- Daily - CERT.at

Tageszusammenfassung - 06.02.2019
by Daily end-of-shift report 06 Feb '19

06 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-02-2019 18:00 − Mittwoch 06-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Nicht auf apfel-deals.com bestellen! ∗∗∗ --------------------------------------------- apfel-deals.com wirbt aktuell aktiv um Kundschaft. Im Angebot hat der Shop den Großteil des Apple-Produktsortiments, wie zum Beispiel iPhones, MacBooks, iPads und die Apple Watch. Achtung: Die Preise sind zwar verlockend, doch es handelt sich um einen Fake-Shop, der keine Waren liefert. Konsument/innen zahlen per Vorkasse und verlieren dadurch ihr Geld an Kriminelle! --------------------------------------------- https://www.watchlist-internet.at/news/nicht-auf-apfel-dealscom-bestellen/ ∗∗∗ SuperBoost Wifi hält nicht, was es verspricht! ∗∗∗ --------------------------------------------- Auf superboostwifi.com bewirbt die Firma Strong Current Enterprises Limited ein Gerät, das in der Lage sein soll, die Geschwindigkeitsbegrenzung von Internet-Verbindungen auszuhebeln. Tatsächlich handelt es sich beim SuperBoost Wifi Booster lediglich um einen vergleichsweise teuren WLAN-Repeater. Die Internet-Geschwindigkeit bleibt ein und dieselbe, nur die Reichweite wird verbessert. --------------------------------------------- https://www.watchlist-internet.at/news/superboost-wifi-haelt-nicht-was-es-v… ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA InduSoft Web Studio and InTouch Edge HMI ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for Missing Authentication for Critical Function and Resource Injection vulnerabilities reported in the AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) applications. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01 ∗∗∗ Rockwell Automation EtherNet/IP Web Server Modules ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability reported in the Rockwell Automation EtherNet/IP Web Server Modules. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-02 ∗∗∗ WECON LeviStudioU ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow, heap-based buffer overflow, and memory corruption vulnerabilities reported in WECONs LeviStudioU. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 ∗∗∗ Siemens SIMATIC S7-1500 CPU ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for uncontrolled resource consumption vulnerabilities reported in Siemens SIMATIC SV-1500 CPU. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-04 ∗∗∗ Kunbus PR100088 Modbus Gateway ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for improper authentication, missing authentication for critical function, and improper input validation vulnerabilities reported in the Kunbus PR100088 Modbus gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot and libav), openSUSE (kernel and krb5), Scientific Linux (thunderbird), SUSE (curl, lua53, python3, and spice), and Ubuntu (dovecot). --------------------------------------------- https://lwn.net/Articles/779098/ ∗∗∗ ZDI: (0day) Hewlett Packard Enterprise Intelligent Management Vulnerabilities ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-162/ http://www.zerodayinitiative.com/advisories/ZDI-19-172/ http://www.zerodayinitiative.com/advisories/ZDI-19-171/ http://www.zerodayinitiative.com/advisories/ZDI-19-170/ http://www.zerodayinitiative.com/advisories/ZDI-19-169/ http://www.zerodayinitiative.com/advisories/ZDI-19-168/ http://www.zerodayinitiative.com/advisories/ZDI-19-167/ http://www.zerodayinitiative.com/advisories/ZDI-19-166/ http://www.zerodayinitiative.com/advisories/ZDI-19-165/ http://www.zerodayinitiative.com/advisories/ZDI-19-164/ http://www.zerodayinitiative.com/advisories/ZDI-19-163/ ∗∗∗ Cisco Aironet Active Sensor Static Credentials Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Decryption Policy Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Business Suite Content Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Management Suite Simple Object Access Protocol Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Meeting Server SIP Processing Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Meeting Server Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Potential denial of service in WebSphere Application Server (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSL ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM SPSS Statistics is affected by CVE-2018-3139 and CVE-2018-3180 vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spss-statistics-i… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a vulnerability in Node.js (CVE-2018-12123) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY Reflected XSS in WebSphereSamISP ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1723) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a message injection vulnerability (CVE-2018-1666) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY WebSphere XSS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.02.2019
by Daily end-of-shift report 05 Feb '19

05 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 04-02-2019 18:00 − Dienstag 05-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Reverse RDP Attack: Code Execution on RDP Clients ∗∗∗ --------------------------------------------- Check Point Research recently discovered multiple critical vulnerabilities in the commonly used Remote Desktop Protocol (RDP) that would allow a malicious actor to reverse the usual direction of communication and infect the IT professional or security research’s computer. --------------------------------------------- https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-cl… ∗∗∗ Crooks Continue to Exploit GoDaddy Hole ∗∗∗ --------------------------------------------- Godaddy.com, the worlds largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddys fix hasnt gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal. --------------------------------------------- https://krebsonsecurity.com/2019/02/crooks-continue-to-exploit-godaddy-hole/ ∗∗∗ Vorsicht bei (zu) günstiger Markenware im Internet! ∗∗∗ --------------------------------------------- Auf der Suche nach dem großen Schnäppchen stoßen Konsument/innen häufig auf betrügerische Online-Shops, die Markenware zu schier unglaublichen Preisen anbieten. Hinter den Websites stecken oftmals Kriminelle, die gefälschte Produkte liefern oder es nur auf die Daten ihrer Opfer abgesehen haben. Hier erhalten Internetuser/innen nützliche Tipps, zum Einkauf im Internet, um Ärgernisse zu vermeiden! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-zu-guenstiger-markenwar… ∗∗∗ Warnung vor Nutresin - Herbapure Ear ∗∗∗ --------------------------------------------- Im Internet bewirbt der Molekularbiologe Prof. Karl Auer seine „makro-molekulare Formel" Nutresin - Herbapure Ear als Wundermittel gegen Hörverlust. Konsument/innen können Nutresin auf der Website yourmarket24.com bestellen. Die medizinische Wirkung der Ohrentropfen ist unklar. Aus diesem Grund ist von einer Bestellung des Mittels Nutresin dringend abzuraten. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-nutresin-herbapure-ear/ ===================== = Vulnerabilities = ===================== ∗∗∗ Kryptographische Schwachstellen in deutscher eGovernment Softwarekomponente ∗∗∗ --------------------------------------------- Die OSCI-Transport Bibliothek ist eine Softwarekomponente, welche von vielen deutschen Behörden eingesetzt wird, um Daten gemäß dem OSCI-Transport Protokoll sicher zu übertragen. Diese Java-Bibliothek war gegen zwei potentielle Angriffe anfällig, welche es einem Angreifer ermöglichten, einige Sicherheitsmaßnahmen zu umgehen. --------------------------------------------- https://www.sec-consult.com/blog/2019/02/kryptographische-schwachstellen-in… ∗∗∗ Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702) ∗∗∗ --------------------------------------------- The Qkr! with MasterPass iOS application (version 5.0.6 and below), does not validate the SSL certificate it receives when connecting to the application login server. --------------------------------------------- https://www.info-sec.ca/advisories/Qkr-MasterCard.html ∗∗∗ Android Security Bulletin - February 2019 ∗∗∗ --------------------------------------------- [...] The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-02-01.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libgd2), Fedora (java-11-openjdk, kernel, and kernel-headers), openSUSE (firefox, mysql-community-server, and pdns-recursor), Oracle (thunderbird), Red Hat (rh-haproxy18-haproxy, systemd, and thunderbird), SUSE (haproxy, spice, and uriparser), and Ubuntu (dovecot, kernel, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2, [...] --------------------------------------------- https://lwn.net/Articles/778507/ ∗∗∗ IBM Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by the use of Local Read Only Cache (LROC) which may result in directory corruption and undetected data corruption in regular files. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-scale-fo… ∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2018-11784, CVE-2018-8034) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-websphere-cast-ir… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by CKEditor (Preview Plugin) vulnerability (CVE-2014-5191) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by Apache POI vulnerability (CVE-2017-12626) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ HPESBHF03904 rev.1 - HPE Service Pack for ProLiant (SPP) Bundled Software, Local Access Restriction Bypass ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03907 rev.1 - HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers, Remote Cross-Site Scripting in HPE iLO 5 Web User Interface ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.02.2019
by Daily end-of-shift report 04 Feb '19

04 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-02-2019 18:00 − Montag 04-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Gute Passwörter erzeugen und sicher verwenden ∗∗∗ --------------------------------------------- Momentan ist das Ändern von Passwörtern wieder in aller Munde. Aber wie erzeugt man gute Passwörter und wie verwahrt man sie sicher? --------------------------------------------- http://heise.de/-4295052 ∗∗∗ Introducing Zombie POODLE and GOLDENDOODLE ∗∗∗ --------------------------------------------- I’m excited to announce that I will be presenting at this year’s Black Hat Asia about my research into detecting and exploiting CBC padding oracles! Zombie POODLE and GOLDENDOODLE are the names I’ve given to the vulnerabilities I’ll be discussing. Similar to ROBOT, DROWN and many other vulnerabilities affecting HTTPS, these issues stem from continued use of cryptographic modes which should have been long ago deprecated and yet are inexplicably still supported in TLSv1.2. In this case, the troublesome feature is that TLSv1.2 supports CBC mode ciphersuites. --------------------------------------------- https://www.tripwire.com/state-of-security/vulnerability-management/zombie-… ∗∗∗ Datendiebe versenden gefälschte upc.at-Mail ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte upc.at-Nachricht. Darin behaupten sie, dass das E-Mailpostfach von Empfänger/innen voll sei. Damit Kund/innen weiterhin Nachrichten empfangen können, sollen sie ihre Zugangsdaten auf einer gefälschten upc.at-Website nennen. Folgen sie der Anweisung, werden sie Opfer eines Datendiebstahls. Kriminelle erlangen Zugriff auf ihr E-Mailkonto und können es für Verbrechen nutzen. --------------------------------------------- https://www.watchlist-internet.at/news/datendiebe-versenden-gefaelschte-upc… ∗∗∗ Security researchers discover new Linux backdoor named SpeakUp ∗∗∗ --------------------------------------------- Named SpeakUp, this malware is currently distributed to Linux servers mainly located in China. The hackers behind this recent wave of attacks are using an exploit for the ThinkPHP framework to infect servers with this new malware strain. --------------------------------------------- https://www.zdnet.com/article/security-researchers-discover-new-linux-backd… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheit: Libreoffice schließt Lücke, Openoffice bleibt verwundbar ∗∗∗ --------------------------------------------- Eine Sicherheitslücke, die die freien Office-Programme Libreoffice und Openoffice betrifft, erlaubt Angreifern das Ausführen von Code mittels einer Skript-Schnittstelle. Von Libreoffice gibt es ein Update, von Openoffice nicht. --------------------------------------------- https://www.golem.de/news/sicherheit-libreoffice-schliesst-luecke-openoffic… ∗∗∗ devolo dLAN 550 duo+ Starter Kit Remote Code Execution ∗∗∗ --------------------------------------------- The devolo firmware has what seems to be a hidden services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the attacker to start services that are deprecated or discontinued and achieve remote arbitrary code execution with root privileges. --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php ∗∗∗ Sicherheitsforscher: Kritische Lücke in macOS erlaubt Auslesen von Passwörtern ∗∗∗ --------------------------------------------- Erneut ist eine schwere Schwachstelle bei dem in macOS integrierten Schlüsselbund bekanntgeworden: Manipulierte Software sei dadurch in der Lage, sämtliche Zugangsdaten des Nutzers aus der lokalen Keychain auszulesen – mitsamt der Passwörter im Klartext, wie der Sicherheitsforscher Linus Henze mitteilte. --------------------------------------------- http://heise.de/-4297437 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind, firefox, GNOME, kernel, systemd, and thunderbird), Debian (debian-security-support, drupal7, libreoffice, libvncserver, phpmyadmin, and rssh), Fedora (binutils and firefox), Mageia (firefox and netatalk), openSUSE (avahi and python-paramiko), Red Hat (Red Hat Gluster Storage Web Administration), Slackware (mariadb), and SUSE (java-11-openjdk, kernel, and python). --------------------------------------------- https://lwn.net/Articles/778407/ ∗∗∗ D-LINK Router DIR-823G: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- Router der Firma D-Link enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Geräte sind hauptsächlich für private Anwender und Kleinunternehmen konzipiert. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in D-LINK Router DIR-823G ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0104 ∗∗∗ Over 485,000 Ubiquiti devices vulnerable to new attack ∗∗∗ --------------------------------------------- Ubiquiti Networks is working on a fix for a newly discovered security issue affecting its devices that attackers have been exploiting since July last year. Attackers are sending small packets of 56 bytes to port 10,001 on Ubiquiti devices, which are reflecting and relaying the packets to a target's IP address amplified to a size of 206 bytes (amplification factor of 3.67). --------------------------------------------- https://www.zdnet.com/article/over-485000-ubiquiti-devices-vulnerable-to-ne… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by a remote code execution vulnerability in Drupal (CVE-2019-6339) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by a vulnerability in Oracle MySQL (CVE-2018-3251) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by access token leak (CVE-2019-4008) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.02.2019
by Daily end-of-shift report 01 Feb '19

01 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 31-01-2019 18:00 − Freitag 01-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sextortion: Follow the Money Part 3 - The cashout begins! ∗∗∗ --------------------------------------------- There hasnt been much to update in the several months since the Sexploitation: Follow the money updates in Diary 1 and Diary 2. For those of you who didnt read those diaries. When the Sextortion email campaign began in July, I asked for ISC reader submissions of the BTC addresses from that campaign so we could attempt to follow the Bitcoins created by the payments from this campaign. --------------------------------------------- https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+ca… ∗∗∗ Pants down: Sicherheitslücke in Server-Fernwartung ∗∗∗ --------------------------------------------- Server und Mainboards mit einigen Fernwartungschips von Aspeed sind angreifbar; auch die offene BMC-Firmware OpenBMC ist betroffen. --------------------------------------------- http://heise.de/-4296144 ∗∗∗ Most Magento shops get compromised via vulnerable extensions ∗∗∗ --------------------------------------------- Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot. "The method is straightforward: attacker uses an extension bug to hack into a Magento store. Once in, they download all of the other installed extensions. The attacker then searches the downloaded code for 0day security issues, such as POI, SQLi and XSS flaws. Once found, the attacker launches a global scan to [...] --------------------------------------------- https://www.helpnetsecurity.com/2019/02/01/magento-vulnerable-extensions/ ∗∗∗ Surviving DNS Flag Day ∗∗∗ --------------------------------------------- DNS Flag Day is here and with it comes new changes that could impact your domain's availability. What do you need to know and how can you quickly identify its impacts on you and your users? Read on for our quick guide to what it's all about and how to avoid disruption to your digital services. --------------------------------------------- https://blog.thousandeyes.com/surviving-dns-flag-day/ ∗∗∗ This smart light bulb could leak your Wi-Fi password ∗∗∗ --------------------------------------------- LIFX smart bulbs contained vulnerabilities which could be exploited with a little ingenuity and the help of a hacksaw. --------------------------------------------- https://www.zdnet.com/article/this-smart-light-bulb-could-leak-your-wi-fi-p… ===================== = Vulnerabilities = ===================== ∗∗∗ IDenticard PremiSys ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for use of hard-coded credentials, use of hard-coded password, and inadequate encryption strength vulnerabilities reported in the IDenticard PremiSys access control system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-031-02 ∗∗∗ Schneider Electric EVLink Parking ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for use of hard-coded credentials, code injection, and SQL injection vulnerabilities reported in Schneider Electric’s EVLink Parking, an electric vehicle charging station. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (agg, golang-1.7, golang-1.8, mariadb-10.0, and postgis), Fedora (kernel, kernel-headers, and kernel-tools), Mageia (gitolite and libvorbis), openSUSE (pdns-recursor and webkit2gtk3), Oracle (firefox, ghostscript, kernel, polkit, spice, and spice-server), Red Hat (etcd, ghostscript, polkit, spice, and spice-server), Scientific Linux (ghostscript, polkit, spice, and spice-server), SUSE (python3), and Ubuntu (libvncserver). --------------------------------------------- https://lwn.net/Articles/778285/ ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletins: There is a security vulnerability in the XLXP-C component which is shipped in IBM Integration Bus and App Connect Enterprise (CVE-2018-1801) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletins-there-is-a-security-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Operations Center (CVE-2018-1553, CVE-2018-1683, CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Linux kernel vulnerability CVE-2018-16658 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K40523020 ∗∗∗ Java SE vulnerability CVE-2018-3183 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95003704 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.01.2019
by Daily end-of-shift report 31 Jan '19

31 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 30-01-2019 18:00 − Donnerstag 31-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mac "CookieMiner" Malware Aims to Gobble Crypto Funds ∗∗∗ --------------------------------------------- A newly discovered malware steals cookies, credentials and more to break into victims cryptocurrency exchange accounts. --------------------------------------------- https://threatpost.com/mac-cookieminer-malware-crypto/141334/ ∗∗∗ The D in SystemD stands for Danger, Will Robinson! Defanged exploit code for security holes now out in the wild ∗∗∗ --------------------------------------------- Capsule8 demos takeover technique to help sysadmins check for vulnerabilities Those who havent already patched a trio of recent vulnerabilities in the Linux worlds SystemD have an added incentive to do so: security biz Capsule8 has published exploit code for the holes. --------------------------------------------- https://www.theregister.co.uk/2019/01/31/systemd_exploit/ ∗∗∗ Tracking Unexpected DNS Changes ∗∗∗ --------------------------------------------- DNS is a key element of the Internet and, regularly, we read new bad stories. One of the last one was the Department of Homeland Security warning[1] about recent DNS hijacking attacks[2]. [...] it's not easy to detect unexpected changes but you can implement your own checks to tracks changes for your most visited websites. But from a website owner or network admin perspective, it is indeed a good practice to ensure that DNS servers authoritative for our domain zones are providing the --------------------------------------------- https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/ ∗∗∗ Top 10 Most Vulnerable WordPress Plugins ∗∗∗ --------------------------------------------- Kept properly updated, WordPress - including its plugins - is one of the most secure CMS available on the web. Provided the plugins are actively updated, most vulnerabilities are discovered and patched without widespread malicious exploitation. [...] In most cases, it's down to the users to make sure they apply the latest security updates to all their plugins. --------------------------------------------- https://www.htbridge.com/blog/top-10-most-vulnerable-wordpress-plugins.html ∗∗∗ IQ-Tests auf testific.com locken in Abo-Falle ∗∗∗ --------------------------------------------- Auf testific.com werden IQ- und Persönlichkeitstests angeboten. Konsument/innen, die an den Testungen teilnehmen, sollen ein Zertifikat erhalten, auf dem der IQ-Wert angegeben ist. Personen die den Intelligenztest durchführen, müssen im Anschluss 2,99 Euro bezahlen, um ihr Ergebnis zu erhalten. Ein versteckter Kostenhinweis zeigt: Es handelt sich um eine Abo-Falle, die 79,99 Euro pro Monat kostet. --------------------------------------------- https://www.watchlist-internet.at/news/iq-tests-auf-testificcom-locken-in-a… ∗∗∗ IoT botnet used in YouTube ad fraud scheme ∗∗∗ --------------------------------------------- TheMoons DDoS days are long gone. The botnet is now a proxy network for other criminal groups. --------------------------------------------- https://www.zdnet.com/article/iot-botnet-used-in-youtube-ad-fraud-scheme/#f… ∗∗∗ New security flaw impacts 5G, 4G, and 3G telephony protocols ∗∗∗ --------------------------------------------- Researchers have reported their findings and fixes should be deployed by the end of 2019. --------------------------------------------- https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-teleph… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitspatch: Dell Networking OS10 anfällig für Lauschattacken ∗∗∗ --------------------------------------------- Ein wichtiges Update schließt eine Sicherheitslücke im Switch-Betriebssystem Networking OS10 von Dell. --------------------------------------------- http://heise.de/-4294467 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (ghostscript), Debian (firefox-esr, libgd2, libvncserver, php-pear, rssh, and spice), Fedora (docker, docker-latest, firefox, moodle, and wireshark), Mageia (bluez, ghostscript, php-tcpdf, phpmyadmin, virtualbox, and zeromq), openSUSE (ghostscript), Red Hat (firefox), Scientific Linux (firefox), Slackware (kernel), and Ubuntu (avahi, firefox, and openjdk-8, openjdk-lts). --------------------------------------------- https://lwn.net/Articles/778107/ ∗∗∗ BlackBerry powered by Android Security Bulletin - January 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory - Authorization Bypass Vulnerability on Some Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190131-… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by a limited code injection vulnerability (CVE-2019-4038) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Manager FastBack (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Tivoli Application Dependency Discovery Manager (TADDM) could expose password hashes stored in system memory on target Windows systems that are discovered by TADDM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-applicatio… ∗∗∗ Linux kernel vulnerability CVE-2018-10901 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K07721343 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.01.2019
by Daily end-of-shift report 30 Jan '19

30 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 29-01-2019 18:00 − Mittwoch 30-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New LockerGoga Ransomware Allegedly Used in Altran Attack ∗∗∗ --------------------------------------------- Hackers have infected the systems of Altran Technologies with malware that spread through the company network, affecting operations in some European countries. To protect client data and its assets, Altran decided to shut down its network and applications. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-al… ∗∗∗ Z1: Zahnarztsoftware installiert lückenhaften Adobe Reader ∗∗∗ --------------------------------------------- Eine Verwaltungssoftware für Zahnarztpraxen installiert beim Update automatisch einen Adobe Reader in einer sehr alten Version, der zahlreiche bekannte Sicherheitslücken hat. Der Hersteller meint, das Problem behoben zu haben, das stimmt aber offenbar nicht. (Adobe Reader, PDF) --------------------------------------------- https://www.golem.de/news/z1-zahnarztsoftware-installiert-lueckenhaften-ado… ∗∗∗ CTF Writeup: Complex Drupal POP Chain ∗∗∗ --------------------------------------------- A recent Capture-The-Flag tournament hosted by Insomnihack challenged participants to craft an attack payload for Drupal 7. This blog post will demonstrate our solution for a PHP Object Injection with a complex POP gadget chain. --------------------------------------------- https://blog.ripstech.com/2019/complex-drupal-pop-chain/ ∗∗∗ Geldverlust und Datendiebstahl statt Traum-Immobilie! ∗∗∗ --------------------------------------------- Kriminelle inserieren günstige Miet- und Eigentumswohnungen, Häuser und Grundstücke auf bekannten Immobilienplattformen. Konsument/innen werden darüber informiert, dass eine Besichtigung über ein Treuhandunternehmen, also eine vertrauenswürdige Mittelsperson abgewickelt wird. Kautionen dürfen nicht bezahlt und Ausweisdokumente nicht übermittelt werden. Geld und Daten landen bei Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/news/geldverlust-und-datendiebstahl-statt… ∗∗∗ Matrix has slowly evolved into a Swiss Army knife of the ransomware world ∗∗∗ --------------------------------------------- The Matrix ransomware is usually deployed after cyber-criminals use unsecured RDP endpoints to compromise companies internal networks. --------------------------------------------- https://www.zdnet.com/article/matrix-has-slowly-evolved-into-a-swiss-army-k… ===================== = Vulnerabilities = ===================== ∗∗∗ Stryker Medical Beds ∗∗∗ --------------------------------------------- This medical device advisory provides mitigation recommendations for a reusing a nonce vulnerability in Strykers medical beds. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-01 ∗∗∗ Yokogawa License Manager Service ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a Unrestricted Upload of Files with Dangerous Type vulnerability reported in the Yokogawa License Manager Service application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-029-01 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5 ∗∗∗ --------------------------------------------- Cisco Talos is disclosing several vulnerabilities in ACD Systems Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX images. TIFF is a raster-based image format used in graphics editing projects, thus making it a very common file format thats used in Canvas Draw. PCX was a popular image format with early computers, and [...] --------------------------------------------- http://feedproxy.google.com/~r/feedburner/Talos/~3/4p-FF_Hp7xY/vulnerabilit… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (subversion), Debian (apache2, firefox-esr, qemu, rssh, and spice), Fedora (lua, mingw-python-qt5, mingw-qt5-qt3d, mingw-qt5-qtactiveqt, mingw-qt5-qtbase, mingw-qt5-qtcharts, mingw-qt5-qtdeclarative, mingw-qt5-qtgraphicaleffects, mingw-qt5-qtimageformats, mingw-qt5-qtlocation, mingw-qt5-qtmultimedia, mingw-qt5-qtquickcontrols, mingw-qt5-qtscript, mingw-qt5-qtsensors, mingw-qt5-qtserialport, mingw-qt5-qtsvg, mingw-qt5-qttools, [...] --------------------------------------------- https://lwn.net/Articles/777950/ ∗∗∗ Security Advisory - Double Free Vulnerability on Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190130-… ∗∗∗ Linux kernel vulnerability CVE-2018-18559 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K28241423 ∗∗∗ IBM Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Perl (CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18311) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-cloud-paks-are… ∗∗∗ IBM Security Bulletin: IBM Navigator for i is affected by CVE-2019-4040 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-navigator-for-i-i… ∗∗∗ IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1851) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-code-execution-vulner… ∗∗∗ IBM Security Bulletin: Bypass security vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2014-7810) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bypass-security-vulne… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ ZDI-19-157: Bitdefender SafePay exec Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-157/ ∗∗∗ ZDI-19-158: Bitdefender SafePay openFile Arbitrary File Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-158/ ∗∗∗ ZDI-19-159: Bitdefender SafePay launch Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-159/ ∗∗∗ ZDI: (0Day) Wecon LeviStudioU Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-143/ http://www.zerodayinitiative.com/advisories/ZDI-19-144/ http://www.zerodayinitiative.com/advisories/ZDI-19-145/ http://www.zerodayinitiative.com/advisories/ZDI-19-146/ http://www.zerodayinitiative.com/advisories/ZDI-19-147/ http://www.zerodayinitiative.com/advisories/ZDI-19-148/ http://www.zerodayinitiative.com/advisories/ZDI-19-149/ http://www.zerodayinitiative.com/advisories/ZDI-19-150/ http://www.zerodayinitiative.com/advisories/ZDI-19-151/ http://www.zerodayinitiative.com/advisories/ZDI-19-152/ http://www.zerodayinitiative.com/advisories/ZDI-19-153/ http://www.zerodayinitiative.com/advisories/ZDI-19-154/ http://www.zerodayinitiative.com/advisories/ZDI-19-155/ http://www.zerodayinitiative.com/advisories/ZDI-19-156/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.01.2019
by Daily end-of-shift report 29 Jan '19

29 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 28-01-2019 18:00 − Dienstag 29-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ A Miner Decline: The Surprising Slowdown of Cryptomining ∗∗∗ --------------------------------------------- This is the first of a three-part report on the state of three malware categories: miners, ransomware and information stealers. In Webroot's 2018 mid-term threat report, we outlined how cryptomining, and particularly cryptojacking, had become popular criminal tactics over the first six months of last year. This relatively novel method of cybercrime gained favour for being [...] --------------------------------------------- https://www.webroot.com/blog/2019/01/28/a-miner-decline-the-surprising-slow… ∗∗∗ FaceTime als Wanze – Apple schaltet Gruppenfunktion des VoIP-Dienstes ab ∗∗∗ --------------------------------------------- Ein Bug in Apples Kommunikationsdienst ermöglicht, das Mikrofon von iPhone und Mac aus der Ferne zu aktivieren. Apple ergreift Notfallmaßnahmen. --------------------------------------------- http://heise.de/-4290587 ∗∗∗ Sicherheitslücken in Microsoft Exchange gewähren Domain-Admin-Berechtigungen ∗∗∗ --------------------------------------------- Schwachstellen in allen Exchange-Server-Versionen machen Angreifer zu Domain-Administratoren. Ein Patch steht noch aus. --------------------------------------------- http://heise.de/-4290574 ∗∗∗ Aktuelle Trojaner-Welle: Emotet lauert in gefälschten Rechnungsmails ∗∗∗ --------------------------------------------- Offensichtlich hat es der Emotet-Schädling nun auf Privatpersonen abgesehen. Derzeit sind gehäuft gefälschte Amazon-, Telekom- und Vodafone-Mails unterwegs. --------------------------------------------- http://heise.de/-4291268 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in coTURN ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing three vulnerabilities in coTURN. coTURN is an open-source implementation of TURN and STUN servers that can be used as a general-purpose networking traffic TURN server. TURN servers are usually deployed in so-called "DMZ" zones - any server reachable from the internet - to provide firewall traversal solutions. --------------------------------------------- https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-multiple… ∗∗∗ Kleinanzeigen-Betrug boomt ∗∗∗ --------------------------------------------- Vorsicht beim Verkauf auf Kleinanzeigenplattformen wie willhaben, eBay, marketplace, quoka oder shpock. Aktuell häufen sich Anfragen von Interessent/innen, die das Geld angeblich einer Bank – die als Zwischenvermittler fungiert - "überweisen". Diese fragwürdige Bank hält den Betrag so lange zurück, bis Sie eine Versandbestätigung oder zu viel überwiesenes Geld übermitteln. Es handelt sich um eine Betrugsmasche! --------------------------------------------- https://www.watchlist-internet.at/news/kleinanzeigen-betrug-boomt/ ∗∗∗ Gefälschte Spar Umfrage: Versteckte Kosten statt gratis Technik! ∗∗∗ --------------------------------------------- Eine erfundene Umfrage wird momentan von Kriminellen massenhaft verschickt. Betroffene Personen, die den Links in der Nachricht folgen und die Umfrage durchführen, sollen mit einem gratis iPhone X, XS, Galaxy S9 oder einem MacBook belohnt werden. Ein versteckter Kostenhinweis bei der Eingabe der Kreditkartendaten zeigt aber: Statt Smartphone oder Laptop gibt's nur monatliche Kosten! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-spar-umfrage-versteckte-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (go-pie), Debian (wireshark), openSUSE (freerdp, libraw, openssh, pdns-recursor, singularity, and systemd), and Ubuntu (kernel, linux-hwe, and spice). --------------------------------------------- https://lwn.net/Articles/777806/ ∗∗∗ IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-has-a… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Check Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an Application Error vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-pa… ∗∗∗ IBM Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-qradar-p… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ The BIG-IP HTTP parser can incorrectly parse a tab character ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18263026 ∗∗∗ A virtual server with a Client SSL profile may accept non-SSL traffic ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21942600 ∗∗∗ BIG-IP APM XSS vulnerability CVE-2019-6591 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32840424 ∗∗∗ BIG-IP TMUI vulnerability CVE-2019-6589 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23566124 ∗∗∗ TMM vulnerability CVE-2019-6590 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55101404 ∗∗∗ The BIG-IP APM PingAccess component caching vulnerability may lead to user impersonation ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01226413 ∗∗∗ The BIG-IP ASM system may redirect a client request to an incorrect URL ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23432927 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.01.2019
by Daily end-of-shift report 28 Jan '19

28 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 25-01-2019 18:00 − Montag 28-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Datenbank: Lange bekannte MySQL-Lücke führt zu Angriffen ∗∗∗ --------------------------------------------- Das MySQL-Protokoll erlaubt es Servern, Daten des Clients auszulesen. Offenbar nutzte die kriminelle Gruppe Magecart dies zuletzt, um mit dem PHP-Datenbankfrontend Adminer Systeme anzugreifen. Auch PhpMyAdmin ist verwundbar. (MySQL, PHP) --------------------------------------------- https://www.golem.de/news/datenbank-lange-bekannte-mysql-luecke-fuehrt-zu-a… ∗∗∗ LabKey Vulnerabilities Threaten Medical Research Data ∗∗∗ --------------------------------------------- LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible. --------------------------------------------- https://threatpost.com/labkey-vulnerabilities-medical-research/141200/ ∗∗∗ NumPy Is Awaiting Fix for Critical Remote Code Execution Bug ∗∗∗ --------------------------------------------- The current version of the popular NumPy library relies on unsafe default usage of a Python module that could lead to remote code execution in the context of the affected application. --------------------------------------------- https://www.bleepingcomputer.com/news/security/numpy-is-awaiting-fix-for-cr… ∗∗∗ Jetzt patchen! Angreifer machen Jagd auf Cisco-Router ∗∗∗ --------------------------------------------- Sicherheitsforscher beobachten vermehrte Scans nach verwundbaren Routern von Cisco. Patches stehen zum Download bereit. --------------------------------------------- http://heise.de/-4289149 ∗∗∗ Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities ∗∗∗ --------------------------------------------- Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and intellectual properties. It allows the users to manage software license via USB key. A third vulnerability is located in userland and can be triggered remotely, as its located in the network [...] --------------------------------------------- https://blog.talosintelligence.com/2019/01/multiple-wibu-system-vulnerabili… ∗∗∗ Warnung vor software-outlet24.de ∗∗∗ --------------------------------------------- Auf software-outlet24.de werden Microsoft Office Pakete sowie Windows 10 und Windows 7 Produkt-Keys angeboten. Die Preise sind sehr günstig und laden zu einem schnellen Kauf ein. Zahlreiche Konsument/innen berichten uns von ausbleibenden Lieferungen und fehlender Rückerstattung. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-software-outlet24de/ ∗∗∗ WordPress sites under attack via zero-day in abandoned plugin ∗∗∗ --------------------------------------------- Developers of Total Donations plugin have gone missing, leaving former customers open to attacks. --------------------------------------------- https://www.zdnet.com/article/wordpress-sites-under-attack-via-zero-day-in-… ===================== = Vulnerabilities = ===================== ∗∗∗ Symantec Ghost Solution Suite DLL Hijack ∗∗∗ --------------------------------------------- Symantec Ghost Solution Suite (GSS) may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application. --------------------------------------------- https://support.symantec.com/en_US/article.SYMSA1474.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (apache, go, haproxy, matrix-synapse, nasm, and powerdns-recursor), Debian (coturn, ghostscript, krb5, policykit-1, and qtbase-opensource-src), Fedora (wireshark), openSUSE (nodejs4, nodejs8, openssh, PackageKit, and wireshark), Oracle (qemu and thunderbird), Scientific Linux (thunderbird), and SUSE (avahi, krb5, and python-paramiko). --------------------------------------------- https://lwn.net/Articles/777688/ ∗∗∗ Security Advisory - Memory Double Free Vulnerability in Image Processing Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190128-… ∗∗∗ IBM Security Bulletin: API Connect V5 is impacted by sensitive information disclosure via a REST API (CVE-2018-1976) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-imp… ∗∗∗ IBM Security Bulletin: Security Bulletin: Vulnerability in IBM Java SDK affects IBM Developer for z Systems (CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-vul… ∗∗∗ phpMyAdmin: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0089 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.01.2019
by Daily end-of-shift report 25 Jan '19

25 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 24-01-2019 18:00 − Freitag 25-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fighting Emotet: lessons from the front line ∗∗∗ --------------------------------------------- Emotet is moving, shape-shifting target for admins and their security software. Heres what weve learned from dealing with outbreaks. --------------------------------------------- https://nakedsecurity.sophos.com/2019/01/25/fighting-emotet-lessons-from-th… ∗∗∗ Youre an admin! Youre an admin! Youre all admins, thanks to this Microsoft Exchange zero-day and exploit ∗∗∗ --------------------------------------------- Easily swapped hashed passwords gives Domain Admin rights via API call. Fix may land next month Microsoft Exchange appears to be currently vulnerable to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/01/25/microsoft_e… ∗∗∗ Magento – RCE & Local File Read with low privilege admin rights ∗∗∗ --------------------------------------------- These vulnerabilities have been responsibly disclosed to Magento team, and received patches in Magento versions 2.3.0, 2.2.7 and 2.1.16 which were released in November 2018. --------------------------------------------- https://blog.scrt.ch/2019/01/24/magento-rce-local-file-read-with-low-privil… ∗∗∗ Mac-Trojaner versteckt sich in Werbebannern ∗∗∗ --------------------------------------------- Die auf macOS abzielende Malware wird in großem Stil per Banner-Werbung ausgeliefert und steganographisch versteckt, warnt eine Sicherheitsfirma. --------------------------------------------- http://heise.de/-4287382 ∗∗∗ Neue Passwort-Leaks: Insgesamt 2,2 Milliarden Accounts betroffen ∗∗∗ --------------------------------------------- Nach der Passwort-Sammlung Collection #1 kursieren nun auch die riesigen Collections #2-5 im Netz. So überprüfen Sie, ob Ihre Accounts betroffen sind. --------------------------------------------- http://heise.de/-4287538 ∗∗∗ Diverse Sicherheitslücken in iTunes für Windows ∗∗∗ --------------------------------------------- Apple hat seiner Mediathek-App auf dem PC ein Update spendiert, das mehr als ein halbes Dutzend Bugs fixt – darunter auch kritische. --------------------------------------------- http://heise.de/-4287940 ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess/SCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper authentication, authentication bypass, and SQL injection vulnerabilities in the WebAccess/SCADA software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01 ∗∗∗ PHOENIX CONTACT FL SWITCH ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for cross-site request forgery, improper restriction of excessive authentication attempts, cleartext transmission of sensitive information, resource exhaustion, incorrectly specified destination in a communication channel, insecure storage of sensitive information, and memory corruption vulnerabilities reported in Phoenix Contacts FL SWITCH ethernet hardware. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mxml, postgresql-9.4, and tmpreaper), Fedora (haproxy and runc), openSUSE (krb5, soundtouch, virtualbox, and zeromq), Oracle (thunderbird), Red Hat (thunderbird), and Ubuntu (subversion and thunderbird). --------------------------------------------- https://lwn.net/Articles/777549/ ∗∗∗ Cross-site scripting in CA Automic Workload Automation Web Interface (formerly Automic Automation Engine) ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-a… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by vulnerabilities in VMWare component (CVE-2018-6981 CVE-2018-6982) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: OpenSSL vunerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vunerability/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (October 2018 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System (July and October 2018 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6974) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: Multiple Foreshadow Spectre Variant vulnerabilities affect IBM OS Image for Red Hat Linux Systems in IBM PureApplication System (CVE-2018-3615 CVE-2018-3620 CVE-2018-3646) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-foreshadow-s… ∗∗∗ IBM SECURITY BULLETIN: IBM QRadar SIEM is vulnerable to Content Spoofing (CVE-2018-1733) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6972) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway appliances are affected by a vulnerability in IPMI (CVE-2018-1668) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability (CVE-2018-3639) pertaining third-party CPU hardware ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.01.2019
by Daily end-of-shift report 24 Jan '19

24 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 23-01-2019 18:00 − Donnerstag 24-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Verschlüsselung: Open SSL 1.1.1 überzeugt im Sicherheitsaudit ∗∗∗ --------------------------------------------- Die Initiativen Ostif und Quarkslab haben OpenSSL 1.1.1 einem Audit unterzogen. Den Fokus legten die Sicherheitsforscher auf die neuen TLS-1.3-Funktionen und die Änderungen am Pseudo Random Number Generator (PRNG). --------------------------------------------- https://www.golem.de/news/verschluesselung-open-ssl-1-1-1-ueberzeugt-im-sic… ∗∗∗ Bit-and-Piece DDoS Method Emerges to Torment ISPs ∗∗∗ --------------------------------------------- Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes. --------------------------------------------- https://threatpost.com/bit-and-piece-ddos-method-emerges-to-torment-isps/14… ∗∗∗ Gefälschte amazon.de-Versandbestätigung im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte amazon.de-Versandbestätigung. Darin schreiben sie, dass das von den Empfänger/innen bei der reBuy reCommerce GmbH bestellte Produkt am Versandweg sei. Weiterführende informationen zu dem Einkauf können Konsument/innen der Datei BESTELLDETAILS_eDATEI.doc entnehmen. Sie verbirgt Schadsoftware, weshalb Kund/innen sie nicht öffnen dürfen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-amazonde-versandbestaeti… ===================== = Vulnerabilities = ===================== ∗∗∗ Panels Breadcrumbs - Moderately critical - Cross site scripting - SA-CONTRIB-2019-007 ∗∗∗ --------------------------------------------- Project: Panels Breadcrumbs Version: 7.x-2.3 Date: 2019-January-23 Description: Panels Breadcrumbs allows you to set your breadcrumbs directly from Panels configuration. This module doesnt properly sanitize custom breadcrumb configuration in all cases, leading to an XSS vulnerability.This vulnerability is mitigated by the fact that an attacker must have permission --------------------------------------------- https://www.drupal.org/sa-contrib-2019-007 ∗∗∗ Preview Link - Moderately critical - Access bypass - SA-CONTRIB-2019-004 ∗∗∗ --------------------------------------------- Project: Preview Link Date: 2019-January-23 Description: The Preview Link module enables you to generate preview links so anonymous users can access unpublished revisions of content.The last release of the module introduced an access bypass allowing users to present invalid tokens but still access unpublished content. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-004 ∗∗∗ Playstation 4, Xbox One, Surface-Laptops: Kritische Schwachstellen im WLAN-Chip ∗∗∗ --------------------------------------------- Jetzt bekannt gewordene Sicherheitslücken erlauben es anscheinend, die Geräte aus dem lokalen WLAN ohne Interaktion des Nutzers zu kapern. --------------------------------------------- http://heise.de/-4286639 ∗∗∗ Böser Bug in PostScript trifft GhostScript und damit viele andere Programme ∗∗∗ --------------------------------------------- Ein Problem in den Tiefen der PostScript-Spezifikation lässt sich ausnutzen, um bösartigen Code auszuführen. --------------------------------------------- http://heise.de/-4286563 ∗∗∗ TLS Padding Oracle Vulnerability in Citrix Application Delivery Controller (ADC) and NetScaler Gateway ∗∗∗ --------------------------------------------- A vulnerability has been identified in the Citrix Application Delivery Controller (ADC) formally known as NetScaler ADC and NetScaler Gateway platforms using hardware acceleration that could allow an attacker to exploit the appliance to decrypt TLS traffic. This vulnerability does not directly allow an attacker to obtain the TLS private key. This vulnerability has been assigned the following CVE: CVE-2019-6485 --------------------------------------------- https://support.citrix.com/article/CTX240139 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (perl), Fedora (anaconda, curl, and poppler), openSUSE (ntpsec), SUSE (ghostscript, kernel, rubygem-activejob-4_2, and webkit2gtk3), and Ubuntu (ghostscript and mysql-5.7). --------------------------------------------- https://lwn.net/Articles/777480/ ∗∗∗ McAfee Total Protection: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- CB-K19/0079: McAfee Total Protection: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0079 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.01.2019
by Daily end-of-shift report 23 Jan '19

23 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 22-01-2019 18:00 − Mittwoch 23-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft’s Cyber Defense Operations Center shares best practices ∗∗∗ --------------------------------------------- You can download the Cyber Defense Operations Center strategy brief to gain more insight into how we work to protect, detect, and respond to cybersecurity threats. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2019/01/23/cdoc-best-practices/ ∗∗∗ Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com ∗∗∗ --------------------------------------------- Two of the most disruptive and widely-received spam email campaigns over the past few months -- including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year -- were made possible thanks to an authentication weakness at GoDaddy.com, the worlds largest domain name registrar, KrebsOnSecurity has learned. Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains tied to GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world’s most trusted corporate names and brands. --------------------------------------------- https://krebsonsecurity.com/2019/01/bomb-threat-sextortion-spammers-abused-… ∗∗∗ Gefälschte Geschäftsführungs-mail zu Kontostand ∗∗∗ --------------------------------------------- Unternehmen aufgepasst: Momentan erreichen uns zahlreiche Meldungen zu Betrugs-E-Mails, in welchen Kriminelle sich als Geschäftsführer/in des jeweiligen Unternehmens ausgeben. Gefragt wird nach dem aktuellen Kontostand. Ist genug Geld am Konto, soll eine Auslandsüberweisung initiiert werden. Das Geld darf nicht überwiesen werden, denn es wäre verloren. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-geschaeftsfuehrungs-mail… ∗∗∗ Rechtliche Folgen für Phishing-Opfer ∗∗∗ --------------------------------------------- Konsument/innen, die auf eine Banken-Phishingmail hereinfallen, übermitteln Kriminelle Daten, die diesen einen Zugriff auf ihr OnlineBanking-Konto ermöglichen. Teilen Kund/innen den Betrüger/innen telefonisch den TAN-Code zur Freigabe einer Überweisung mit, bleiben sie auf ihrem Schaden sitzen. Sie halten keine allgemein bekannten Sicherheitsvorkehrungen ein. --------------------------------------------- https://www.watchlist-internet.at/news/rechtliche-folgen-fuer-phishing-opfe… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-19-121: (0day) Microsoft Windows contact File Insufficient UI Warning Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of CONTACT files. Crafted data in a CONTACT file can cause Windows to display a dangerous hyperlink. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of the current user. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-121/ ∗∗∗ No-Name-Hausautomation: Lücke erlaubt leichten Firmware-Upload ∗∗∗ --------------------------------------------- Viele Geräte für die Hausautomation stammen von der Firma Tuya und haben Sicherheitslücken, die einfache Modifikation zulassen – zum Guten oder zum Schlechten. --------------------------------------------- https://heise.de/-4284783 ∗∗∗ Kritische Sicherheitslücke in Debians Update-Tools ∗∗∗ --------------------------------------------- Debian-basierte Linux-Systeme weisen eine Sicherheitslücke auf, über die Angreifer das System während des Einspielens von Sicherheits-Updates kapern könnten. --------------------------------------------- http://heise.de/-4285012 ∗∗∗ iOS 12.1.3 & Co: Apple stopft gravierende Schwachstellen auf iPhone und Mac ∗∗∗ --------------------------------------------- Mit Updates für alle Betriebssysteme räumt der Konzern Sicherheitslücken aus. Ein Bug erlaubt das Schadcode-Einschleusen per FaceTime-Anruf. --------------------------------------------- http://heise.de/-4285106 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libjpeg-turbo and systemd), Fedora (matrix-synapse, mingw-libjpeg-turbo, and mingw-libvorbis), Mageia (libcaca, libmp4v2, libxml2, pdns-recursor, perl-Email-Address, php-pear-HTML_QuickForm, podofo, and wavpack), openSUSE (webkit2gtk3), Red Hat (qemu-kvm-rhev), Scientific Linux (perl), Slackware (httpd), and Ubuntu (ntp). --------------------------------------------- https://lwn.net/Articles/777385/ ∗∗∗ OpenBMC caught with 'pantsdown' over new security flaw ∗∗∗ --------------------------------------------- A severe vulnerability has been found which impacts multiple Baseboard Management Controller (BMC) firmware stacks and hardware. The bug, CVE-2019-6260, has been nicknamed "pantsdown" ... --------------------------------------------- https://www.zdnet.com/article/bmc-caught-with-pantsdown-over-new-batch-of-s… ∗∗∗ Dräger Infinity Delta ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01 ∗∗∗ Johnson Controls Facility Explorer ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01 ∗∗∗ Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Connected Mobile Experiences Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco AMP Threat Grid API Key Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings Server Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by a vulnerability (CVE-2018-1959) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Server Automation is affected by the following vulnerabilities exposures (CVE-2018-8039, CVE-2018-1683, CVE-2018-1755) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-server-automation-is-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Integration Designer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ PHOENIX CONTACT Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-001 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.01.2019
by Daily end-of-shift report 22 Jan '19

22 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 21-01-2019 18:00 − Dienstag 22-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Remote Code Execution Bug Patched in APT Linux Package Manager ∗∗∗ --------------------------------------------- A remote code execution bug was discovered by security contractor Max Justicz in the APT high level package manager used by Debian, Ubuntu, and other related Linux distributions. The bug has been fixed today in the latest versions of APT. --------------------------------------------- https://www.bleepingcomputer.com/news/security/remote-code-execution-bug-pa… ∗∗∗ Sicherheitsupdates: Adobe Experience Manager könnte Daten leaken ∗∗∗ --------------------------------------------- Adobe hat wichtige Patches für Experience Manager und Experience Manager Forms veröffentlicht. Keine Sicherheitslücke gilt als kritisch. --------------------------------------------- http://heise.de/-4284723 ∗∗∗ Gefälschte Apple Pay E-Mails im Umlauf ∗∗∗ --------------------------------------------- Internetnutzer/innen erhalten Rechnungen von Apple Pay. Darin werden Käufe aufgelistet, die nie stattgefunden haben. Um ein Problem zu melden, sollen Betroffene einem Link folgen, der auf eine gefälschte Support-Seite führt. Konsument/innen dürfen hier keine Daten angeben! Kriminelle versuchen fremde Apple-IDs zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-apple-pay-e-mails-im-uml… ∗∗∗ Kein Geld von Spar Kredit ∗∗∗ --------------------------------------------- Konsument/innen, die auf sparkredit.net einen Kredit beantragen, müssen dem Unternehmen persönliche Daten nennen und einen Meldezettel samt Personalausweis übermitteln. Sie erfahren, dass sie Vorschusszahlungen an Spar Kredit leisten müssen, bevor es zu einer Kreditauszahlung kommt. In Wahrheit erhalten Konsument/innen kein Geld und werden Opfer eines Identitätsdiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/kein-geld-von-spar-kredit/ ∗∗∗ DNS Flag Day am 01.02.2019 ∗∗∗ --------------------------------------------- Am Freitag, 01.02.2019 ist DNS Flag Day. Aber um welche "Flag" geht es hier? Ab diesem Tag wird eine Reihe großer DNS-Anbieter, darunter Google und Cloudflare, und alle großen Anbieter von opensource rekursiver DNS Software, darunter BIND und unbound, aufhören Workarounds einzusetzen, um mit Domains kommunizieren zu können, die den EDNS0 Standard (RFC 6891) nicht erfüllen. --------------------------------------------- http://www.cert.at/services/blog/20190122154001-2371.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apt and aria2), Fedora (kernel-headers, kernel-tools, and openssh), openSUSE (webkit2gtk3), Oracle (perl), Red Hat (perl), SUSE (freerdp, python-urllib3, systemd, and wireshark), and Ubuntu (apt, poppler, and tiff). --------------------------------------------- https://lwn.net/Articles/777315/ ∗∗∗ TYPO3 9.5.4 and 8.7.23 security releases published ∗∗∗ --------------------------------------------- https://typo3.org/article/typo3-954-and-8723-security-releases-published/ ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-is-a… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM MessageSight is affected by an IBM WebSphere Liberty expression language vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-ibm… ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager uses Less Secure Algorithms ( CVE-2018-1751) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-life… ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-0732, CVE-2018-0737, CVE-2018-14618, CVE-2018-1000301) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-5-x… ∗∗∗ TYPO3-PSA-2019-001: Possible Arbitrary Code Execution in CommandUtility API ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-001/ ∗∗∗ TYPO3-PSA-2019-002: Username and Email Address Enumeration ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-002/ ∗∗∗ TYPO3-PSA-2019-003: Cross-Site Scripting in Flash component (ELTS) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-003/ ∗∗∗ TYPO3-EXT-SA-2019-004: Object Injection in extension "mkmailer" (mkmailer) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2019-004/ ∗∗∗ TYPO3-EXT-SA-2019-003: Multiple vulnerabilities in extension "femanager" (femanager) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2019-003/ ∗∗∗ TYPO3-EXT-SA-2019-002: Multiple vulnerabilities in extension "typo3_forum" (typo3_forum) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2019-002/ ∗∗∗ Linux kernel vulnerability CVE-2018-18710 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11165942 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.01.2019
by Daily end-of-shift report 21 Jan '19

21 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 18-01-2019 18:00 − Montag 21-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Beware the man in the cloud: How to protect against a new breed of cyberattack ∗∗∗ --------------------------------------------- One malicious tactic that has become quite prevalent in recent years is known as a ‘man in the cloud’ (MitC) attack. This attack aims to access victims’ accounts without the need to obtain compromised user credentials beforehand. Below, this article explains the anatomy of MitC attacks and offers practical advice about what can be done to defend against them. What is MitC attack? --------------------------------------------- https://www.helpnetsecurity.com/2019/01/21/mitc-attack/ ∗∗∗ Warnung vor angeblichen Microsoft-Anrufen ∗∗∗ --------------------------------------------- Vermehrt gehen Meldungen zu Anrufen angeblicher Microsoft-Mitarbeiter/innen bei der Watchlist Internet ein. Die Betrüger/innen behaupten, Probleme am Computer der Betroffenen gefunden zu haben. Die angebotene Hilfe entpuppt sich schlussendlich als Datendiebstahl! Wer einen derartigen Anruf erhält, darf den Anweisungen nicht folgen und sollte umgehend auflegen. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-angeblichen-microsoft-an… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open ∗∗∗ --------------------------------------------- A default configuration allows full admin access to unauthenticated attackers. --------------------------------------------- https://threatpost.com/critical-unpatched-cisco-flaw/141010/ ∗∗∗ Xen Security Advisory 289 v2 - Spectre V1 gadgets exploitable with L1TF ∗∗∗ --------------------------------------------- A number of specific exploitable gadgets have been identified. There are no new vulnerabilities. There is only new information about existing vulnerabilities: specifically, confirmation that existing, previously disclosed, vulnerabilities, can be exploited in specific ways. ... As discussed in XSA-273, disabling SMT / hyperthreading will avoid the L1TF vulnerability. It will therefore prevent the use of the exploitable code patterns discussed in this advisory. --------------------------------------------- https://lists.xenproject.org/archives/html/xen-announce/2019-01/msg00006.ht… ∗∗∗ [Pdns-announce] PowerDNS Recursor 4.1.9 Released ∗∗∗ --------------------------------------------- This release fixes the following security issues: - PowerDNS Security Advisory 2019-01 (CVE-2019-3806): Lua hooks are not called over TCP - PowerDNS Security Advisory 2019-02 (CVE-2019-3807): DNSSEC validation is not performed for AA=0 responses --------------------------------------------- https://mailman.powerdns.com/pipermail/pdns-announce/2019-January/001101.ht… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (gitolite3, gvfs, php, radare2, and syslog-ng), Mageia (libssh, php, python-django16, and rdesktop), openSUSE (podofo), and SUSE (libraw, openssh, PackageKit, and wireshark). --------------------------------------------- https://lwn.net/Articles/777250/ ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services: Information Leakage in configuration listing (CVE-2018-1670) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.01.2019
by Daily end-of-shift report 18 Jan '19

18 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 17-01-2019 18:00 − Freitag 18-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows Zero-Day Bug that Overwrites Files Gets Interim Fix ∗∗∗ --------------------------------------------- A micropatch has been released today for a vulnerability in Windows that allows overwriting files, even system one, with arbitrary data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-zero-day-bug-that-ov… ∗∗∗ Hosting malicious sites on legitimate servers: How do threat actors get away with it? ∗∗∗ --------------------------------------------- Is money all hosting providers care about when it comes to allowing malicious sites on their servers? Or is there more at play? We embark on an investigation to discover their motives. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/malware/2019/01/hosting-malicious-… ∗∗∗ Datendiebstahl bei Umfragen auf gremski.org ∗∗∗ --------------------------------------------- Gremski.org gibt an, ein Marktforschungsinstitut zu sein, auf dem Konsument/innen bis zu 100 Euro pro abgeschlossener Umfrage verdienen können. Bei der Anmeldung müssen Interessent/innen auch ihre Ausweisdokumente wie Personalausweis oder Pass hochladen. Im Rahmen der ersten vermeintlichen Umfrage sollen sie plötzlich ein Konto bei der N26 Bank eröffnen. Achtung: es handelt sich um Identitätsdiebstahl! --------------------------------------------- https://www.watchlist-internet.at/news/datendiebstahl-bei-umfragen-auf-grem… ∗∗∗ This malware spreading tool is back with some new tricks ∗∗∗ --------------------------------------------- The Fallout exploit kit is back delivering GandCrab ransomware after a brief hiatus. --------------------------------------------- https://www.zdnet.com/article/this-malware-spreading-tool-is-back-with-some… ===================== = Vulnerabilities = ===================== ∗∗∗ Omron CX-Supervisor ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for code injection, command injection, use after free, and type confusion vulnerabilities in Omrons CX-Supervisor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01 ∗∗∗ ABB CP400 Panel Builder TextEditor 2.0 ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper input validation vulnerability in ABBs CP400 Panel Builder TextEditor 2.0. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-017-02 ∗∗∗ ControlByWeb X-320M ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for improper authentication and cross-site scripting vulnerabilities in the ControlByWeb X-320M, a web-enabled weather station. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-017-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7), Fedora (electrum and perl-Email-Address), Mageia (gthumb), openSUSE (gitolite, kernel, krb5, libunwind, LibVNCServer, live555, mutt, wget, and zeromq), SUSE (krb5, mariadb, nodejs4, nodejs8, soundtouch, and zeromq), and Ubuntu (irssi). --------------------------------------------- https://lwn.net/Articles/777134/ ∗∗∗ Security Advisory - Two Vulnerabilities in Huawei PCManager Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-… ∗∗∗ IBM Security Bulletin: APIC is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apic-is-affected-by-a… ∗∗∗ IBM Security Bulletin: PowerVC is affected by an Openstack Keystone vulnerability that could allow a remote authenticated attacker to discover restricted projects (CVE-2018-14432) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-powervc-is-affected-b… ∗∗∗ January 2019 OpenSSH security vulnerabilities ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31781390 ∗∗∗ OTRS: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0062 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.01.2019
by Daily end-of-shift report 17 Jan '19

17 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 16-01-2019 18:00 − Donnerstag 17-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Over 140 International Airlines Affected by Major Security Breach ∗∗∗ --------------------------------------------- Potential attackers could view and change private information in flight bookings made by millions of customers of major international airlines because of a security issue in the Amadeus online booking system --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-140-international-airli… ∗∗∗ Forest for the trees: an IoT security standards gap analysis ∗∗∗ --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/forest-for-the-trees-an-iot-sec… ∗∗∗ Passwort-Sammlung mit 773 Millionen Online-Konten im Netz aufgetaucht ∗∗∗ --------------------------------------------- Eine riesige Sammlung mit Zugangsdaten zu Online-Diensten zirkuliert in Untergrund-Foren. Die Passwörter von Millionen Nutzern sind betroffen. --------------------------------------------- https://heise.de/-4279375 ∗∗∗ New Year’s resolutions: Routing done right ∗∗∗ --------------------------------------------- As another thing to improve this year, you may want to route your focus on a device that is the nerve center of your network and, if poorly secured, the epicenter of much potential trouble [...] --------------------------------------------- https://www.welivesecurity.com/2019/01/17/new-years-resolutions-routing-don… ∗∗∗ thermenservice-24.at ist unseriös ∗∗∗ --------------------------------------------- Bei thermenservice-24.at handelt es sich um einen Installateur, der 24 Stunden erreichbar ist. Die sogenannten „Thermenprofis“, sind bei jeder Tages- und Nachtzeit verfügbar, schnell vor Ort und locken mit günstigen Preisen. Es handelt sich jedoch um einen unseriösen Anbieter, der das Problem nicht behebt und nicht erfolgte Leistung überteuert verrechnet! --------------------------------------------- https://www.watchlist-internet.at/news/thermenservice-24at-ist-unserioes/ ∗∗∗ Betrügerischer Apple-Shop ios-world.de! ∗∗∗ --------------------------------------------- Auf ios-world.de werden Apple-Produkte wie iPhones, Apple Watch, MacBooks und iMacs angeboten. Die Preise liegen weit unter Marktwert und laden zu einem schnellen Kauf ein. Doch Vorsicht: Konsument/innen dürfen hier nichts kaufen! Es handelt sich um einen Fake-Shop, bei dem Sie per Vorkasse zahlen und keine Ware erhalten. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerischer-apple-shop-ios-world… ∗∗∗ Malware Used by "Rocke" Group Evolves to Evade Detection by Cloud Security Products ∗∗∗ --------------------------------------------- Palo Alto Networks Unit 42 recently captured and investigated new samples of the Linux coin mining malware used by the Rocke group. The family was suspected to be developed by the Iron cybercrime group and it’s also associated with the Xbash malware we reported on in September of 2018. The threat actor Rocke was originallyThe post Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal Releases Security Updates ∗∗∗ --------------------------------------------- Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. A remote attacker could exploit these vulnerabilities to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/01/16/Drupal-Releases-Se… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libvncserver), Debian (sssd), Fedora (kernel and kernel-headers), Red Hat (ansible, openvswitch, pyOpenSSL, python-django, and redis), and Ubuntu (policykit-1). --------------------------------------------- https://lwn.net/Articles/777010/ ∗∗∗ IBM Security Bulletin: Publicly disclosed vulnerability in Oracle Outside In Technology used by IBM FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vu… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by Apache Tomcat vulnerability CVE-2018-8034 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… ∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager affected by Apache HttpClient security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-filenet-content-m… ∗∗∗ IBM Security Bulletin: B2B Advanced Communications is Affected by Multiple Vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-b2b-advanced-communic… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.01.2019
by Daily end-of-shift report 16 Jan '19

16 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 15-01-2019 18:00 − Mittwoch 16-01-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fortnite Hacked Via Insecure Single Sign-On ∗∗∗ --------------------------------------------- Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts. --------------------------------------------- https://threatpost.com/fortnite-hacked-via-insecure-single-sign-on/140913/ ∗∗∗ OWASP Top 10 Security Risks – Part V ∗∗∗ --------------------------------------------- To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. --------------------------------------------- https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html ∗∗∗ Critical Patch Update: Oracle startet das Jahr mit 284 Sicherheitsupdates ∗∗∗ --------------------------------------------- In seinem Quartalsupdate veröffentlicht Oracle quer durch sein Software-Portfolio abgesicherte Versionen. Viele Lücken gelten als kritisch. --------------------------------------------- http://heise.de/-4277705 ∗∗∗ IDenticard PremiSys: Gebäude-Überwachungssystem mit eingebauten Hintertüren ∗∗∗ --------------------------------------------- Zero-Day-Lücken in einer verbreiteten Software für Gebäude-Sicherheit erlauben es Einbrechern, sich eigene Zugangskarten auszustellen. --------------------------------------------- http://heise.de/-4277935 ∗∗∗ Warnung vor Maxi Size Gel ∗∗∗ --------------------------------------------- Im Internet findet sich Werbung für das Penisvergrößerungsmittel Maxi Size Gel. Interessenten können es auf the-maxisizeelb.com bestellen. Von einer Bestellung des Maxi Size Gels raten wir ab, denn es ist fraglich, welche Wirkung das Mittel hat und unklar, wie die unbekannten Vertreiber/innen mit den persönlichen Daten ihrer Kunden umgehen. Beides birgt ein hohes Risko --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-maxi-size-gel/ ∗∗∗ iPhones nicht auf iPhoneIMEI.net entsperren! ∗∗∗ --------------------------------------------- iphoneimei.net verspricht, iPhones aller Generationen freischalten zu können und somit für alle Netze zu öffnen. Verlangt werden dafür 28 US-Dollar. iPhoneuser, die Dienste von iphoneimei.net in Anspruch nehmen wollen, werden enttäuscht, denn statt freigeschalteter iPhones erhalten sie weitere Zahlungsaufforderungen. Die versprochene Leistung erfolgt nie. --------------------------------------------- https://www.watchlist-internet.at/news/iphones-nicht-auf-iphoneimeinet-ents… ∗∗∗ Advertising network compromised to deliver credit card stealing code ∗∗∗ --------------------------------------------- Hundreds of online stores confirmed to be impacted, thousands of more under investigation. --------------------------------------------- https://www.zdnet.com/article/advertising-network-compromised-to-deliver-cr… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (systemd and wireshark), Fedora (openssh, php-horde-Horde-Form, and unrtf), Mageia (aria2, libvncserver, x11vnc, and nss), Oracle (kernel and libvncserver), Scientific Linux (libvncserver), SUSE (kernel, soundtouch, webkit2gtk3, and wget), and Ubuntu (libcaca and policykit-1). --------------------------------------------- https://lwn.net/Articles/776894/ ∗∗∗ Synology-SA-19:05 Moments ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to upload arbitrary files via a susceptible version of Moments. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_05 ∗∗∗ Security Advisory - Race Condition Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190116-… ∗∗∗ Microsoft Skype for Business: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0059 ∗∗∗ Microsoft Team Foundation Server: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0055 ∗∗∗ SCP in mehreren Produkten: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0058 ∗∗∗ IBM Security Bulletin: WAS traditional and liberty vulnerable to CVE-2014-7810 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-was-traditional-and-l… ∗∗∗ IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by Eclipse Jetty vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-netcool-agile-ser… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.01.2019
by Daily end-of-shift report 15 Jan '19

15 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 14-01-2019 18:00 − Dienstag 15-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Schwer ausnutzbar: Die ungefixten Sicherheitslücken ∗∗∗ --------------------------------------------- Sicherheitslücken wie Spectre, Rowhammer und Heist lassen sich kaum vollständig beheben, ohne gravierende Performance-Einbußen zu akzeptieren. Daher bleiben sie ungefixt. Trotzdem werden sie bisher kaum ausgenutzt. --------------------------------------------- https://www.golem.de/news/schwer-ausnutzbar-die-ungefixten-sicherheitslueck… ∗∗∗ Sicherheitslücken: Bauarbeitern die Maschinen weghacken ∗∗∗ --------------------------------------------- Bergbaumaschinen, Kräne und andere Industriegeräte lassen sich fernsteuern oder durch einen DoS-Angriff unbenutzbar machen. Das ist laut einer Studie nicht nur gefährlich, sondern auch vergleichsweise einfach. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-bauarbeitern-die-maschinen-weg… ∗∗∗ Erpressungs-Mail von ‚Anonymer Hacker‘ ignorieren ∗∗∗ --------------------------------------------- Konsument/innen erhalten E-Mails von Kriminellen, die sich als „Anonymer Hacker“ ausgeben. Man erpresst Empfänger/innen damit, dass intimes Videomaterial veröffentlicht wird, wenn keine Bitcoins im Wert von 2000 Euro überwiesen werden. Wer die Nachricht empfangen hat, darf nichts bezahlen und kann sie getrost ignorieren, denn ein Masturbationsvideo existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/erpressungs-mail-von-anonymer-hacker… ∗∗∗ Kein Geld an Credit Management Europe zahlen ∗∗∗ --------------------------------------------- Credit Management Europe versendet eine Zahlungsaufforderung in Höhe von 292,13 Euro an Unternehmen. Darin heißt es, dass Empfänger/innen eine offene Rechnung bei Internet Domain Services Austria (IDSA) haben. Bezahlen Empfänger/innen diese nicht, kommt es zur Einleitung rechtlicher Schritte. Unternehmen können die Androhung ignorieren und müssen keine Zahlung leisten, denn das Schreiben ist betrügerisch. --------------------------------------------- https://www.watchlist-internet.at/news/kein-geld-an-credit-management-europ… ∗∗∗ Gefälschte DHL Express-Mail enthält Schadsoftware ∗∗∗ --------------------------------------------- Internetnutzer/innen erhalten gefälschte Nachrichten vom DHL-Kundendienst. Darin werden sie über einen angeblichen Lieferversuch benachrichtigt und aufgefordert einen Dateianhang zu öffnen. Achtung: Der Inhalt ist frei erfunden und der Anhang darf nicht geöffnet werden. Er enthält Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-dhl-express-mail-enthael… ===================== = Vulnerabilities = ===================== ∗∗∗ OpenSSH & Putty: Sicherheitlücke in SCP ermöglicht Dateiaustausch ∗∗∗ --------------------------------------------- Ein bösartiger Server kann Dateien austauschen, die mittels SCP über SSH heruntergeladen werden - im schlimmsten Fall Schadcode. Die insgesamt fünf Sicherheitslücken klaffen in den aktuellen Versionen von OpenSSH, Putty und WinSCP. --------------------------------------------- https://www.golem.de/news/openssh-putty-sicherheitluecke-in-scp-ermoeglicht… ∗∗∗ [20190104] - Core - Stored XSS issue in the Global Configuration help url ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-i… ∗∗∗ [20190103] - Core - Stored XSS issue in the Global Configuration textfilter settings ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-i… ∗∗∗ [20190102] - Core - Stored XSS in com_contact ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate escaping in com_contact leads to a stored XSS vulnerability Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-i… ∗∗∗ [20190101] - Core - Stored XSS in mod_banners ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate escaping in mod_banners leads to a stored XSS vulnerability. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/760-20190101-core-stored-xss-i… ∗∗∗ Sicherheitsforscher brechen aus Docker-Container aus ∗∗∗ --------------------------------------------- Forschern ist es gelungen, aus einem Container der Docker-Testumgebung "Play with Docker" auf das darunterliegende System zuzugreifen und Code auszuführen. --------------------------------------------- http://heise.de/-4276108 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (irssi and systemd), CentOS (systemd), Debian (xen and zeromq3), Fedora (gnutls, kernel, kernel-headers, kernel-tools, and nbdkit), Oracle (libvncserver and systemd), Red Hat (libvncserver), and Ubuntu (haproxy, libarchive, and php-pear). --------------------------------------------- https://lwn.net/Articles/776771/ ∗∗∗ Synology-SA-19:04 Calendar ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Calendar. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_04 ∗∗∗ Synology-SA-19:03 Surveillance Station ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Surveillance Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_03 ∗∗∗ Synology-SA-19:02 VS960HD ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of VS960HD. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_02 ∗∗∗ Vuln: Identicard Premisys Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106552 ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Asset Analyzer (RAA) is affected by an Apache CXF vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-asset-analyzer-raa-is… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities affect IBM Sterling External Authentication Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.01.2019
by Daily end-of-shift report 14 Jan '19

14 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 11-01-2019 18:00 − Montag 14-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Nicht bestellen auf thaisawadee.de ∗∗∗ --------------------------------------------- Auf thaisawadee.de werden Konsument/innen asiatische Kunst, Schmuck, Spezialitäten und Salben angeboten. Der Shop hat seinen Sitz in Thailand und eine Bezahlung ist nur per Vorkasse möglich. Berichten zufolge bleibt die Lieferung häufig aus und bezahltes Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bestellen-auf-thaisawadeede/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (python-django and python2-django), Debian (sqlite3, systemd, and vlc), Fedora (mingw-nettle and polkit), Mageia (graphicsmagick, python-django, spice-vdagent, and to), openSUSE (aria2, discount, gpg2, GraphicsMagick, gthumb, haproxy, irssi, java-1_7_0-openjdk, java-1_8_0-openjdk, libgit2, LibVNCServer, and sssd), Red Hat (systemd), Scientific Linux (systemd), Slackware (irssi and zsh), SUSE (LibVNCServer and sssd), and Ubuntu (gnome-bluetooth and systemd). --------------------------------------------- https://lwn.net/Articles/776685/ ∗∗∗ VideoLAN VLC Media Player: Schwachstelle ermöglicht Denial of Service und Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VideoLAN VLC Media Player ausnutzen, um einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0042 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM® SPSS Analytic Server is vulnerable to Cross-Site Scripting (CVE-2018-1772) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spss-analytic-ser… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by WAS is susceptible to TLS downgrade if using FIPS and JVM property if using non WAS keystore/truststore ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.01.2019
by Daily end-of-shift report 11 Jan '19

11 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 10-01-2019 18:00 − Freitag 11-01-2019 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Datenleak - mal ganz ohne Hype ∗∗∗ --------------------------------------------- Datenleak - mal ganz ohne Hype11. Jänner 2019Man hätte sich in den letzten Tagen enorm anstrengen müssen, um der Berichterstattung zu dem vor knapp einer Woche in Deutschland bekannt gewordenen Datenleak zu entgehen.Um es trotzdem nochmal kurz zusammenzufassen: Unbekannte Täter veröffentlichten im Laufe des Dezembers Dokumente und persönliche Informationen hunderter deutscher Politiker und anderer Personen des öffentlichen Lebens in Form eines bizarren --------------------------------------------- http://www.cert.at/services/blog/20190111135415-2348.html ∗∗∗ Vivy & Co.: Gesundheitsapps kranken an der Sicherheit ∗∗∗ --------------------------------------------- Mit Sicherheitsversprechen geizen die Hersteller von Gesundheitsapps wahrlich nicht. Doch wie ist es wirklich darum bestellt? (Medizin, Gesundheitskarte) --------------------------------------------- https://www.golem.de/news/vivy-co-gesundheitsapps-kranken-an-der-sicherheit… ∗∗∗ Using Wireshark – Display Filter Expressions ∗∗∗ --------------------------------------------- As a Threat Intelligence Analyst for Palo Alto Networks Unit 42, I often use Wireshark to review packet captures (pcaps) of network traffic generated by malware samples. To better accomplish this work, I use a customized Wireshark column display as described my previous blog about using Wireshark. Today’s post provides more tips for analysts toThe post Using Wireshark – Display Filter Expressions appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressi… ∗∗∗ Windows 10 Experts Guide: Everything you need to know about BitLocker ∗∗∗ --------------------------------------------- Encrypting every bit of data on a Windows 10 PC is a crucial security precaution. Every edition of Windows 10 includes strong encryption options, with business editions having the best set of management tools. Heres a hands-on guide. --------------------------------------------- https://www.zdnet.com/article/windows-10-experts-guide-everything-you-need-… ===================== = Vulnerabilities = ===================== ∗∗∗ Emerson DeltaV ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an authentication bypass vulnerability in Emersons DeltaV distributed control system workstation products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01 ∗∗∗ Omron CX-One CX-Protocol ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a type confusion vulnerability in Omrons CX-Protocol within the CX-One software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-02 ∗∗∗ Pilz PNOZmulti Configurator ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a clear-text storage of sensitive information vulnerability in the Pilz PNOZmulti Configurator, a safety circuit configuration tool. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03 ∗∗∗ Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 ∗∗∗ --------------------------------------------- This advisory was originally posted to the HSIN ICS-CERT library on November 29, 2018, and is now being released to the NCCIC/ICS-CERT website. This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in the Tridium Niagara Enterprise Security, the Niagara AX, and the Niagara 4 products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02 ∗∗∗ USN-3855-1: systemd vulnerabilities ∗∗∗ --------------------------------------------- systemd vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 18.10Ubuntu 18.04 LTSUbuntu 16.04 LTSSummarySeveral security issues were fixed in systemd.Software Descriptionsystemd - system and service managerDetailsIt was discovered that systemd-journald allocated variable-length buffersfor certain message fields on the stack. A local attacker couldpotentially exploit this to cause a denial of service, or executearbitrary code. --------------------------------------------- https://usn.ubuntu.com/3855-1/ ∗∗∗ Sicherheitslücken (teils kritisch) in Juniper ATP, Junos OS und Space OS Software - Patches verfügbar ∗∗∗ --------------------------------------------- Sicherheitslücken (teils kritisch) in Juniper ATP, Junos OS und Space OS Software - Patches verfügbar 11. Jänner 2019 Beschreibung Der Netzwerkausrüster Juniper hat mehrere Security Advisories zu teils kritischen Sicherheitslücken in Juniper Space OS, Junos OS und ATP Software veröffentlicht. Zwei der Schwachstellen in Juniper ATP werden mit dem höchstmöglichen CVSS3 Score von 10 als kritisch eingestuft: CVE-2019-0020, CVE-2019-0022 [...] --------------------------------------------- http://www.cert.at/warnings/all/20190111.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (systemd and wireshark-cli), Debian (libsndfile and tmpreaper), Fedora (beep, electrum, gnutls, haproxy, krb5, mupdf, php-horde-Horde-Image, python-django, and wget), Mageia (libarchive and terminology), openSUSE (libraw, polkit, and singularity), SUSE (haproxy, java-1_8_0-openjdk, LibVNCServer, and webkit2gtk3), and Ubuntu (exiv2, gnupg2, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/776518/ ∗∗∗ ZDI-19-013: (0day) Microsoft Windows vcf File Insufficient UI Warning Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-013/ ∗∗∗ Format String Vulnerability in SSH username ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-018 ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by an IBM WebSphere Application Server vulnerability(CVE-2017-1788) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by multiple vulnerabilities (CVE-2018-1956, CVE-2018-1969, CVE-2018-1967 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1904) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-remote-code… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.01.2019
by Daily end-of-shift report 10 Jan '19

10 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-01-2019 18:00 − Donnerstag 10-01-2019 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ WordPress-Related Vulnerabilities Tripled in 2018 ∗∗∗ --------------------------------------------- WordPress-related vulnerabilities have seen a 300% increase in 2018 compared to the previous year, a recent study has found. Most of the bugs were in the plugins that extend the functionality of WordPress websites. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-related-vulnerabil… ∗∗∗ Global DNS Hijacking Campaign: DNS Record Manipulation at Scale ∗∗∗ --------------------------------------------- Introduction FireEye’s Mandiant Incident Response and Intelligence teams have identified a wave of DNS hijacking that has affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-ca… ∗∗∗ North Korea APT(?) and recent Ryuk Ransomware attacks ∗∗∗ --------------------------------------------- Our Threat Intelligence team has been tracking the Emotet botnet throughout 2018. In our previous post we reported a large scale Emotet campaign focused on e-mail content exfiltration.Today, we review the evidence gathered from our Telltale Threat Intelligence Service, which suggests the involvement of Emotet as the delivery mechanism for the latest wave of Ryuk ransomware attacks being dubbed as North Korean state-sponsored cyber-attacks.The evidence from the dataset completes the missing --------------------------------------------- https://blog.kryptoslogic.com/malware/2019/01/10/dprk-emotet.html ∗∗∗ E-Mail von mir selbst-erklärt ∗∗∗ --------------------------------------------- Sie erhalten vermeintlich von sich selbst eine E-Mail und fragen sich, wie das möglich ist? Die Antwort darauf ist, dass Kriminelle eine E-Mail so verändern können, dass die Absender/innen- mit der Empfänger/innen-Adresse ident ist. Das bedeutet jedoch nicht, dass Unbekannte Zugriff auf Ihr Konto haben und über dieses betrügerische Nachrichten an Sie versenden. --------------------------------------------- https://www.watchlist-internet.at/news/erklaerung-fuer-e-mail-von-mir-selbs… ∗∗∗ Gehälter durch Datenklau bei Wohnungssuche gestohlen! ∗∗∗ --------------------------------------------- Konsument/innen, die auf Mietwohnungssuche sind, stoßen mitunter auf gefälschte Wohnungsinserate. Bei Interesse an einer Immobilie senden sie, wie üblich, ihre Gehaltsabrechnungen der letzten Monate an die angeblichen Vermieter/innen. Kriminelle nutzen die Daten, um die Arbeitgeber/innen der Wohnungssuchenden über einen Kontowechsel zu informieren und Gehälter abzuzweigen! --------------------------------------------- https://www.watchlist-internet.at/news/gehaelter-durch-datenklau-bei-wohnun… ===================== = Vulnerabilities = ===================== ∗∗∗ Phone Field - Critical - SQL Injection - SA-CONTRIB-2019-001 ∗∗∗ --------------------------------------------- Description: This module provides a phone field for Drupal 7 that supports the HTML5 tel:-schema. In an API function that is not used by the module, the name for the phone field is not sufficiently sanitised when using it in database queries. This vulnerability is mitigated by the fact that it affects an unused function. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-001 ∗∗∗ Sicherheitslücken mit Höchstwertung in Juniper ATP ∗∗∗ --------------------------------------------- Angreifer könnten mit vergleichsweise wenig Aufwand die volle Kontrolle über das Schutzprodukt Advanced Threat Prevention (ATP) übernehmen. Darüber hinaus sind verschiedene Versionen des Betriebssystems Junos OS und die Management-Plattform für Netzwerke Junos Space angreifbar. Zwei Lücken (CVE-2019-0022, CVE-2019-0025) sind mit dem höchstmöglichen CVSS 3 Score 10 von 10 eingestuft. --------------------------------------------- http://heise.de/-4271009 ∗∗∗ Multiple Vulnerabilities in Cisco VOIP Phones, e.g. models 88XX ∗∗∗ --------------------------------------------- SEC Consult was able to identify a JavaScript like code injection in the Cisco VoIP Phone 8800 Series via the built-in T9 keyboard. Moreover, multiple outdated libraries and hard coded credentials got identified by conducting a static firmware analysis using the IoT Inspector platform. Patches are already available by Cisco. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/vulnerabilities-in-cisco-voi… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libcaca), Fedora (beep and libgxps), Mageia (krb5, live, ffmpeg, mplayer, and vlc, and mbedtls), SUSE (helm-mirror, java-1_7_0-openjdk, and systemd), and Ubuntu (nss and python-django). --------------------------------------------- https://lwn.net/Articles/776397/ ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.01.2019
by Daily end-of-shift report 09 Jan '19

09 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-01-2019 18:00 − Mittwoch 09-01-2019 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Face Unlock: 42 von 110 Handys lassen sich mit Portrait-Fotos austricksen ∗∗∗ --------------------------------------------- Im Test einer NGO ließen sich alle Handys von Nokia und Sony mit Portrait-Fotos entsperren. Die Bilanz anderer Hersteller ist mit einer Ausnahme durchwachsen. --------------------------------------------- http://heise.de/-4269897 ∗∗∗ Gefälschte card complete Sicherheits-App enthält Schadsoftware ∗∗∗ --------------------------------------------- Internetnutzer/innen finden gefälschte card complete Nachrichten in ihrem Posteingang. Darin behaupten die kriminellen Versender/innen, dass eine Sicherheits-App am Mobiltelefon installiert werden muss, damit die Kreditkarte weiterhin genutzt werden kann. Die App darf nicht heruntergeladen werden, denn sie enthält Schadsoftware! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-card-complete-sicherheit… ===================== = Vulnerabilities = ===================== ∗∗∗ Schneider Electric Zelio Soft 2 ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a use after free vulnerability in Schneider Electrics Zelio Soft 2 programming platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-008-01 ∗∗∗ Schneider Electric IIoT Monitor ∗∗∗ --------------------------------------------- This advisory includes mitigations for path traversal, unrestricted upload of file with dangerous type, and XXE vulnerabilities in the Schneider Electric IIoT Monitor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-008-02 ∗∗∗ Intel Patches High-Severity Privilege-Escalation Bugs ∗∗∗ --------------------------------------------- Overall, the chip giant patched five vulnerabilities across an array of its products. --------------------------------------------- https://threatpost.com/intel-patches-privilege-escalation-bugs/140665/ ∗∗∗ Patchday: Fast nur "wichtige" Sicherheitsupdates für Windows & Co. ∗∗∗ --------------------------------------------- Microsoft kümmert sich um Software-Schwachstellen in unter anderem Windows. Nutzer sollten eine baldige Installation der Updates sicherstellen. --------------------------------------------- http://heise.de/-4269105 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (elfutils, polkit, and tar), Debian (python-django and ruby-loofah), and Mageia (ansible, avidemux, coreutils, discount, nettle, openafs, opensc, and qtbase5). --------------------------------------------- https://lwn.net/Articles/776310/ ∗∗∗ Cisco Content Security Management Appliance Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco ASR 900 Series Aggregation Services Router Software Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Business Suite Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Password Recovery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Two Vulnerabilities in Huawei PCManager Porduct ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-… ∗∗∗ Security Advisory - Use After Free Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by an httpclient package in WAS internally Vulnerability(CVE-2012-5783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.01.2019
by Daily end-of-shift report 08 Jan '19

08 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 07-01-2019 18:00 − Dienstag 08-01-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Digging Up the Past: Windows Registry Forensics Revisited ∗∗∗ --------------------------------------------- Introduction FireEye consultants frequently utilize Windows registry data when performing forensic analysis of computer networks as part of incident response and compromise assessment missions. This can be useful to discover malicious activity and to determine what data may have been stolen from a network. Many different types of data are present in the registry that can provide evidence of program execution, application settings, malware persistence, and other valuable artifacts. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-win… ∗∗∗ Software auf vielen Routern nutzt etablierte Sicherheitsmechanismen nicht ∗∗∗ --------------------------------------------- Sicherheitsforscher von Cyber-ITL haben sich die Software auf 28 Router mit ARM- und MIPS-Architektur für den Heimgebrauch angeschaut und herausgefunden, dass viele Modelle ihr Sicherheitspotenzial nicht ausschöpfen: Viele Firmware-Versionen setzen in der Linux-Basis eigentlich vorhandene Sicherheitsmechanismen wie Address Space Layout Randomization (ASLR) und Data Execution Prevention (DEP) nicht ein. --------------------------------------------- http://heise.de/-4268046 ∗∗∗ Bitcoin-Erpressung mit Masturbationsvideo ∗∗∗ --------------------------------------------- Internet-User/innen finden E-Mails mit dem Betreff „Hohe Gefahr. Konto wurde angegriffen.“ in ihrem Posteingang. Die Versandadresse entspricht fälschlicherweise der Empfangsadresse. Eine angebliche Hacker/in droht damit, ein Selbstbefriedigungs-Video der Empfänger/in zu veröffentlichen. Der geforderte Bitcoin-Betrag darf nicht bezahlt werden, denn das Video existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressung-mit-masturbations… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB19-01), Adobe Connect (APSB19-05) and Adobe Digital Editions (APSB19-04). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1685 ∗∗∗ Google Android: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen. Als Folge kann der Angreifer die Kontrolle über das Gerät übernehmen, Daten ausspionieren, das Gerät zum Absturz bringen oder unbrauchbar machen. Zur erfolgreichen Ausnutzung der Schwachstellen genügt es, eine manipulierte App zu öffnen oder einen Link anzutippen, der zu einer bösartigen Software führt. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/01/warn… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libav), Fedora (krb5), Red Hat (source-to-image), and SUSE (gpg2, libgit2, and libsoup). --------------------------------------------- https://lwn.net/Articles/776215/ ∗∗∗ SAP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in verschiedenen SAP Produkten ausnutzen, um dadurch die Vertraulichkeit, Verfügbarkeit und die Integrität der Anwendung zu gefährden. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0012 ∗∗∗ VU#317277: Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/317277 ∗∗∗ Vulnerability in Java Deserialization Affecting Cisco Products ∗∗∗ --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ SIP User Directory Information Disclosure ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5741 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities affect IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ SSA-180635 (Last Update: 2019-01-08): Denial-of-Service Vulnerabilities in S7-1500 CPU ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf ∗∗∗ SSA-293562 (Last Update: 2019-01-08): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf ∗∗∗ SSA-306710 (Last Update: 2019-01-08): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf ∗∗∗ SSA-559174 (Last Update: 2019-01-08): Multiple Vulnerabilities in CP1604 and CP1616 devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf ∗∗∗ SSA-579309 (Last Update: 2019-01-08): Denial-of-Service in SICAM A8000 Series ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf ∗∗∗ SSA-325546 (Last Update: 2019-01-08): Denial-of-Service Vulnerabilities in EN100 Ethernet Communication Module of SWT3000 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf ∗∗∗ Java SE vulnerability CVE-2018-3136 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16940442 ∗∗∗ Java SE vulnerability CVE-2018-3139 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65481741 ∗∗∗ GnuTLS vulnerability CVE-2018-16868 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18955141 ∗∗∗ Nettle vulnerability CVE-2018-16869 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45616155 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.01.2019
by Daily end-of-shift report 07 Jan '19

07 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-01-2019 18:00 − Montag 07-01-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Betrügerische Mails versprechen Millionen ∗∗∗ --------------------------------------------- Immer wieder erhalten Internetnutzer/innen E-Mails, die schnelles Geld in Form von Erbschaften, Spenden und Geschenken in Millionenhöhe versprechen. Im konkreten Fall hat der Absender angeblich 533 Millionen US-Dollar gewonnen und möchte zwei Millionen davon an die Empfänger/in spenden. Damit die Konsument/innen das Geld erhalten, sollen sie Vorauszahlungen leisten. Wer dies tut, verliert Geld und persönliche Daten an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-mails-versprechen-mil… ∗∗∗ Warnung vor monaco-modding.com ∗∗∗ --------------------------------------------- Der Anbieter monaco-modding.com bezeichnet sich als Deutschland schnellsten Moddingservice. Er bietet Kund/innen Unlock Alls für GTA 5, Skins für Fortnite, Eingabekeys für Black Ops 4 oder Red Dead Redemption 2 sowie günstige Netflix- und Spotify-Accounts an. Von einer Bestellung auf monaco-modding.com ist dringend abzuraten, denn der Anbieter liefert keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-monaco-moddingcom/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Mit Skype Android-PIN umgehen ∗∗∗ --------------------------------------------- Mit einem einfachen Skype-Anruf lassen sich trotz PIN-Sperre Fotos, Kontakte und mehr auf einem Android-Smartphone einsehen. Ein Update wurde veröffentlicht, steht aber noch nicht für alle Geräte zur Verfügung. (Android, Skype) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-mit-skype-android-pin-umgehen-1… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (keepalived), Debian (python-django), Fedora (tcpreplay), Mageia (apache-commons-compress, aubio, dcraw, freerdp, imagemagick, ldb, talloc, samba, libao, libextractor, libgxps, libpgf, openjpeg2, pdns, pdns-recursor, php-phpmailer, plexus-archiver, units, wget, and xmlrpc), Oracle (keepalived and kernel), and SUSE (polkit and xen). --------------------------------------------- https://lwn.net/Articles/776162/ ∗∗∗ IBM Security Bulletin: API Connect is affected by a vulnerability in the role-based access control (CVE-2018-1932) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-affect… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpComponents HttpClient ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache Apache Commons BeanUtils (CVE-2014-0114) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Dojo Toolkit (CVE-2018-15494) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2018-1918) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ Java SE vulnerabilities CVE-2018-3149, CVE-2018-3169, and CVE-2018-3209 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K50394032 ∗∗∗ Java SE vulnerability CVE-2018-3180 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30503705 ∗∗∗ Java SE vulnerability CVE-2018-3214 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K86075480 ∗∗∗ TLS in Mozilla NSS vulnerability CVE-2018-12404 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10281096 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.01.2019
by Daily end-of-shift report 04 Jan '19

04 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-01-2019 18:00 − Freitag 04-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Open redirects - the vulnerability class no one but attackers cares about ∗∗∗ --------------------------------------------- Open redirects is an underrated bug class that is often considered a non-vulnerability. In certain cases it could lead to Windows credential stealing, javascript execution and in the best case it can only be used in phishing attacks, malicious redirecting and damaging the brand off the vulnerable company. --------------------------------------------- https://stevetabernacle.github.io/blog/open-redirects-the-vulnerability-cla… ∗∗∗ OWASP Top 10 Security Risks – Part IV ∗∗∗ --------------------------------------------- To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. --------------------------------------------- https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-iv.html ∗∗∗ Phishing template uses fake fonts to decode content and evade detection ∗∗∗ --------------------------------------------- Proofpoint researchers recently observed a phishing kit with peculiar encoding utilized in a credential harvesting scheme impersonating a major retail bank. While encoded source code and various obfuscation mechanisms have been well documented in phishing kits, this technique appears to be unique for the time being in its use of web fonts to implement the encoding. --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fa… ∗∗∗ Sicherheitsupdates: Zwei kritische Lücken in Adobe Acrobat und Reader ∗∗∗ --------------------------------------------- Adobe patcht seine PDF-Anwendungen außer der Reihe. Über ein Schlupfloch könnten Angreifer Schadcode ausführen. --------------------------------------------- http://heise.de/-4265230 ===================== = Vulnerabilities = ===================== ∗∗∗ Schneider Electric Pro-face GP-Pro EX ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper input validation vulnerability in Schneider Electrics Pro-face GP-Pro EX, an HMI screen editor and logic programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01 ∗∗∗ Yokogawa Vnet/IP Open Communication Driver ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a resource management error vulnerability in Yokogawas Vnet/IP open communication driver. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-02 ∗∗∗ Hetronic Nova-M ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an authentication bypass by capture-relay vulnerability in Hetronics Nova-M remote control transmitters and receivers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (wget), Oracle (kernel), Red Hat (keepalived), Scientific Linux (keepalived), and SUSE (GraphicsMagick and mailman). --------------------------------------------- https://lwn.net/Articles/776019/ ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0007 ∗∗∗ Foxit Reader und Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0006 ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where the use of Local Read Only Cache (LROC) may result in directory corruption and undetected data corruption in regular files. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-has-b… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale (CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. IBM Rational Service Tester is affected by this vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-eclipse-jetty-is-vuln… ∗∗∗ IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. IBM Rational Performance Tester is affected by this vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-eclipse-jetty-is-vuln… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-1677) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by glibc vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by weak cryptographic algorithms (CVE-2018-1665) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a man in the middle vulnerability (CVE-2018-1663) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a XML External Entity Injection (XXE) vulnerability (CVE-2018-1669) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.01.2019
by Daily end-of-shift report 03 Jan '19

03 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-01-2019 18:00 − Donnerstag 03-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ NRSMiner updates to newer version ∗∗∗ --------------------------------------------- More than a year after the world first saw the Eternal Blue exploit in action during the May 2017 WannaCry outbreak, we are still seeing unpatched machines in Asia being infected by malware that uses the exploit to spread. Starting in mid-November 2018, our telemetry reports indicate that the newest version of the NRSMiner cryptominer, [...] --------------------------------------------- https://labsblog.f-secure.com/2019/01/03/nrsminer-updates-to-newer-version/ ∗∗∗ Malicious Script Leaking Data via FTP ∗∗∗ --------------------------------------------- The last day of 2018, I found an interesting Windows cmd script which was uploaded from India (SHA256: dff5fe50aae9268ae43b76729e7bb966ff4ab2be1bd940515cbfc0f0ac6b65ef) with a very low VT score. The script is not obfuscated and contains a long list of commands based on standard Windows tools. --------------------------------------------- https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/244… ∗∗∗ Vulnerability Spotlight: Multiple privilege escalation vulnerabilities in CleanMyMac X ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing several vulnerabilities in MacPaws CleanMyMac X software. CleanMyMac X is a cleanup application for Mac operating systems that allows users to free up extra space on their machines by scanning for unused or unnecessary files and deleting them. In all of these bugs, an attacker with local access to the victim machine could modify the file system as root. --------------------------------------------- https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-CleanMyM… ∗∗∗ CastHack: Zehntausende Chromecast-Adapter spielten plötzlich Youtube-Video ab ∗∗∗ --------------------------------------------- Gutmütige Hacker zeigen, dass Googles Chromecast oft über das Internet erreichbar ist. Das ist ein generelles Problem und durchaus gefährlich. --------------------------------------------- http://heise.de/-4263887 ∗∗∗ Unterkunft nicht auf bookingsallgala.com buchen! ∗∗∗ --------------------------------------------- Auf bookinsallgala.com finden Sie Unterkünfte und Hotels rund um die Welt. Eine Buchung sollten Sie hier aber auf keinen Fall abschließen, denn die Seite wird von Kriminellen betrieben! Während Geld von Ihrer Kreditkarte abgebucht wird, erreicht Ihre Reservierung nie das Hotel und Sie erhalten die bezahlte Leistung nicht. --------------------------------------------- https://www.watchlist-internet.at/news/unterkunft-nicht-auf-bookingsallgala… ∗∗∗ Betrugsgefahren beim Privateinkauf ∗∗∗ --------------------------------------------- Personen, die über Kleinanzeigen-Plattformen Produkte kaufen, können an Kriminelle geraten. Sie verlangen eine Bezahlung der Ware im Voraus oder einen Identitätsnachweis zu ihrer Sicherheit. Ihre Ware liefern sie jedoch nicht, weshalb Opfer ihr Geld und ihre Identität an Kriminelle verlieren. Die Watchlist Internet zeigt Ihnen bekannte Betrugsformen beim Privateinkauf, damit Sie sicher auf Kleinanzeigen-Plattformen einkaufen können. --------------------------------------------- https://www.watchlist-internet.at/news/betrugsgefahren-beim-privateinkauf/ ∗∗∗ Gefälschte Billa-Gewinn-SMS im Umlauf! ∗∗∗ --------------------------------------------- Erneut haben Betrüger/innen eine gefälschte Gewinn-SMS von Billa in Umlauf gebracht. Personen, die der Nachricht Glauben schenken, dem Link in der SMS folgen und die Umfrage beantworten, sollen zwei Euro per Kreditkarte zahlen, um ein iPhone XS mit 256 GB geschenkt zu bekommen. Wer das macht, tappt in eine Abo-Falle und erhält kein iPhone XS. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-billa-gewinn-sms-im-umla… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB19-02) ∗∗∗ --------------------------------------------- Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB19-02). The updates referenced in the bulletin address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1682 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jasper, libdatetime-timezone-perl, qtbase-opensource-src, thunderbird, and tzdata), Red Hat (rh-perl524-perl), and SUSE (libraw, polkit, and xen). --------------------------------------------- https://lwn.net/Articles/775937/ ∗∗∗ Microsoft Windows 10: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0005 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an OpenSource Apache Struts vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2018-1888. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-access-for-wind… ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is vulnerable to horizontal privilege escalation (CVE-2018-1859) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Apache PDFBox affects IBM Emptoris Contract Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-pdfbox-affects… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerabilities affect Rational Publishing Engine ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by multiple GSKit and OpenSSL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily