043-01 ∗∗∗ Security Advisory for Malware on QTS ∗∗∗ --------------------------------------------- A recently reported malware is known to affect QNAP NAS devices. We are currently analyzing the malware and will provide the solution as soon as possible. --------------------------------------------- https://www.qnap.com/en/security-advisory/nas-201902-13 *** Security updates for Wednesday *** --------------------------------------------- Security updates have been issued by Arch Linux (aubio, curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-gnutls, libu2f-host, python-django, python2-django, rdesktop, and runc), Debian (flatpak), Fedora (flatpak, pdns-recursor, rdesktop, tomcat, and xerces-c27), Mageia (cinnamon, docker, dovecot, golang, java-1.8.0-openjdk, jruby, libarchive, libgd, libtiff, libvncserver, opencontainers-runc, openssh, python-marshmallow, thunderbird, and transfig), openSUSE (python-slixmpp), Oracle (kernel), Red Hat (redhat-virtualization-host), Slackware (lxc), SUSE (curl, firefox, LibVNCServer, nginx, php7, python-numpy, runc, SMS3.2, and thunderbird), and Ubuntu (gvfs, python-django, snapd, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/779719/ ∗∗∗ D-LINK Router: Schwachstelle ermöglicht Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0140 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – fluentd ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM Rational ClearCase GIT connector password exposure (CVE-2019-4059) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-rational-clearcas… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-enterprise-content-ma… ∗∗∗ IBM Security Bulletin: IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a GPFS vulnerability (CVE-2018-1783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in Ansible shipped with Data Science Experience Local ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: IBM Data Science Experience Local is affected by continuous traffic to a US Softlayer server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-data-science-expe… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.02.2019
by Daily end-of-shift report 12 Feb '19

12 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 11-02-2019 18:00 − Dienstag 12-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Offensive USB Cable Allows Remote Attacks over WiFi ∗∗∗ --------------------------------------------- Like a scene from a James Bond or Mission Impossible movie, a new offensive USB cable plugged into a computer could allow attackers to execute commands over WiFi as if they were using the computers keyboard. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-offensive-usb-cable-allo… ∗∗∗ Runc: Sicherheitslücke ermöglicht Übernahme von Container-Host ∗∗∗ --------------------------------------------- Eine Sicherheitslücke ermöglicht es, dass Software aus einem Container ausbricht. Die Ausführungsumgebung Runc, mit der Container gestartet werden, kann überschrieben und so der Host übernommen werden. Docker und viele andere Lösungen sind verwundbar. --------------------------------------------- https://www.golem.de/news/runc-sicherheitsluecke-ermoeglicht-uebernahme-von… ∗∗∗ Prozessor-Sicherheit: Intels sichere Software-Enklave SGX wurde geknackt ∗∗∗ --------------------------------------------- Die Forscher hinter Meltdown und Spectre können Intel Software Guard Extensions missbrauchen, um Schadcode vor dem Administrator des Systems zu verstecken. --------------------------------------------- http://heise.de/-4306965 ∗∗∗ Presseaussendung: Watchlist Internet warnt vor Identitätsdiebstahl mit Ausweiskopien ∗∗∗ --------------------------------------------- Die Watchlist Internet (www.watchlist-internet.at), Österreichs zentrale Informationsplattform zu Internet-Betrug und Online-Fallen, warnt vor vermehrtem Betrug mit Ausweiskopien. Kriminelle nutzen diesen Identitätsdiebstahl immer häufiger, um Straftaten in fremdem Namen zu begehen. Die Watchlist erklärt, wie Konsumenten dennoch Ausweiskopien bei seriösen Geschäften versenden können, ohne Betrügern in die Falle zu gehen. --------------------------------------------- https://www.watchlist-internet.at/presse/12022019-presseaussendung-watchlis… ∗∗∗ In eine Shopping-Falle getappt? Hier gibt’s nützliche Tipps! ∗∗∗ --------------------------------------------- Im Internet werben unzählige Shops, die angebliche Markenware zu sehr günstigen Preisen anbieten, um Kund/innen. Trotz .at- oder .de-Domains haben die Websites Ihren Sitz etwa in China. Die versendeten Waren sind gefälscht, qualitativ minderwertig und werden häufig vom Zoll beschlagnahmt. Zusätzlich gelangen Kriminelle an Kreditkartendaten ihrer Opfer. --------------------------------------------- https://www.watchlist-internet.at/news/in-eine-shopping-falle-getappt-hier-… ∗∗∗ WordPress plugin flaw lets you take over entire sites ∗∗∗ --------------------------------------------- Vulnerability found in social sharing plugin named "Simple Social Buttons," installed on more than 40,000 WordPress sites. --------------------------------------------- https://www.zdnet.com/article/wordpress-plugin-flaw-lets-you-take-over-enti… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB19-06), Adobe ColdFusion (APSB19-10), Adobe Acrobat and Reader (APSB19-07) and Adobe Creative Cloud Desktop Application (APSB19-11). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1705 ∗∗∗ Cisco Network Assurance Engine CLI Access with Default Password Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Joomla 3.9.3 Release ∗∗∗ --------------------------------------------- Joomla 3.9.3 is now available. This is a security fix release for the 3.x series of Joomla which addresses 6 security vulnerabilities and contains 30 bug fixes and improvements. --------------------------------------------- https://www.joomla.org/announcements/release-news/5756-joomla-3-9-3-release… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, dovecot, firefox, and spice), Debian (curl, php5, rssh, and wordpress), Fedora (curl, ghostscript, mingw-libconfuse, and radvd), openSUSE (java-11-openjdk and python-urllib3), Red Hat (chromium-browser and kernel), and SUSE (etcd and kernel). --------------------------------------------- https://lwn.net/Articles/779543/ ∗∗∗ SAP Security Patch Day 2019 ∗∗∗ --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 ∗∗∗ ZDI-19-178: Cisco WebEx Recorder and Player asplayback Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-178/ ∗∗∗ Linux kernel vulnerability CVE-2018-17972 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K27673650 ∗∗∗ Siemens Security Advisories ∗∗∗ --------------------------------------------- https://new.siemens.com/global/en/products/services/cert.html#SecurityPubli… https://cert-portal.siemens.com/productcert/txt/ssa-505225.txt https://cert-portal.siemens.com/productcert/txt/ssa-760124.txt https://cert-portal.siemens.com/productcert/txt/ssa-104088.txt https://cert-portal.siemens.com/productcert/txt/ssa-275839.txt https://cert-portal.siemens.com/productcert/txt/ssa-284673.txt https://cert-portal.siemens.com/productcert/txt/ssa-346262.txt https://cert-portal.siemens.com/productcert/txt/ssa-179516.txt https://cert-portal.siemens.com/productcert/txt/ssa-168644.txt https://cert-portal.siemens.com/productcert/txt/ssa-268644.txt https://cert-portal.siemens.com/productcert/txt/ssa-347726.txt https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt https://cert-portal.siemens.com/productcert/txt/ssa-377318.txt https://cert-portal.siemens.com/productcert/txt/ssa-579309.txt https://cert-portal.siemens.com/productcert/txt/ssa-635129.txt https://cert-portal.siemens.com/productcert/txt/ssa-845879.txt https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Cloud Foundry (CVE-2018-15761) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities(CVE-2016-10009, CVE-2016-6515, CVE-2016-6210, CVE-2017-6464, CVE-2017-6463) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileg… ∗∗∗ IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple IBM WebSphere Application Server vulnerabilities(CVE-2017-1137, CVE-2018-1567, CVE-2017-1194) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileg… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.02.2019
by Daily end-of-shift report 11 Feb '19

11 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 08-02-2019 18:00 − Montag 11-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ First CryptoCurrency Clipboard Hijacker Found on Google Play Store ∗∗∗ --------------------------------------------- Researchers last week found the first Android app on the Google Play store that monitors a devices clipboard for Bitcoin and Ethereum addresses and swaps them for addresses under the attackers control. This allows the attackers to steal any payments you make without your knowledge that you sent it to the wrong address. --------------------------------------------- https://www.bleepingcomputer.com/news/security/first-cryptocurrency-clipboa… ∗∗∗ Vernetzte Kühlschränke lassen sich mit Passwort 1234 abschalten ∗∗∗ --------------------------------------------- Ein Hersteller von Systemen zur Temperaturkontrolle hat einen schweren Fehler begangen. --------------------------------------------- https://futurezone.at/digital-life/vernetzte-kuehlschraenke-lassen-sich-mit… ∗∗∗ Security: Qnap-NAS-Systeme von unbekannter Malware betroffen ∗∗∗ --------------------------------------------- Besitzer von TS-251+-NAS-Geräten berichten von merkwürdigen Einträgen in der Hosts-Datei durch Malware, die das Aktualisieren und Installieren von Antivirensoftware verhindern. Erst auf Nachfrage stellt Qnap einen Fix bereit. Nutzer wundern sich über dessen Trägheit in der Sache. --------------------------------------------- https://www.golem.de/news/security-qnap-nas-systeme-von-unbekannter-malware… ∗∗∗ Windows App Runs on Mac, Downloads Info Stealer and Adware ∗∗∗ --------------------------------------------- We found an EXE application that specifically runs on Mac to download an adware and info stealer, sidestepping built-in protection systems on the platform such as Gatekeeper. We suspect the cybercriminals developing this routine as an evasion technique for damaging infections and attacks in the future as our telemetry showed the highest numbers to be in the UK, Australia, Armenia, Luxembourg, South Africa and the US. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/windows-app-run… ∗∗∗ Netzwerkhelferlein von Cisco: Mittels Standard-Kennwort zum Neustart ∗∗∗ --------------------------------------------- Cisco hat wichtige Sicherheitsupdates für verschiedene Produkte veröffentlicht. Keine Lücke gilt als kritisch. --------------------------------------------- http://heise.de/-4303894 ∗∗∗ The Race to the Bottom of Credential Stuffing Lists; Collections #2 Through #5 (and More) ∗∗∗ --------------------------------------------- A race to the bottom is a market condition in which there is a surplus of a commodity relative to the demand for it. Often the term is used to describe labour conditions (workers versus jobs), and in simple supply and demand terms, once theres so much of something all [...] --------------------------------------------- https://www.troyhunt.com/the-race-to-the-bottom-of-credential-stuffing-list… ∗∗∗ Sorry, Adobe Reader, Were Not Letting You Phone Home Without Users Consent (0day) ∗∗∗ --------------------------------------------- by Mitja Kolsek, the 0patch TeamToday well look at a fairly simple vulnerability in Adobe Reader DC that allows a PDF document automatically send an SMB request to attackers server as soon as the document is opened. The vulnerability was published by Alex Inführ along with a proof-of-concept in a detailed report on Alexs blog and hasnt been patched at the time of this writing. --------------------------------------------- https://blog.0patch.com/2019/02/sorry-adobe-reader-were-not-letting-you.html ∗∗∗ installateur-mg.at ist nicht vertrauenswürdig! ∗∗∗ --------------------------------------------- Konsument/innen, die auf der Suche nach einem Installateursunternehmen sind, stoßen womöglich auf installeur-mg.at. Dort bewerben Kriminelle ein schnelles und kostengünstiges 24h-Notservice. Konsument/innen sollten die Dienste nicht in Anspruch nehmen! Es entstehen extrem hohe Kosten, die entgegen Behauptungen auf der Website sofort in bar bezahlt werden müssen. Die vorgenommenen Arbeiten sind teils mangelhaft. --------------------------------------------- https://www.watchlist-internet.at/news/installateur-mgat-ist-nicht-vertraue… ∗∗∗ New TLS encryption-busting attack also impacts the newer TLS 1.3 ∗∗∗ --------------------------------------------- Researchers discover yet another Bleichenbacher attack variation (yawn!). --------------------------------------------- https://www.zdnet.com/article/new-tls-encryption-busting-attack-also-impact… ===================== = Vulnerabilities = ===================== ∗∗∗ Django security releases issued: 2.1.6, 2.0.11 and 1.11.19 ∗∗∗ --------------------------------------------- In accordance with our security release policy, the Django team is issuing Django 1.11.19, Django 2.1.6, and Django 2.0.11. These releases addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. --------------------------------------------- https://www.djangoproject.com/weblog/2019/feb/11/security-releases/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript, spice, spice-server, and thunderbird), Debian (coturn, freerdp, ghostscript, libreoffice, libu2f-host, mosquitto, and openssh), Fedora (buildbot, java-1.8.0-openjdk, java-11-openjdk, phpMyAdmin, slurm, and spice), openSUSE (python3 and rsyslog), Red Hat (docker and runc), SUSE (avahi, fuse, and LibVNCServer), and Ubuntu (poppler). --------------------------------------------- https://lwn.net/Articles/779467/ ∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001 ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2019-6212 Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before2.22.4. Credit to an anonymous researcher. Processing maliciously crafted web content may lead to arbitrary code execution. --------------------------------------------- https://webkitgtk.org/security/WSA-2019-0001.html ∗∗∗ IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by an Apache Derby open source library vulnerability (CVE-2015-1832) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-change… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is affected by a Reflected XSS (Cross-Site Scripting) vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-govern… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 – July 2018 & October 2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Java SDK affect IBM b-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Java SDK affect IBM b-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ Advanced Cloud Paks are vulnerable to multiple issues with in the Systemd package (CVE-2018-16866 CVE-2018-16864 CVE-2018-16865) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is potentially vulnerable to XML External Entity Injection (XXE) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.02.2019
by Daily end-of-shift report 08 Feb '19

08 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-02-2019 18:00 − Freitag 08-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ The Anatomy of Website Malware: An Introduction ∗∗∗ --------------------------------------------- We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose of this blog post series is to provide an overview of the most common infection categories and types of website malware. Are you interested in how backdoors, injectors, hacktools, .. --------------------------------------------- https://blog.sucuri.net/2019/02/the-anatomy-of-website-malware-an-introduct… ∗∗∗ Remote Code Execution via Path Traversal in the Device Metadata Authoring Wizard ∗∗∗ --------------------------------------------- Attackers can use the .devicemanifest-ms and .devicemetadata-ms file extensions for remote code execution in phishing scenarios when the Windows Driver Kit is installed on a victim’s machine. This is possible because the Windows Driver Kit installer installs .. --------------------------------------------- https://posts.specterops.io/remote-code-execution-via-path-traversal-in-the… ∗∗∗ LifeSize: Videokonferenzsysteme erlauben Zugriff per Default-Account ∗∗∗ --------------------------------------------- Vier Videokonferenz-Produkte von LifeSize bringen neben Firmware-Schwachstellen auch einen Support-Account mit Default-Login mit. Nutzer sollten zügig handeln. --------------------------------------------- http://heise.de/-4301951 ∗∗∗ First clipper malware discovered on Google Play ∗∗∗ --------------------------------------------- Cryptocurrency stealers that replace a wallet address in the clipboard are no .. --------------------------------------------- http://feedproxy.google.com/~r/eset/blog/~3/hENbeA5W9fg/ ∗∗∗ Super-systemic IoT flaws ∗∗∗ --------------------------------------------- IoT security flaws were always systemic: by that I mean that if I find a flaw in my smart thermostat, it affects ALL of those thermostats. A security problem with one connected .. --------------------------------------------- https://www.pentestpartners.com/security-blog/super-systemic-iot-flaws/ ∗∗∗ Threat Brief: Understanding Domain Generation Algorithms (DGA) ∗∗∗ --------------------------------------------- Intro One of the most important “innovations” in malware in the past decade is what’s called a Domain Generation Algorithm (“DGA”)”. DGA is an automation technique that attackers use to make it harder for defenders to protect against attacks. While DGA has .. --------------------------------------------- https://unit42.paloaltonetworks.com/threat-brief-understanding-domain-gener… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot and libarchive), Fedora (gvfs and poppler), openSUSE (openssl-1_1 and subversion), Oracle (kernel), Slackware (php), SUSE (avahi, docker, libunwind, LibVNCServer, and spice), and Ubuntu (linux-azure and openssh). --------------------------------------------- https://lwn.net/Articles/779299/ ∗∗∗ Siemens SICAM A8000 RTU Series ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-038-01 ∗∗∗ Siemens EN100 Ethernet Module ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-038-02 ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/02/07/Apple-Releases-Mul… ∗∗∗ IBM Security Bulletin: IBM i2 Intelligent Analyis Platform is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i2-intelligent-an… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.02.2019
by Daily end-of-shift report 07 Feb '19

07 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-02-2019 18:00 − Donnerstag 07-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Researcher reveals huge Mac password flaw to protest Apple bug bounty ∗∗∗ --------------------------------------------- Apples operating systems have recently had more than their fair share of serious security issues, and the latest problem will be enough to rattle millions of Mac users. Previously credible researcher Linuz Henze has revealed an exploit that in one button press can reveal the passwords in a Mac’s keychain. --------------------------------------------- https://venturebeat.com/2019/02/06/researcher-reveals-huge-mac-password-fla… ∗∗∗ Weiterer Workaround von Microsoft für verwundbare Exchange-Server ∗∗∗ --------------------------------------------- Bis ein Patch für Microsoft Exchange verfügbar ist, soll ein Notbehelf die Ausnutzung der in allen Versionen bestehenden Sicherheitslücke verhindern. --------------------------------------------- http://heise.de/-4300374 ∗∗∗ Gefälschte autoscout24.at-SMS stiehlt Daten ∗∗∗ --------------------------------------------- Kriminelle senden eine gefälschte autoscout24.at-SMS an Nutzer/innen der Plattform. Darin behaupten sie fälschlicherweise, dass Inserent/innen ihr Verkaufsangebot zweimal mit unterschiedlichen Preisen veröffentlicht haben. Aus diesem Grund sollen sie ihre Angaben auf einer fremden Website überprüfen. Das führt zu einem Datendiebstahl durch die Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-autoscout24at-sms-stiehl… ∗∗∗ Identitätsdiebstahl durch Umfrage auf prophylactus.com ∗∗∗ --------------------------------------------- prophylactus.com gibt vor, ein Marktforschungsinstitut zu sein. Konsument/innen sollen sich registrieren, um von zu Hause aus bis zu 50 Euro pro Stunde verdienen zu können. Achtung: Internetnutzer/innen dürfen sich nicht anmelden und an keinen Umfragen teilnehmen. Es handelt sich um versuchten Identitätsdiebstahl, der schwere Folgen für Betroffene haben kann. --------------------------------------------- https://www.watchlist-internet.at/news/identitaetsdiebstahl-durch-umfrage-a… ∗∗∗ Bitcoin-Erpressungsmail mit Nacktbildern ∗∗∗ --------------------------------------------- Aktuell häufen sich betrügerische E-Mails von einem "anonymen Hacker". Der Sender hat angeblich intimes Videomaterial von Ihnen, das er an Freund/innen, Bekannte und Familie weiterleitet, sollte kein Schweigegeld in Form von Bitcoins überweisen werden. Im Anhang finden Sie veröffentlichte Nacktbilder von bisherigen Opfern, die der Forderung nicht nachgekommen sind. Ignorieren Sie E-Mails dieser Art! Das besagte Video existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressungsmail-mit-nacktbil… ∗∗∗ Hacker group uses Google Translate to hide phishing sites ∗∗∗ --------------------------------------------- New phishing technique looks silly on desktops but may have a fighting chance on mobile devices. --------------------------------------------- https://www.zdnet.com/article/hacker-group-uses-google-translate-to-hide-ph… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, golang, libthrift-java, mumble, netmask, python3.4, and rssh), openSUSE (python-python-gnupg), Oracle (kernel), Scientific Linux (thunderbird), Slackware (curl), SUSE (firefox, python, and rmt-server), and Ubuntu (curl, libarchive, and libreoffice). --------------------------------------------- https://lwn.net/Articles/779192/ ∗∗∗ BlackBerry powered by Android Security Bulletin – February 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ HPESBUX03908 rev.1 - HP-UX Web Server Suite running Apache on HP-UX 11iv3, Multiple Remote Vulnerabilities. ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBUX03909 rev.1 - HP-UX Web Server Suite running Apache on HP-UX 11iv3, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ IBM Security Bulletin: IBM i2 Enterprise Insight Analysis. CVE-2018-12539 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i2-enterprise-ins… ∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used… ∗∗∗ IBM Security Bulletin: MaaS360 has identified a vulnerability in the MaaS360 iOS Application. (CVE-2018-1960) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-maas360-has-identifie… ∗∗∗ IBM Security Bulletin: OpenJPA as used in IBM QRadar SIEM is vulnerable to remote code execution. (CVE-2013-1768) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openjpa-as-used-in-ib… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM uses outdated hash algorithms. (CVE-2017-1695) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-uses-… ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x affected by vulnerability CVE-2017-1231 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-5-x… ∗∗∗ IBM Security Bulletin: BigFix Compliance (TEMA SUAv1 SCA SCM) affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-compliance-tem… ∗∗∗ Java SE vulnerability CVE-2018-3139 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65481741 ∗∗∗ Java SE vulnerability CVE-2018-3136 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16940442 ∗∗∗ Java SE vulnerability CVE-2018-3211 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04224795 ∗∗∗ Java SE vulnerability CVE-2018-3214 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K86075480 ∗∗∗ TLS in Mozilla NSS vulnerability CVE-2018-12404 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10281096 ∗∗∗ Java SE vulnerabilities CVE-2018-3149, CVE-2018-3169, and CVE-2018-3209 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K50394032 ∗∗∗ Java SE vulnerability CVE-2018-3180 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30503705 ∗∗∗ Oracle Java SE vulnerability CVE-2018-11212 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K63404203 ∗∗∗ BIG-IP SNMP vulnerability CVE-2018-15328 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42027747 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily