- Daily - CERT.at

Tageszusammenfassung - 23.07.2019
by Daily end-of-shift report 23 Jul '19

23 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 22-07-2019 18:00 − Dienstag 23-07-2019 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Verifying SSL/TLS configuration (part 1) ∗∗∗ --------------------------------------------- One of very important steps when performing penetration tests is to verify configuration of any SSL/TLS services. Specifically, the goal of this step is to check which protocols and ciphers are supported. This might sound easier than it is – so this will be a series of diaries where I will try to explain how to verify configuration but also how to assess risk. --------------------------------------------- https://isc.sans.edu/diary/rss/25162 ∗∗∗ QNAP und Synology warnen vor Malware-Angriffen auf schlecht gesicherte NAS ∗∗∗ --------------------------------------------- Netzwerkspeicher von QNAP und Synology sind derzeit verstärkt Attacken via Brute-Force und Exploits ausgesetzt. Die Hersteller geben Tipps zum Absichern. --------------------------------------------- https://heise.de/-4477214 ∗∗∗ Identitätsmissbrauch durch Umfrage auf selektur.net ∗∗∗ --------------------------------------------- Die Selektur GmbH gibt sich als Marktforschungsinstitut aus, bei dem Konsument/innen von Zuhause aus Produkte testen und einfach Geld verdienen können. Schon bei der Anmeldung sind Pass oder Personalausweis hochzuladen. Diese Unterlagen werden von den Kriminellen hinter selektur.net dazu genützt, ein Bankkonto zu eröffnen, welches später durch die nichtsahnenden Umfrageteilnehmer/innen freigeschaltet wird. --------------------------------------------- https://www.watchlist-internet.at/news/identitaetsmissbrauch-durch-umfrage-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Microsoft Windows OleCreateFontIndirectExt Out of Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. --------------------------------------------- http://www.securityfocus.com/bid/109335 ∗∗∗ COModo: From Sandbox to SYSTEM (CVE-2019–3969) ∗∗∗ --------------------------------------------- Antivirus (AV) is a great target for vulnerability hunting: Large attack surface, complex parsing, and various components executing with high privileges. So a couple of months ago, I decided looked at the latest Comodo Antivirus v12.0.0.6810. I ended up finding a few cool things, however one I thought was worth covering here, which is a sandbox escape as well as a privilege escalation to SYSTEM. --------------------------------------------- https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-… ∗∗∗ macOS 10.14.6 behebt Sicherheitslücken und macht Boot Camp wieder flott ∗∗∗ --------------------------------------------- macOS 10.14.6 behebt weiterhin diverse Sicherheitslücken, die unter anderem in der Web-Engine WebKit, in Bluetooth, in Core Data, im Disk Management, in Foundation und in Siri stecken. Teilweise sind sie auch aus der Ferne ausnutzbar gewesen. Zusätzlich wurde eine Lücke im Kommunikationsdienst FaceTime geschlossen, über die sogar Code von außen ausgeführt werden konnte. --------------------------------------------- https://heise.de/-4476767 ∗∗∗ Manuelles Update notwendig: Fortinet fixt kritische Lücke in mehreren Produkten ∗∗∗ --------------------------------------------- Mehrere Versionen von FortiOS, FortiManager und FortiAnalyzer akzeptieren aufgrund eines Bugs ungültige Zertifikate. Der Hersteller rät zum sofortigen Update. --------------------------------------------- https://heise.de/-4476610 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libsdl2-image and libxslt), Oracle (java-1.8.0-openjdk and java-11-openjdk), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (bzip2, microcode_ctl, and ucode-intel), and Ubuntu (clamav, evince, linux-hwe, linux-gcp, linux-snapdragon, and squid3). --------------------------------------------- https://lwn.net/Articles/794445/ ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities (CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3863) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ BIND vulnerability CVE-2019-6471 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10092301 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.07.2019
by Daily end-of-shift report 22 Jul '19

22 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 19-07-2019 18:00 − Montag 22-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Palo Alto stümpert bei kritischer Sicherheitslücke im VPN GlobalProtect ∗∗∗ --------------------------------------------- Ein Jahr nach dem Schließen einer Sicherheitslücke informiert Palo Alto seine Kunden über die Gefahr. In der Zwischenzeit hackten Forscher damit mal eben Uber. --------------------------------------------- https://heise.de/-4476441 ===================== = Vulnerabilities = ===================== ∗∗∗ Selfblow: Secure Boot in allen Tegra X1 umgehbar ∗∗∗ --------------------------------------------- Ein Fehler im Bootloader der Tegra X1 von Nvidia ermöglicht das komplette Umgehen der Verifikation des Systemboots. Das betrifft wohl alle Geräte außer der Switch. Nvidia stellt ein Update bereit. (Tegra, Nvidia) --------------------------------------------- https://www.golem.de/news/selfblow-secure-boot-in-allen-tegra-x1-umgehbar-1… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9, exiv2, kernel, nss, openjdk-11, openjdk-8, patch, and squid3), Fedora (gvfs, libldb, and samba), Mageia (firefox, gvfs, libreswan, rdesktop, and thunderbird), openSUSE (bzip2, clementine, dbus-1, expat, fence-agents, firefox, glib2, kernel, kernel-firmware, ledger, libqb, libu2f-host, pam_u2f, libvirt, neovim, php7, postgresql10, python-requests, python-Twisted, ruby-bundled-gems-rpmhelper, ruby2.5, samba, webkit2gtk3, zeromq, and znc), Red --------------------------------------------- https://lwn.net/Articles/794363/ ∗∗∗ BlackBerry Cylance Downplays, Patches Antivirus Bypass ∗∗∗ --------------------------------------------- BlackBerry Cylance has prepared an update for its CylancePROTECT product to address a recently disclosed bypass method, but the company has downplayed the impact of the issue. read more --------------------------------------------- https://www.securityweek.com/blackberry-cylance-downplays-patches-antivirus… ∗∗∗ Pro-FTPd: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Pro-FTPd ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0642 ∗∗∗ Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der Foxit Phantom PDF Suite ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0641 ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Kubernetes (CVE-2019-11246) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (CVE-2019-2602) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-0732, CVE-2018-0739, CVE-2017-3735) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2019 – Includes Oracle Apr 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technolo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.07.2019
by Daily end-of-shift report 19 Jul '19

19 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 18-07-2019 18:00 − Freitag 19-07-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Elusive MegaCortex Ransomware Found - Here is What We Know ∗∗∗ --------------------------------------------- A sample of the ransomware called MegaCortex that is known to target the enterprise in targeted attacks has been found and analyzed. In this article, we will provide a brief look at the MegaCortex Ransomware and how it encrypts a computer. --------------------------------------------- https://www.bleepingcomputer.com/news/security/elusive-megacortex-ransomwar… ∗∗∗ The Strange Case of the Malicious Favicon ∗∗∗ --------------------------------------------- During the past year, our Remediation department has seen a large increase in the number of fully spammed sites. The common factors are strangely named and unusually located favicon.ico files, along with the creation of “bak.bak” index files peppered around the website. In the majority of the cases, the pattern is similar regardless of the size of the website or the CMS being used. We have found WordPress, Magento, Joomla, and even HTML-only sites impacted by this campaign. --------------------------------------------- https://blog.sucuri.net/2019/07/the-strange-case-of-the-malicious-favicon.h… ∗∗∗ [webapps] fuelCMS 1.4.1 - Remote Code Execution ∗∗∗ --------------------------------------------- fuelCMS 1.4.1 - Remote Code Execution --------------------------------------------- https://www.exploit-db.com/exploits/47138 ===================== = Vulnerabilities = ===================== ∗∗∗ Johnson Controls exacqVision Server ∗∗∗ --------------------------------------------- This advisory includes mitigations for an unquoted search path or element vulnerability reported in the Johnson Controls exacqVision Server. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-199-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bzip2), Fedora (freetds, kernel, kernel-headers, and knot-resolver), openSUSE (bubblewrap, fence-agents, kernel, libqb, libu2f-host, pam_u2f, and tomcat), Oracle (vim), SUSE (kernel, LibreOffice, libxml2, and tomcat), and Ubuntu (libmspack and squid, squid3). --------------------------------------------- https://lwn.net/Articles/794190/ ∗∗∗ IBM Security Bulletin: Buffer overflow vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4267) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-buffer-overflow-vulne… ∗∗∗ IBM Security Bulletin: ACLs not backed up on VxFS-HP-UX filesystems by IBM Spectrum Protect Backup-Archive Client (CVE-2019-4236) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-acls-not-backed-up-on… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMWare (CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Backup-Archive Client on Windows, Linux, and Macintosh (CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: Vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-node… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Integration Bus , IBM App Connect and WebSphere Message Broker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-1902, CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-and-denial-o… ∗∗∗ IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Client web user interface and IBM Spectrum Protect for Virtual Environments (CVE-2018-1902, CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-and-denial-o… ∗∗∗ IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by an Apache Zookeeper vulnerability (CVE-2019-0201) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-netcool-agile-ser… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Jetty affect Netcool Agile Service Manager (CVE-2019-10247, CVE-2019-10246) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Expat XML parser vulnerability CVE-2018-20843 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K51011533 ∗∗∗ VLC: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0634 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.07.2019
by Daily end-of-shift report 18 Jul '19

18 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 17-07-2019 18:00 − Donnerstag 18-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Netz- und Informationssystemsicherheitsverordnung – NISV ∗∗∗ --------------------------------------------- Am 17.07.2019 wurde die Netz- und Informationssystemsicherheitsverordnung - NISV veröffentlicht. Diese ergänzt das Bundesgesetz zur Gewährleistung eines hohen Sicherheitsniveaus von Netz- und Informationssystemen (Netz- und Informationssystemsicherheitsgesetz - NISG) und bietet die Grundlage für die Identifizierung der Betreiber wesentlicher Dienste. --------------------------------------------- https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2019_II_215/BGBLA_2019_I… ∗∗∗ WeAct: Datenleck bei Petitionsplattform von Campact ∗∗∗ --------------------------------------------- Ein Fehler auf der Petitionsplattform WeAct von Campact ermöglichte den Zugriff auf die Daten der Unterstützer. Rund 1,8 Millionen Unterzeichner sind betroffen. Die Nichtregierungsorganisation hat die Hintergründe des Fehlers veröffentlicht. (Datenleck, Datenschutz) --------------------------------------------- https://www.golem.de/news/weact-datenleck-bei-petitionsplattform-von-campac… ∗∗∗ Unseriöse Shops: Versprechen Wunderdinge – liefern minderwertige Ware! ∗∗∗ --------------------------------------------- Konsument/innen stoßen beim Surfen im Internet immer wieder auf Werbung zu Produkten, die wahre Wunderdinge versprechen. Während manche Gegenstände halten, was sie versprechen, wird in anderen Fällen billigste Ware durch aggressive Werbung an die Frau und den Mann gebracht. Ähnliches gilt für Websites wie wifiboost.pro, airfreez.pro, coolblade.pro oder cleanaqua.pro, die darüber hinaus zahlreiche gesetzliche Vorgaben beim Verkauf missachten. --------------------------------------------- https://www.watchlist-internet.at/news/unserioese-shops-versprechen-wunderd… ∗∗∗ Zoom RCE only hit those who uninstalled it: Assetnote ∗∗∗ --------------------------------------------- Local webserver searched for domain suffixes that left it open to exploitation. --------------------------------------------- https://www.zdnet.com/article/zoom-rce-only-hit-those-who-uninstalled-it-as… ===================== = Vulnerabilities = ===================== ∗∗∗ Wireshark: ASN.1 BER and related dissectors crash ∗∗∗ --------------------------------------------- It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. --------------------------------------------- https://www.wireshark.org/security/wnpa-sec-2019-20.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, firefox, and squid), CentOS (thunderbird and vim), Debian (libonig), SUSE (firefox, glibc, kernel, libxslt, and tomcat), and Ubuntu (libreoffice and thunderbird). --------------------------------------------- https://lwn.net/Articles/794104/ ∗∗∗ Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Industrial Network Director Web Services Management Agent Unauthorized Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Series Switches Open Redirect Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Blind SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FindIT Network Management Software Static Credentials Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Improper Authentication Vulnerability on PC Manager ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190718-… ∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities CVE-2019-10072 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-websphere-cast-ir… ∗∗∗ IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager IP Edition (CVE-2018-1890, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-mul… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: An IBM QRadar SIEM protocol is vulnerable to Incorrect Permission Assignment (CVE-2018-2024) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-ibm-qradar-siem-pr… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-asset-analyzer-raa-is… ∗∗∗ IBM Security Bulletin: IBM Watson Studio – Local allows mounting glusterFS without security check ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-watson-studio-loc… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer (CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017-14503) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.07.2019
by Daily end-of-shift report 17 Jul '19

17 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 16-07-2019 18:00 − Mittwoch 17-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Newly identified StrongPity operations ∗∗∗ --------------------------------------------- Alien Labs has identified an unreported and ongoing malware campaign, which we attribute with high confidence to the adversary publicly reported as “StrongPity”. Based on compilation times, infrastructure, and public distribution of samples - we assess the campaign operated from the second half of 2018 into today (July 2019). This post details new malware and new infrastructure which is used to control compromised machines. --------------------------------------------- https://www.alienvault.com/blogs/labs-research/newly-identified-strongpity-… ∗∗∗ American Express Customers Targeted by Novel Phishing Attack ∗∗∗ --------------------------------------------- The phishing campaign targeted both corporate and consumer cardholders with phishing emails full of grammatical errors but with a small but deadly twist: instead of using the regular hyperlink to the landing page trick, this one used a base HTML element to hide the malicious URL from antispam solutions. This allows the attackers to specify the base URL that should be used for all relative URLs within the phishing message, effectively splitting up the phishing landing page in two separate pieces. --------------------------------------------- https://www.bleepingcomputer.com/news/security/american-express-customers-t… ∗∗∗ Analyzis of DNS TXT Records, (Wed, Jul 17th) ∗∗∗ --------------------------------------------- At the Internet Storm Center, we already mentioned so many times that the domain name system is a goldmine for threat hunting or OSINT. A particular type of DNS record is the TXT record (or text record). It's is a type of resource record used to provide the ability to associate free text with a host or other name. ... I extracted a long list of domain names from different DNS servers logs and malicious domains lists. Then I queried TXT records for each of them. Results have been loaded into a Splunk instance to search for some juicy stuff. What did I find? --------------------------------------------- https://isc.sans.edu/diary/rss/25142 ∗∗∗ EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users ∗∗∗ --------------------------------------------- researchers at security firm Intezer Labs recently discovered a new Linux backdoor implant that appears to be under development and testing phase but already includes several malicious modules to spy on Linux desktop users. ... EvilGnome malware masquerades itself as a legit GNOME extension, a program that lets Linux users extend the functionality of their desktops. --------------------------------------------- https://thehackernews.com/2019/07/linux-gnome-spyware.html ∗∗∗ Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks ∗∗∗ --------------------------------------------- In our analysis, we observed that a user account with less privilege can gain administrator rights over the automation server if jobs are built on the master machine (i.e., the main Jenkins server), a setup enabled by default. An exploit for this can be easily written using shell spawn — a default build step. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PObGTrIqU0M/ ∗∗∗ Fehler in PowerShell Core: Angreifer könnten Windows Defender austricksen ∗∗∗ --------------------------------------------- Microsoft hat einen als "wichtig" eingestuften Sicherheitspatch für PowerShell Core veröffentlicht. Ein Angriff gelingt aber nicht ohne Weiteres. --------------------------------------------- https://heise.de/-4473123 ===================== = Vulnerabilities = ===================== ∗∗∗ Oracle Critical Patch Update Advisory - July 2019 ∗∗∗ --------------------------------------------- This Critical Patch Update contains 319 new security fixes --------------------------------------------- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libreoffice), Red Hat (thunderbird), SUSE (ardana and crowbar, firefox, libgcrypt, and xrdp), and Ubuntu (nss, squid3, and wavpack). --------------------------------------------- https://lwn.net/Articles/793966/ ∗∗∗ LibreOffice: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in LibreOffice ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0611 ∗∗∗ Security Advisory - Information Disclosure Vulnerability on Secure Input ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190717-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Apache ZooKeeper vulnerability CVE-2019-0201 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by kubectl vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Go vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9 and IBM BigFix Inventory v9. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ru… ∗∗∗ IBM Security Bulletin: Vulnerability in systemd affects Power Hardware Management Console (CVE-2019-6454) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-syst… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by WebSphere Liberty Profile vulnerability CVE-2019-4046 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2018-20685 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-rackswitch-firmwa… ∗∗∗ IBM Security Bulletin: IBM Flex System switch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-switc… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.07.2019
by Daily end-of-shift report 16 Jul '19

16 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 15-07-2019 18:00 − Dienstag 16-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Topinambour & Windows event logs ∗∗∗ --------------------------------------------- TL;DR: * Block outgoing SMB traffic if you can * Hunt or Monitor for event ID 106 in "Microsoft-Windows-TaskScheduler%4Operational.evtx" * Think about enabling "Audit Process creation" in "Security.evtx" and command line logging * Hunt or monitor for event ID 4688 in "Security.evtx" --------------------------------------------- http://www.cert.at/services/blog/20190716140317-2501_en.html ∗∗∗ VU#129209: LLVMs Arm stack protection feature can be rendered ineffective ∗∗∗ --------------------------------------------- When the stack protection feature is rendered ineffective, it leaves the function vulnerable to stack-based buffer overflows. It is possible that the return address could be overwritten due to a local buffer overflow and is not caught when the cookie is checked at the end. It is also possible that the cookie itself could be overwritten since it resides on the stack, causing an unintended value to pass the check. --------------------------------------------- https://kb.cert.org/vuls/id/129209 ∗∗∗ Analysis: Server-side polymorphism & PowerShell backdoors ∗∗∗ --------------------------------------------- Malware actors very rarely stick to the same script for extended periods of time. They constantly modify and update their attack methods. Recently we have observed malware that uses server-side polymorphism to hide its payload, which consists of a backdoor fully written in PowerShell. --------------------------------------------- https://www.gdatasoftware.com/blog/2019/07/35061-server-side-polymorphism-p… ∗∗∗ FBI Releases Master Decryption Keys for GandCrab Ransomware ∗∗∗ --------------------------------------------- In an FBI Flash Alert, the FBI has released the master decryption keys for the Gandcrab Ransomware versions 4, 5, 5.0.4, 5.1, and 5.2. Using these keys, any individual or organization can create and release their very own GandCrab decryptor. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fbi-releases-master-decrypti… ∗∗∗ iOS 13: Bug in Beta gibt Passwörter frei ∗∗∗ --------------------------------------------- Wer eine Vorabversion von iOS oder iPadOS einsetzt, sollte vorsichtig mit den Geräten umgehen. Ein Fehler erlaubt Angreifern, Zugangsdaten einzusehen. --------------------------------------------- https://heise.de/-4471743 ∗∗∗ Is ‘REvil’ the New GandCrab Ransomware? ∗∗∗ --------------------------------------------- The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as "REvil," "Sodin," and "Sodinokibi." --------------------------------------------- https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/ ∗∗∗ Extenbro DNS-Changer Used in Adware Campaign ∗∗∗ --------------------------------------------- A recently observed DNS-changer Trojan is being used in an adware campaign to prevent users from accessing security-related websites, Malwarebytes reveals. --------------------------------------------- https://www.securityweek.com/extenbro-dns-changer-used-adware-campaign ∗∗∗ Betrügerische Amazon Marketplace-Shops stehlen Geld! ∗∗∗ --------------------------------------------- Verbraucher/innen können beim Online-Shopping über Amazon auch bei Drittanbieter/innen Bestellungen tätigen. Uns erreichen zahlreiche Meldungen von Personen, die von betrügerischen Marketplace-Shops zu Überweisungen auf externe Konten aufgefordert wurden. Das Geld darf nicht bezahlt werden! Es handelt sich um Betrug und Überweisungen sind verloren. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-amazon-marketplace-sh… ∗∗∗ Finger weg von notebooksbilliger-angebot.net ∗∗∗ --------------------------------------------- Im Online-Shop notebooksbilliger-angebot.net finden Sie vor allem günstige Laptops, Tablets und Smartphones. Echte Schnäppchen werden Sie dort jedoch keine ergattern, denn es handelt sich um einen Fake-Shop. Ihre Bestellung wird trotz Bezahlung nie geliefert. Wir raten, unbekannte Shops immer genauer unter die Lupe zu nehmen! --------------------------------------------- https://www.watchlist-internet.at/news/finger-weg-von-notebooksbilliger-ang… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Symantec Norton Password Manager CVE-2019-9700 IP Address Spoofing Vulnerability ∗∗∗ --------------------------------------------- An attacker can exploit this issue to spoof an IP address which may lead to a false sense of trust, allowing the attacker to perform malicious activities. Other attacks may also be possible. Versions prior to Symantec Norton Password Manager 6.3.0.2082 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108676 ∗∗∗ Patch now before you get your NAS kicked: Iomega storage boxes leave millions of files open to the internet ∗∗∗ --------------------------------------------- API blunder exposes data, fix incoming from Lenovo Lenovo is emitting an emergency firmware patch for Iomega NAS devices after the network-attached storage boxes were discovered inadvertently offering millions of files to the internet via an insecure software interface. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/16/iomega_nas_… ∗∗∗ Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu ∗∗∗ --------------------------------------------- The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software. --------------------------------------------- https://thehackernews.com/2019/07/zoom-ringcentral-vulnerabilities.html ∗∗∗ Moodle CVE-2019-10187 Security Bypass Vulnerability ∗∗∗ --------------------------------------------- Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Moodle 3.7, 3.6 through 3.6.4, 3.5 through 3.5.6 and prior unsupported versions are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/109174/discuss ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (expat and radare2), Oracle (thunderbird), Red Hat (389-ds-base, keepalived, libssh2, perl, and vim), Scientific Linux (thunderbird), SUSE (bzip2, kernel, podofo, systemd, webkit2gtk3, and xrdp), and Ubuntu (bash, nss, redis, squid, squid3, and Zipios). --------------------------------------------- https://lwn.net/Articles/793852/ ∗∗∗ Cisco Content Security Management Appliance Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to TianoCore EDK II BIOS Vulnerability (CVE-2018-12182) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-released-unif… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to File Path Traversal (CVE-2019-4430) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerability CVE-2019-12086 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Event Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Business Developer. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Netcool Configuration Manager (CVE-2018-1890, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-mozilla-fire… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ Linux kernel vulnerability CVE-2019-11599 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K51674118 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.07.2019
by Daily end-of-shift report 15 Jul '19

15 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 12-07-2019 18:00 − Montag 15-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Turla renews its arsenal with Topinambour ∗∗∗ --------------------------------------------- 2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but they’re creating new tools. Here we’ll tell you about several of them, namely “Topinambour” and its related modules. --------------------------------------------- https://securelist.com/turla-renews-its-arsenal-with-topinambour/91687/ ∗∗∗ Brilliant Boston boffins blow big borehole in Bluetooths ballyhooed barricades: MAC addy randomization broken ∗∗∗ --------------------------------------------- Scrambling addresses cant always hide you from stalkers, say eggheads A team of US academics have proposed a simple method to defeat the Bluetooth LE standards anti-tracking measures.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/12/untraceable… ∗∗∗ ENISA: Annual report Trust Services Security Incidents 2018 ∗∗∗ --------------------------------------------- The document gives an aggregated overview of security breaches with significant impact reported in 2018 by EU national supervisory bodies. It shows root causes, statistics and trends, and marks the third round of security incident reporting for the EU’s trust services sector. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/annual-report-trust-services-se… ∗∗∗ Hackers Can Manipulate Media Files Transferred via WhatsApp, Telegram ∗∗∗ --------------------------------------------- Researchers at Symantec have detailed an attack method, dubbed “Media File Jacking,” that allows a malicious Android application with “write-to-external storage” permissions to quickly modify files sent or received via WhatsApp and Telegram between the time they are written to the disk and the moment they are loaded in the app’s user interface. --------------------------------------------- https://www.securityweek.com/hackers-can-manipulate-media-files-transferred… ∗∗∗ NCSC-UK: Ongoing DNS hijacking and mitigation advice ∗∗∗ --------------------------------------------- This NCSC advisory highlights further hijacking activity of Domain Name Systems, and provides mitigation advice. --------------------------------------------- https://www.ncsc.gov.uk/news/ongoing-dns-hijacking-and-mitigation-advice ===================== = Vulnerabilities = ===================== ∗∗∗ VideoLAN VLC CVE-2019-13602 Heap Based Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. --------------------------------------------- https://www.securityfocus.com/bid/109158/discuss ∗∗∗ McAfee Agent CVE-2019-3592 Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- An attacker can exploit this issue to gain elevated privileges. McAfee Agent 5.x versions prior to 5.6.1 HF3 are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/109148/discuss ∗∗∗ Xiaomi Mi6 Browser CVE-2019-13322 Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the user. Failed exploits will result in denial-of-service conditions. Xiaomi Browser version prior to 10.4.0 are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/109138/discuss ∗∗∗ Critical Vulnerability Patched in Ad Inserter Plugin ∗∗∗ --------------------------------------------- On Friday, July 12th, our Threat Intelligence team discovered a vulnerability present in Ad Inserter, a WordPress plugin installed on over 200,000 websites. The weakness allowed authenticated users (Subscribers and above) to execute arbitrary PHP code on websites using the plugin. We privately disclosed the issue to the plugin’s developer, who released a patch the very next day. --------------------------------------------- https://www.wordfence.com/blog/2019/07/critical-vulnerability-patched-in-ad… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (libspring-java, ruby-mini-magick, and thunderbird), Fedora (fossil, python-django, snapd-glib, and thunderbird), openSUSE (helm and monitoring-plugins), Red Hat (cyrus-imapd, thunderbird, and vim), Scientific Linux (vim), Slackware (bzip2), SUSE (bubblewrap, bzip2, expat, glib2, kernel, php7, python3, and tomcat), and Ubuntu (exiv2, firefox, and flightcrew). --------------------------------------------- https://lwn.net/Articles/793740/ ∗∗∗ Squid: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Squid ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0608 ∗∗∗ 2019-07-15: Authentication Bypass Vulnerability in CCLAS and Ellipse ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A6224&Lan… ∗∗∗ Security Advisory - Intel Microarchitectural Data Sampling (MDS) vulnerabilities ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190712-… ∗∗∗ IBM Security Bulletin: Apache Struts Vulnerability Affects IBM Campaign and IBM Contact Optimization (CVE-2017-7525) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-struts-vulnera… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects Cloud Foundry for IBM Cloud Private (CVE-2019-3789) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ Linux kernel vulnerability CVE-2018-20836 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11225249 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.07.2019
by Daily end-of-shift report 12 Jul '19

12 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 11-07-2019 18:00 − Freitag 12-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Burning down the house with IoT ∗∗∗ --------------------------------------------- For years we’ve been trying to set fire to ‘smart’ things by hacking them. We got some charring on the iKettle, but nothing more. Then we found some smart hair straighteners. --------------------------------------------- https://www.pentestpartners.com/security-blog/burning-down-the-house-with-i… ∗∗∗ Investigating Some Subscription Scam iOS Apps ∗∗∗ --------------------------------------------- For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. ... Aside from being classic subscription scam apps, I wanted to examine how they work internally and how they communicate with their servers and what type of information are they sending. --------------------------------------------- https://apple.slashdot.org/story/19/07/11/1953207/investigating-some-subscr… ∗∗∗ iOS URL Scheme Susceptible to Hijacking ∗∗∗ --------------------------------------------- For example, when a URL with facetime:// is opened, FaceTime places a call — this is the URL Scheme coming into play. It is a very convenient shortcut; but the URL Scheme is designed for communication, not security. Below, we discuss how abuse of the URL Scheme can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads, and more. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-… ∗∗∗ 16Shop Now Targets Amazon ∗∗∗ --------------------------------------------- Since early November 2018 McAfee Labs have observed a phishing kit, dubbed 16Shop, being used by malicious actors to target Apple account holders in the United States and Japan. Typically, the victims receive an email with a pdf file attached. An example of the message within the email is shown below, with an accompanying translation: [...] --------------------------------------------- https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/16shop-now-targ… ∗∗∗ FIRST Announces CVSS Version 3.1 ∗∗∗ --------------------------------------------- The Forum of Incident Response and Security Teams (FIRST) on Friday announced version 3.1 of the Common Vulnerability Scoring System (CVSS). CVSS is a widely adopted standard for rating the severity of software vulnerabilities, and it provides a framework for communicating the characteristics and impact of security flaws. --------------------------------------------- https://www.securityweek.com/first-announces-cvss-version-31 ===================== = Vulnerabilities = ===================== ∗∗∗ Philips Holter 2010 Plus ∗∗∗ --------------------------------------------- This advisory provides information about, and mitigations for, a vulnerability reported in the Philips Holter 2010 Plus. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsma-19-192-01 ∗∗∗ Delta Industrial Automation CNCSoft ScreenEditor ∗∗∗ --------------------------------------------- This advisory includes mitigations for heap-based buffer overflow and out-of-bounds read vulnerabilities reported in the Delta Electronics CNCSoft ScreenEditor. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-192-01 ∗∗∗ AVEVA Vijeo Citect and Citect SCADA Floating License Manager ∗∗∗ --------------------------------------------- This advisory provides information about, and mitigations for, several vulnerabilities reported in the AVEVA Vijeo Citect and Citect SCADA Floating License Manager applications. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-192-05 ∗∗∗ Schneider Electric Interactive Graphical SCADA System ∗∗∗ --------------------------------------------- This advisory includes mitigations for an out-of-bounds write vulnerability in the Schneider Electric Interactive Graphical SCADA System software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-192-06 ∗∗∗ Schneider Electric Floating License Manager ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation and memory corruption vulnerabilities in the Schneider Electric Floating License Manager software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-192-07 ∗∗∗ CVE-2019-11360: BufferOverflow in iptables-restore v1.8.2 ∗∗∗ --------------------------------------------- This blogpost is about a BufferOverflow vulnerability which I found by fuzzing iptables-restore using AFL in March, 2019. It was fixed by the netfilter team in April 2019 ... All in all, I believe that this vulnerability can only be used for academic/educational purposes and has no particular real-world impact. --------------------------------------------- https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (dbus), Debian (firefox-esr, python3.4, and redis), Mageia (ffmpeg), Oracle (firefox, libvirt, and qemu), Red Hat (firefox and virt:8.0.0), Scientific Linux (firefox), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/793563/ ∗∗∗ QNX-2019-001 Vulnerability in procfs service Impacts BlackBerry QNX Software Development Platform ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory 2019-10: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-10-security-update-for-ot… ∗∗∗ Security Advisory 2019-11: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-11-security-update-for-ot… ∗∗∗ Security Advisory 2019-12: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-12-security-update-for-ot… ∗∗∗ Vuln: Oracle July 2019 Critical Patch Update Multiple Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/109125 ∗∗∗ ZDI-19-660: (Pwn2Own) Xiaomi Mi6 Browser miui.share APK Download Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-660/ ∗∗∗ ZDI-19-659: Xiaomi Mi6 Captive Portal WebView Authorization Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-659/ ∗∗∗ IBM Security Bulletin: Publicly disclosed vulnerability in Java used by IBM FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vu… ∗∗∗ IBM Security Bulletin: Publicly disclosed vulnerability in Oracle Outside In Technology used by IBM FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vu… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Watson Assistant for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to a publicly disclosed vulnerability in Spring Framework (CVE-2018-15756) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerability Affects IBM Campaign, IBM Contact Optimization and IBM Marketing Operations (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-commons-fileup… ∗∗∗ Asterisk: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0606 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.07.2019
by Daily end-of-shift report 11 Jul '19

11 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 10-07-2019 18:00 − Donnerstag 11-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Magento Killer ∗∗∗ --------------------------------------------- A malicious PHP script, aptly given the name “Magento Killer” by its creator(s), has been found targeting Magento websites. While it doesn’t actually kill the Magento installation, it does allow the attacker to modify data in the core_config_data table of the targeted Magento database. --------------------------------------------- https://blog.sucuri.net/2019/07/magento-killer.html ∗∗∗ AMDs SEV tech that protects cloud VMs from rogue servers may as well stand for... Still Extremely Vulnerable ∗∗∗ --------------------------------------------- Evil hypervisors can work out what apps are running, extract data from encrypted guests Five boffins from four US universities have explored AMDs Secure Encrypted Virtualization (SEV) technology – and found its defenses can be, in certain circumstances, bypassed with a bit of effort.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/10/amd_secure_… ∗∗∗ Wondering how to whack Zooms dodgy hidden web server on your Mac? No worries, Apples done it for you ∗∗∗ --------------------------------------------- iGiant acts to protect users Apple has pushed a silent update to Macs, disabling the hidden web server installed by the popular Zoom web-conferencing software.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/11/apple_remov… ∗∗∗ Awesome-Cellular-Hacking ∗∗∗ --------------------------------------------- Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the communitys knowledge. Thank you, I plan on frequently updating this "Awesome Cellular Hacking" curated list with the most up to date exploits, blogs, research, and papers. --------------------------------------------- https://github.com/W00t3k/Awesome-Cellular-Hacking ∗∗∗ Your Pa$$word doesnt matter ∗∗∗ --------------------------------------------- Every week I have at least one conversation with a security decision maker explaining why a lot of the hyperbole about passwords – “never use a password that has ever been seen in a breach,” “use really long passwords”, “passphrases-will-save-us”, and so on – is inconsistent with our research and with the reality our team sees as we defend against 100s of millions of password-based attacks every day. Focusing on password rules, rather than things that can really help – like multi-factor authentication (MFA), or great threat detection – is just a distraction. --------------------------------------------- https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your… ∗∗∗ Wenn Shoppen per Smartphone zur Falle wird ∗∗∗ --------------------------------------------- Online-Shoppen wird immer beliebter. Bereits 60 % der Österreicher/innen bestellen im Internet und klicken sich via Computer, Laptop oder Smartphone durch das Angebot. Speziell mobiles Einkaufen mit dem Smartphone hat jedoch neben den vielen Vorteilen einen großen Nachteil: betrügerische Shops sind am Handy schwieriger zu entlarven, als am Computer. --------------------------------------------- https://www.watchlist-internet.at/news/wenn-shoppen-per-smartphone-zur-fall… ===================== = Vulnerabilities = ===================== ∗∗∗ Jira Server and Data Center Update Patches Critical Vulnerability ∗∗∗ --------------------------------------------- Atlassian has patched a critical vulnerability affecting Jira Server and Data Center since version 4.4.0, launched in the summer of 2011. --------------------------------------------- https://www.bleepingcomputer.com/news/security/jira-server-and-data-center-… ∗∗∗ Custom Permissions - Critical - Access bypass - SA-CONTRIB-2019-055 ∗∗∗ --------------------------------------------- This module enables you to add and manage additional custom permissions through the administration UI.The module doesnt sufficiently check for the proper access permissions to this page. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-055 ∗∗∗ Nagios XI CVE-2018-17147 Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- Nagios XI is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. --------------------------------------------- https://www.securityfocus.com/bid/109116/discuss ∗∗∗ Exiv2 CVE-2019-13504 Remote Denial of Service Vulnerability ∗∗∗ --------------------------------------------- An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. --------------------------------------------- https://www.securityfocus.com/bid/109117/discuss ∗∗∗ Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. ... Note: Only traffic directed to the affected system can be used to exploit this vulnerability. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Citrix SD-WAN Multiple Security Updates ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been identified in the management console of the Citrix SD-WAN Center and NetScaler SD-WAN Center. Multiple Vulnerabilities have also been identified on the Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. Collectively, these vulnerabilities could result in an unauthenticated attacker executing commands as root against the SD-WAN Center management console, or potentially be used to gain root privileges on the SD-WAN appliance. --------------------------------------------- https://support.citrix.com/article/CTX251987 ∗∗∗ FSC-2019-3: Unauthenticated Remote Code Execution in F-Secure Internet Gatekeeper ∗∗∗ --------------------------------------------- A vulnerability was discovered in the web user interface of the F-Secure Internet Gatekeeper product. An unauthenticated user can cause a heap overflow by issuing a malformed HTTP request to the web user interface. A successful attack can lead to remote code execution on the F-Secure Internet Gatekeeper server. --------------------------------------------- https://www.f-secure.com/en/web/labs_global/fsc-2019-3 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dosbox and openjpeg2), Oracle (dbus and kernel), Scientific Linux (dbus), Slackware (mozilla), and SUSE (fence-agents, libqb, postgresql10, and sqlite3). --------------------------------------------- https://lwn.net/Articles/793442/ ∗∗∗ IBM Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-bind… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting (XSS) (CVE-2019-4211) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM Jazz for Service Management is missing function level access control that could allow a user to delete authorized resources (CVE-2019-4194) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-jazz-for-service-… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to an Information exposure (CVE-2019-4054) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a publicly disclosed vulnerability in Apache Tika (CVE-2018-17197) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-incident-f… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to an Information Exposure (CVE-2018-2022) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-2021) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to OpenSSL vulnerability CVE-2018-5407 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-released-unif… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Campaign (CVE-2018-1921) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: IBM QRadar Incident Forensics is vulnerable to publicly disclosed vulnerabilities from Apache Tika (CVE-2018-11761, CVE-2018-11762, CVE-2018-8017, CVE-2018-11796) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-incident-f… ∗∗∗ Excess resource consumption due to low MSS values vulnerability CVE-2019-11479 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35421172 ∗∗∗ Juniper JUNOS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0597 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.07.2019
by Daily end-of-shift report 10 Jul '19

10 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 09-07-2019 18:00 − Mittwoch 10-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ eCh0raix — New Ransomware Targets QNAP NAS Devices ∗∗∗ --------------------------------------------- A new ransomware family has been found targeting Network Attached Storage (NAS) devices made by Taiwan-based QNAP Systems and holding users data hostage until a ransom is paid, researchers told The Hacker News. Ideal for home and small business, NAS devices are dedicated file storage units connected to a network or through the Internet ... --------------------------------------------- https://thehackernews.com/2019/07/ransomware-nas-devices.html ∗∗∗ New FinSpy iOS and Android implants revealed ITW ∗∗∗ --------------------------------------------- FinSpy is used to collect a variety of private user information on various platforms. Since 2011 Kaspersky has continuously monitored the development of this malware and the emergence of new versions in the wild. According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019. --------------------------------------------- https://securelist.com/new-finspy-ios-and-android-implants-revealed-itw/916… ∗∗∗ ENISA puts out EU ICT Industrial Policy paper for consultation ∗∗∗ --------------------------------------------- The EU Agency for Cybersecurity, ENISA, launches its consultation paper ‘EU ICT Industrial Policy: Breaking the Cycle of Failure’, a paper that aims to explore issues such as digital sovereignty and the supply chain of cybersecurity products in Europe, as well as to present an overview of the relationship between the global ICT market and the cybersecurity market. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-puts-out-eu-ict-industria… ∗∗∗ Error in DNSSEC implementation on F5 BIG-IP load balancers ∗∗∗ --------------------------------------------- The vendor (F5) was informed about the error in August 2018 and now it has released the recommended configuration to workaround the problem. As the operators of DNS resolvers are already encountering the bug in normal operation, we are publishing a detailed description of the error to inform the professional public and raise awareness of the problem. --------------------------------------------- https://en.blog.nic.cz/2019/07/10/error-in-dnssec-implementation-on-f5-big-… ∗∗∗ Verschlüsseln mit PGP: Das neue GnuPG und der langsame Tod des Web of Trust ∗∗∗ --------------------------------------------- Die neue Version von GnuPG soll die Auswirkungen des Signatur-Spams einschränken. Deshalb ignoriert es ab sofort alle Signaturen der importierten Schlüssel. --------------------------------------------- https://heise.de/-4467052 ∗∗∗ Angreifbare Logitech-Tastaturen: Antworten auf die dringendsten Fragen ∗∗∗ --------------------------------------------- Was muss man bei kabellosen Tastaturen und Mäusen von Logitech jetzt beachten? Wie gefährliche sind die Lücken? Unsere FAQ beantworten die häufigsten Fragen. --------------------------------------------- https://heise.de/-4466921 ∗∗∗ Discovering and fingerprinting BACnet devices ∗∗∗ --------------------------------------------- BACnet is a communication protocol deployed for building automation and control networks. The most widely accepted networks include Internet Protocol (BACnet/IP) and the Master-Slave Token-Passing network (BACnet MS/TP). Generally, routers are required to interconnect BACnet networks while gateways are preferred for connecting non-compliant devices to a primary BACnet network. It is anticipated that 64% of the building automation industry uses BACnet for effective operations. --------------------------------------------- https://www.helpnetsecurity.com/2019/07/10/bacnet-devices/ ∗∗∗ Windows zero-day CVE-2019-1132 exploited in targeted attacks ∗∗∗ --------------------------------------------- The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component. Once the exploit was discovered and analyzed, it was reported to the Microsoft Security Response Center, who promptly fixed the vulnerability and released a patch. --------------------------------------------- https://www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-ex… ∗∗∗ Bank Austria Phishing-Nachricht mit PDF-Anhang in Umlauf ∗∗∗ --------------------------------------------- Vorsicht vor einer betrügerischen E-Mail im Namen der Bank Austria. Kriminelle versenden eine Nachricht mit .pdf-Anhang, die zur Eingabe der Online-Banking-Daten auffordert, da Datenbankprobleme aufgetreten sein sollen. Anschließend sollen Betroffene einen SMS-Code erhalten. Achtung! Es handelt sich vermutlich um eine SMS-Tan für eine betrügerische Abbuchungen. --------------------------------------------- https://www.watchlist-internet.at/news/bank-austria-phishing-nachricht-mit-… ∗∗∗ Using Wireshark: Exporting Objects from a PCAP ∗∗∗ --------------------------------------------- When reviewing packet captures (pcaps) of suspicious activity, security professionals may need to export objects from the pcaps for a closer examination.This tutorial offers tips on how to export different types of objects from a pcap. The instructions assume you understand network traffic fundamentals. We will use these pcaps of network traffic to practice extracting objects using Wireshark. --------------------------------------------- https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-… ∗∗∗ New Android malware replaces legitimate apps with ad-infested doppelgangers ∗∗∗ --------------------------------------------- New "Agent Smith" malware operation is preparing to invade the Google Play Store. --------------------------------------------- https://www.zdnet.com/article/new-android-malware-replaces-legitimate-apps-… ===================== = Vulnerabilities = ===================== ∗∗∗ Medizin: Sicherheitslücken in Beatmungsgeräten ∗∗∗ --------------------------------------------- Über das Krankenhausnetzwerk lassen sich Befehle an Anästhesie- und Beatmungsgeräte des Herstellers GE senden. Eine Sicherheitslücke ermöglicht unter anderem, Dosierung und Typ des Narkosemittels zu ändern. --------------------------------------------- https://www.golem.de/news/medizin-sicherheitsluecken-in-beatmungsgeraeten-1… ∗∗∗ [20190701] - Core - Filter attribute in subform fields allows remote code execution ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. --------------------------------------------- https://developer.joomla.org/security-centre/787-20190701-core-filter-attri… ∗∗∗ VMWare Security Advisory on DoS Vulnerability in ESXi, (Tue, Jul 9th) ∗∗∗ --------------------------------------------- VMWare has released patches for ESXi that address a denial of service vulnerablility in hostd. ESXi 6.0 is unaffected, 6.5 has a patch, and 6.7 has a patch pending. This addresses a vulnerability described in CVE-2019-5528 and is rated important (CVSSv3 = 5.3). A workaround has also been published. If you run ESXi, you should take a look at this as well today. --------------------------------------------- https://isc.sans.edu/diary/rss/25112 ∗∗∗ Vuln: Intel Processor Diagnostic Tool CVE-2019-11133 Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- A local attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. --------------------------------------------- http://www.securityfocus.com/bid/109096 ∗∗∗ Vuln: Symantec Messaging Gateway CVE-2019-12751 Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- An attacker can exploit this issue to gain elevated privileges on an affected system. Symantec Messaging Gateway versions prior to 10.7.1 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108925 ∗∗∗ Patchday: Angreifer attackieren Windows und Windows Server ∗∗∗ --------------------------------------------- Microsoft schließt fast 80 Sicherheitslücken in Windows & Co. Davon gelten mehrere Schwachstellen als kritisch. --------------------------------------------- https://heise.de/-4466722 ∗∗∗ Security Advisory - Three Vulnerabilities in Huawei PCManager Product ∗∗∗ --------------------------------------------- There are two information leak vulnerabilities in Huawei PCManager product. Successful exploitation may cause the attacker to read/write some information. The two vulnerabilities have been assigned two Common Vulnerabilities and Exposures (CVE) IDs: CVE-2019-5237 and CVE-2019-5238. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190710-… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (redis), Fedora (expat), Mageia (dosbox, irssi, microcode, and postgresql11), Red Hat (bind, dbus, openstack-ironic-inspector, openstack-tripleo-common, python-novajoin, and qemu-kvm-rhev), Scientific Linux (kernel), SUSE (kernel-firmware, libdlm, libqb, and libqb), and Ubuntu (apport). --------------------------------------------- https://lwn.net/Articles/793360/ ∗∗∗ ImageMagick: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in ImageMagick ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0589 ∗∗∗ Emerson DeltaV Distributed Control System ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-190-01 ∗∗∗ Rockwell Automation PanelView 5510 ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-190-02 ∗∗∗ Schneider Electric Zelio Soft 2 ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-190-03 ∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Intel Microarchitectural Data Sampling (MDS) Side Channel vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-released-unif… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: The IBM Runtime Environment Java Version 8 used by Transparent Cloud Tiering has a vulnerability which disclosed as part of the IBM Java SDK updates in April 2019 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-ibm-runtime-envir… ∗∗∗ IBM Security Bulletin: IBM® Java™ SDK Technology Edition, Apr 2019, affects IBM Security Identity Manager Virtual Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-java-sdk-technolo… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2019-0196, CVE-2019-0197, and CVE-2019-0220 in the IBM i HTTP Server affect IBM i. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2… ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM WebSphere Application Server affects IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem 840 and 900 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem V840 and V9000 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – IAM WebSphere Liberty (CVE-2018-1683, CVE-2018-1755) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Mozilla Firefox vulnerability in IBM SONAS (CVE-2019-11708) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-mozilla-firefox-vulne… ∗∗∗ IBM Security Bulletin: Mozilla Firefox vulnerability in IBM SONAS (CVE-2019-11707) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-mozilla-firefox-vulne… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Intel CPUs affect IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-in… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.07.2019
by Daily end-of-shift report 09 Jul '19

09 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 08-07-2019 18:00 − Dienstag 09-07-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ FPM-Sicherheitslücke: Daten exfiltrieren mit Facebooks HHVM ∗∗∗ --------------------------------------------- Server für den sogenannten FastCGI Process Manager (FPM) können, wenn sie übers Internet erreichbar sind, unbefugten Zugriff auf Dateien eines Systems geben. Das betrifft vor allem HHVM von Facebook, bei PHP sind die Risiken geringer. --------------------------------------------- https://www.golem.de/news/fpm-sicherheitsluecke-daten-exfiltrieren-mit-face… ∗∗∗ Fileless Attack Attempts to Run Astaroth Backdoor Directly in Memory ∗∗∗ --------------------------------------------- Microsoft says it recently detected and stopped a fileless campaign looking to deliver the Astaroth Trojan to unsuspecting victims. read more --------------------------------------------- https://www.securityweek.com/fileless-attack-attempts-run-astaroth-backdoor… ∗∗∗ Fake-Shops entertaini.eu & gartenhimmel.eu mit gefälschtem Klarna-Checkout! ∗∗∗ --------------------------------------------- Vorsicht vor betrügerischen Online-Shops, die vorgeben, Klarnas Sofort-Überweisung anzubieten, Konsument/innen aber auf eine gefälschte Klarna-Website weiterleiten. Das geschieht bei entertaini.eu, der Gaming- und Entertainment-Artikel anbietet, sowie gartenhimmel.eu, der Haushaltsware und Sportartikel führt. Nicht bestellen! Eingegebene Daten sind in Gefahr und die Ware existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/fake-shops-entertainieu-gartenhimmel… ∗∗∗ IT-Security - Videokonferenz-App gibt Unbekannten Zugriff auf Mac-Webcam ∗∗∗ --------------------------------------------- Lücke in Zoom erlaubte "Videoanrufe", selbst wenn das Programm nicht mehr installiert war – Millionen User und bis zu 750.000 Firmen betroffen --------------------------------------------- https://derstandard.at/2000106075694/Videokonferenz-App-gibt-Unbekannten-Zu… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Bridge CC (APSB19-37), Adobe Experience Manager (APSB19-38) and Adobe Dreamweaver (APSB19-40). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1765 ∗∗∗ [20190701] - Core - Filter attribute in subform fields allows remote code execution ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.9.7 - 3.9.8 Exploit type: Remote Code Execution Reported Date: 2019-June-20 Fixed Date: 2019-July-09 CVE Number: CVE-2019-xxx Description Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/6jkIqCFwOTE/787-20190701-c… ∗∗∗ Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to insufficient validation of input SIP traffic. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Xen Security Advisory XSA-300 ∗∗∗ --------------------------------------------- Guest may be able to crash domain 0 (Host Denial-of-Service); or may be able to starve out I/O requests from other guests (Guest Denial-of-Service). --------------------------------------------- https://xenbits.xen.org/xsa/advisory-300.html ∗∗∗ Xpdf: CERT-Bund warnt vor ungepatchten Schwachstellen in freiem PDF-Viewer ∗∗∗ --------------------------------------------- Die aktuelle Version des freien PDF-Betrachters enthält mehrere Schwachstellen. Fixes gibt es bislang noch nicht. --------------------------------------------- https://heise.de/-4465908 ∗∗∗ Linux kernel vulnerability CVE-2019-11811 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01512680 ∗∗∗ HPESBST03918 rev.1 - HPE 3PAR Service Processor (SP), remote Disclosure of Privileged Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (irssi, python-django, and python2-django), Debian (libspring-security-2.0-java and zeromq3), Red Hat (python27-python), SUSE (ImageMagick, postgresql10, python-Pillow, and zeromq), and Ubuntu (apport, Docker, glib2.0, gvfs, whoopsie, and zeromq3). --------------------------------------------- https://lwn.net/Articles/793235/ ∗∗∗ SAP Patchday Juli: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0580 ∗∗∗ Citrix Hypervisor Security Update. ∗∗∗ --------------------------------------------- CTX256725 NewApplicable Products : Citrix Hypervisor 8.0, XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 2, XenServer 7.6A vulnerability has been found in Citrix Hypervisor (formerly Citrix XenServer) that may allow an unauthenticated attacker with the ability to send traffic to a host over a management or storage network to cause the host to crash. --------------------------------------------- https://support.citrix.com/article/CTX256725 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Governance and Intelligence ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect Rational Publishing Engine ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Multicloud Manager contains sensitive information upon deployment (CVE-2019-4118) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-multicloud-manage… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus, IBM App Connect Enterpise v11 and WebSphere Message Broker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ SSA-121293 (Last Update: 2019-07-09): Code Upload Vulnerability in SIMATIC WinCC and SIMATIC PCS7 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-121293.txt ∗∗∗ SSA-307392 (Last Update: 2019-07-09): Denial-of-Service in OPC UA in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt ∗∗∗ SSA-556833 (Last Update: 2019-07-09): TLS Vulnerabilities in SIMATIC RF6XXR ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-556833.txt ∗∗∗ SSA-616472 (Last Update: 2019-07-09): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-616472.txt ∗∗∗ SSA-697412 (Last Update: 2019-07-09): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-697412.txt ∗∗∗ SSA-721298 (Last Update: 2019-07-09): Missing Authentication Vulnerability in TIA Administrator (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-721298.txt ∗∗∗ SSA-747162 (Last Update: 2019-07-09): Cross-Site Scripting Vulnerability in Spectrum Power™ ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-747162.txt ∗∗∗ SSA-899560 (Last Update: 2019-07-09): Vulnerabilities in SIPROTEC 5 relays and DIGSI 5 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-899560.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.07.2019
by Daily end-of-shift report 08 Jul '19

08 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 05-07-2019 18:00 − Montag 08-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Anubis Android Malware Returns with Over 17,000 Samples ∗∗∗ --------------------------------------------- In mid-January of 2019, we saw Anubis use a plethora of techniques, including the use of motion-based sensors to elude sandbox analysis and overlays to steal personally identifiable information. The latest samples of Anubis (detected by Trend Micro as AndroidOS_AnubisDropper) we recently came across are no different. While tracking Anubis’ activities, we saw two related servers containing 17,490 samples. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence /anubis-android-malware-returns-with-over-17000-samples/ ∗∗∗ Godlua, Missverständnisse und der Streit um DNS over HTTPS ∗∗∗ --------------------------------------------- Der Linux-Schadcode Godlua verschlüsselt seinen DNS-Traffic mit HTTPS, benutzt allerdings nicht das DoH-Protokoll. --------------------------------------------- https://heise.de/-4464640 ∗∗∗ Malicious Code Planted in strong_password Ruby Gem ∗∗∗ --------------------------------------------- A developer discovered that an update released for the 'strong_password' Ruby gem contained malicious code that allowed an attacker to remotely execute arbitrary code. Developer Tute Costa was updating gems used by a Rails application when he noticed that version 0.0.7 of strong_password was pushed out on RubyGems.org, the Ruby community's gem hosting service, but not on GitHub. --------------------------------------------- https://www.securityweek.com /malicious-code-planted-strongpassword-ruby-gem ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-19-640: (0Day) Google Android Bluetooth hci_len Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows attackers in close proximity to execute arbitrary code on vulnerable installations of Google Android. User interaction is required to exploit this vulnerability in that the target must accept a malicious file transfer. ... 06/07/19 - The vendor replied the fix was not public yet but would soon be included in the next release of a major version --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-640/ ∗∗∗ Multiple Vulnerabilities in innovaphone VoIP Products Fixed ∗∗∗ --------------------------------------------- innovaphone fixed several vulnerabilities in two VoIP products that we disclosed a while ago. The affected products are the Linux Application Platform and the IPVA. Unfortunately, the release notes are not public (yet?) and the vendor does not include information about the vulnerabilities for the Linux Application Platform. Therefore, we decided to publish some more technical details for the issues. --------------------------------------------- https://insinuator.net/2019/07 /multiple-vulnerabilities-in-innovaphone-voip-products-fixed/ ∗∗∗ ct deckt auf: Tastaturen und Mäuse von Logitech weitreichend angreifbar ∗∗∗ --------------------------------------------- In etlichen Tastaturen, Mäusen und Presentern von Logitech klaffen Sicherheitslücken. ct erklärt, welche Produkte betroffen sind und was Sie jetzt tun sollten. --------------------------------------------- https://heise.de/-4464149 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dosbox, python-django, squid3, and unzip), Fedora (filezilla, libfilezilla, and samba), openSUSE (gvfs), Oracle (kernel), Red Hat (firefox and redhat-virtualization-host), SUSE (bash and libpng16), and Ubuntu (libvirt). --------------------------------------------- https://lwn.net/Articles/793057/ ∗∗∗ CVE-2019–13142: Razer Surround 1.1.63.0 EoP ∗∗∗ --------------------------------------------- Version: Razer Surround 1.1.63.0 Operating System tested on: Windows 10 1803 (x64) Vulnerability: Razer Surround Elevation of Privilege through Insecure folder/file permissions --------------------------------------------- https://posts.specterops.io /cve-2019-13142-razer-surround-1-1-63-0-eop-f18c52b8be0c ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-mozilla-firefox-vulnerability-in-ibm -sonas-2/ ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-mozilla-firefox-vulnerability-in-ibm -sonas/ ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-mozilla-firefox-vulnerabilities-in-i bm-sonas-6/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime- affect-ibm-cloud-transformation-advisor-2/ ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Websphere Application Server could affect IBM Cloud App Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-a-vulnerability-in-ibm-websphere-application- server-could-affect-ibm-cloud-app-management/ ∗∗∗ HPESBHF03937 rev.1 - HPE UIoT Unauthorized Remote Access and Access to Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public /display?docLocale=en_US&docId=emr_na-hpesbhf03937en_us ∗∗∗ HPESBMU03941 rev.1 - HPE IceWall SSO Agent Option and IceWall MFA Remote Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public /display?docLocale=en_US&docId=emr_na-hpesbmu03941en_us -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.07.2019
by Daily end-of-shift report 05 Jul '19

05 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 04-07-2019 18:00 − Freitag 05-07-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Automated Magecart Campaign Hits Over 960 Breached Stores ∗∗∗ --------------------------------------------- A large-scale payment card skimming campaign that successfully breached 962 e-commerce stores was discovered today by Magento security research company Sanguine Security. --------------------------------------------- https://www.bleepingcomputer.com/news/security/automated-magecart-campaign-… ∗∗∗ Understanding Elliptic Curve Cryptography And Embedded Security ∗∗∗ --------------------------------------------- All About Circuits is publishing a series of articles on embedded security, with a strong focus on network security. In addition to the primer article, so far they have covered the Diffie-Hellman exchange (using prime numbers, exponentiation and modular arithmetic) and the evolution of this exchange using elliptic curve cryptography (ECC) --------------------------------------------- https://hackaday.com/2019/07/04/understanding-elliptic-curve-cryptography-a… ∗∗∗ Tor Project to fix bug used for DDoS attacks on Onion sites for years ∗∗∗ --------------------------------------------- Tor vulnerability has been exploited for years and has been used for censorship, sabotage, and extortion of Onion sites. --------------------------------------------- https://www.zdnet.com/article/tor-project-to-fix-bug-used-for-ddos-attacks-… ∗∗∗ Croatian government targeted by mysterious hackers ∗∗∗ --------------------------------------------- Government agencies targeted with never before seen malware payload — named SilentTrinity. --------------------------------------------- https://www.zdnet.com/article/croatian-government-targeted-by-mysterious-ha… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by SUSE (firefox, mozilla-nss, mozilla-nspr, helm-mirror, libu2f-host, and libu2f-host, pam_u2f) and Ubuntu (bzip2 and irssi). --------------------------------------------- https://lwn.net/Articles/792890/ ∗∗∗ IBM Security Bulletin: IBM Jazz for Service Management stores sensitive information in URL parameters (CVE-2019-4193) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-jazz-for-service-… ∗∗∗ IBM Security Bulletin: Vulnerability in Google Guava affects IBM Cúram Social Program Management (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-goog… ∗∗∗ Foxit Reader und Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0574 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.07.2019
by Daily end-of-shift report 04 Jul '19

04 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 03-07-2019 18:00 − Donnerstag 04-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device ∗∗∗ --------------------------------------------- Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victims computer. --------------------------------------------- https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html ∗∗∗ New Golang malware plays the Linux field in quest for cryptocurrency ∗∗∗ --------------------------------------------- F5 researchers say that Golang spreads through a total of seven methods; four exploits targeting ThinkPHP, Drupal, and Confluence; the use of SSH and Redis database misconfigurations or credentials, and the subsequent spread to other machines using any SSH keys the malware stumbles across. --------------------------------------------- https://www.zdnet.com/article/new-golang-malware-plays-the-field-in-quest-f… ∗∗∗ Unfixable Seed Extraction on Trezor - A practical and reliable attack ∗∗∗ --------------------------------------------- An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$. This vulnerability affects Trezor One, Trezor T, Keepkey and all other Trezor clones. Unfortunately, this vulnerability cannot be patched and, for this reason, we decided not to give technical details about the attack to mitigate a possible exploitation in the field. However SatoshiLabs and Keepkey suggested users to either exclude physical attacks --------------------------------------------- https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/ ∗∗∗ File-Storage App 4shared Caught Serving Invisible Ads and Making Purchases Without Consent ∗∗∗ --------------------------------------------- With more than 100 million installs, file-sharing service 4shared is one of the most popular apps in the Android app store. But security researchers say the app is secretly displaying invisible ads and subscribes users to paid services, racking up charges without the users knowledge -- or their permission --------------------------------------------- https://it.slashdot.org/story/19/07/03/1738253/file-storage-app-4shared-cau… ∗∗∗ Hohe finanzielle Verluste durch betrügerische Investments! ∗∗∗ --------------------------------------------- Konsument/innen stoßen auf aggressiv beworbene Investment-Möglichkeiten bei unzähligen Offshore-Unternehmen, die unglaubliche Gewinne versprechen. Angebote wie FXLeader, KeyMarkets, ELCurrency oder CFReserve sind hier beispielsweise zu nennen. Während einige Betroffene lediglich die 250 Euro Mindesteinsatz verlieren, gehen die Schäden bei anderen häufig in den fünf- oder gar sechsstelligen Bereich! --------------------------------------------- https://www.watchlist-internet.at/news/hohe-finanzielle-verluste-durch-betr… ===================== = Vulnerabilities = ===================== ∗∗∗ Benutzt hier jemand Little Snitch?Das ist so eine Personal ... ∗∗∗ --------------------------------------------- Benutzt hier jemand Little Snitch?Das ist so eine Personal Firewall für OS X, falls das jemandem nichts sagt. Immerhin ist das wohl nur eine locale privilege escalation, nicht über Netz. --------------------------------------------- http://blog.fefe.de/?ts=a3e3de34 ∗∗∗ Sicherheitsupdates: Cisco-Produkte für DoS-Angriffe und Schadcode anfällig ∗∗∗ --------------------------------------------- Es gibt abgesicherte Software für beispielsweise Web Security Appliance und Small Business Series Switches von Cisco. --------------------------------------------- https://heise.de/-4462730 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libssh2 and qemu-kvm), Debian (lemonldap-ng), Fedora (tomcat), Oracle (kernel), and SUSE (elfutils, kernel, and php5). --------------------------------------------- https://lwn.net/Articles/792831/ ∗∗∗ Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance HTTPS Certificate Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Series Switches Memory Corruption Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Series Switches HTTP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Issues in Cisco Small Business 250/350/350X/550X Series Switches Firmware and Cisco FindIT Network Probe ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber for Windows DLL Preloading Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center RSS Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Content Filter Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Content Filter Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Web Proxy Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Security vulnerability has been identified in IBM Java Runtime shipped with AppScan Standard (CVE-2019-2602) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Governance and Intelligence ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Brocade Fabric OS (FOS) Advisory vulnerabilities affect Brocade 8Gb SAN Switch Module for BladeCenter and IBM Flex System FC5022 16Gb SAN Scalable Switch ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-brocade-fabric-os-fos… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2018-1902, CVE-2018-1968, CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileg… ∗∗∗ BIG-IP DNS and GTM DNSSEC security exposure ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00724442 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.07.2019
by Daily end-of-shift report 03 Jul '19

03 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 02-07-2019 18:00 − Mittwoch 03-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Trickbot Trojan Now Has a Separate Cookie Stealing Module ∗∗∗ --------------------------------------------- Trickbot trojan now comes with a separate module for stealing browser cookies, threat researchers found on Tuesday, marking new progress in the malwares development. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trickbot-trojan-now-has-a-se… ∗∗∗ Heres a great idea: Why dont we hardcode the same private key into all our smart home hubs? ∗∗∗ --------------------------------------------- Another day, another appalling Internet of S**t security flaw Smart home company Zipato hardcoded the same private SSH key into every one of its hubs, leaving its system open to hacking, researchers revealed this week. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/07/03/zipato_hard… ∗∗∗ Vulnerabilities in Nexus Repository left thousands of artifacts exposed ∗∗∗ --------------------------------------------- In the Nexus repository there are 2 main problems (unrelated to each other) that arise from the default settings: * The default user is always set to be admin/admin123 – CWE-521 * Any unauthenticated user can read/download resources from Nexus – CWE-276 This means all the images in the repository can be download just by accessing the repository, with no authentication needed, or by authenticating as the default admin account if unchanged. --------------------------------------------- https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-t… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Camera Firm Arlo Zaps High-Severity Bugs ∗∗∗ --------------------------------------------- Bugs in Arlo Technologies’ equipment allow a local attacker to take control of Alro wireless home video security cameras. --------------------------------------------- https://threatpost.com/arlo-zaps-high-severity-bugs/146216/ ∗∗∗ Magento 2.3.1: Unauthenticated Stored XSS to RCE ∗∗∗ --------------------------------------------- This blog post shows how the combination of a HTML sanitizer bug and a Phar Deserialization in the popular eCommerce solution Magento <=2.3.1 lead to a high severe exploit chain. This chain can be abused by an unauthenticated attacker to fully takeover certain Magento stores and to redirect payments. --------------------------------------------- https://blog.ripstech.com/2019/magento-rce-via-xss/ ∗∗∗ Websites can feed Tridactyl fake key events ∗∗∗ --------------------------------------------- Malicious websites could feed keys to Tridactyl which it would execute as if a user had pressed them, outside of the command line. If the native messenger was installed, an attacker could execute arbitrary programs ... All Tridactyl versions released between September 2018 and June 14th 2019 were affected, i.e. 1.14.0 <= v <= 1.14.10 and 1.15.0. --------------------------------------------- https://github.com/tridactyl/tridactyl/security/advisories/GHSA-7qr7-93pf-h… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pdns), Fedora (kernel and kernel-headers), Mageia (cgit and firefox), Oracle (libssh2 and qemu-kvm), Red Hat (openstack-ironic-inspector, openstack-tripleo-common, and qemu-kvm-rhev), Scientific Linux (libssh2 and qemu-kvm), SUSE (bzip2, cronie, libtasn1, nmap, php7, php72, python-Twisted, and taglib), and Ubuntu (thunderbird and znc). --------------------------------------------- https://lwn.net/Articles/792705/ ∗∗∗ QEMU: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert. Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0563 ∗∗∗ FreeBSD Project FreeBSD OS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in FreeBSD Project FreeBSD OS ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand hervorrufen, Informationen einzusehen oder seine Privilegien zu eskalieren. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0561 ∗∗∗ Vuln: Schneider Electric Modicon Controllers CVE-2019-6819 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/109004 ∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Virtual Domain Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM Java SDK affect Rational Build Forge (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin:IBM Content Navigator is affected by a local file inclusion vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletinibm-content-navigator-… ∗∗∗ IBM Security Bulletin: Vulnerability in kernel affects Power Hardware Management Console (CVE-2018-14633) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-kern… ∗∗∗ IBM Security Bulletin: Guardium StealthBits Integration is affected by an SQLite vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-guardium-stealthbits-… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact Session Management – Session Fixation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-netcool-im… ∗∗∗ IBM Security Bulletin: IBM Application Performance Management could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names (CVE-2019-4131) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-application-perfo… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM® WebSphere™ Application Server and IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: It is possible to download arbitrary server files via ViewONE server (CVE-2019-4260) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-it-is-possible-to-dow… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM HTTP Server affects IBM Netezza Performance Portal ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ HPESBHF03943 rev.1 - Certain HPE Servers using AMD EPYC 7001 series Processors, Local Disclosure of Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.07.2019
by Daily end-of-shift report 02 Jul '19

02 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 01-07-2019 18:00 − Dienstag 02-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Network Time Security: Sichere Uhrzeit übers Netz ∗∗∗ --------------------------------------------- Fast alle modernen Geräte synchronisieren ihre Uhrzeit übers Internet. Das dafür genutzte Network Time Protocol ist nicht gegen Manipulationen geschützt - bisher. Mit der Erweiterung Network Time Security soll sich das ändern. --------------------------------------------- https://www.golem.de/news/network-time-security-sichere-uhrzeit-uebers-netz… ∗∗∗ IT-Sicherheit: BSI erarbeitet neue Mindeststandards für Browser ∗∗∗ --------------------------------------------- Vor zwei Jahren formulierte das Bundesamt für Sicherheit in der Informationstechnik Anforderungen an sichere Browser. Nun soll das Dokument aktualisiert werden, um Kommentierung wird gebeten. --------------------------------------------- https://www.golem.de/news/it-sicherheit-bsi-erarbeitet-neue-mindeststandard… ∗∗∗ Using Powershell in Basic Incident Response - A Domain Wide "Kill-Switch", (Tue, Jul 2nd) ∗∗∗ --------------------------------------------- Now that we have the hashes for all the running processes in the AD Domain, and also have the VT Score for each hash in the system, how can we use this information? Incident Response comes immediately to mind for me. If you've ever been in a medium-to-large-scale "incident", the situation that you often find is 'we know everything seems to be infected, but out of thousands of machines, which ones are actually infected right now? --------------------------------------------- https://isc.sans.edu/diary/rss/25088 ∗∗∗ Tale of a Windows Error Reporting Zero-Day (CVE-2019-0863) ∗∗∗ --------------------------------------------- In December 2018, a hacker who goes by the alias ‘SandboxEscaper’ publicly disclosed a zero-day vulnerability in the Windows Error Reporting (WER) component. Digging deeper into her submission, I discovered another zero-day vulnerability, which could be abused to elevate system privileges. According to the Microsoft advisory, attackers exploited this bug as a zero-day in the wild until the patch was released in May 2019. So how did this bug work exactly? --------------------------------------------- https://unit42.paloaltonetworks.com/tale-of-a-windows-error-reporting-zero-… ∗∗∗ Firefox 68: Mozilla behebt Konflikte zwischen Browser und Antiviren-Software ∗∗∗ --------------------------------------------- Frühere Firefox-Versionen kollidierten häufig mit AV-Software; Fehlermeldungen und Verbindungsprobleme waren die Folge. Mit Version 68 soll sich das ändern. --------------------------------------------- https://heise.de/-4460657 ∗∗∗ The art and science of password hashing ∗∗∗ --------------------------------------------- The recent FlipBoard breach shines a spotlight again on password security and the need for organizations to be more vigilant. Password storage is a critical area where companies must take steps to ensure they don’t leave themselves and their customer data vulnerable. Storing passwords in plaintext is recognized as a major cybersecurity blunder. --------------------------------------------- https://www.helpnetsecurity.com/2019/07/02/password-hashing/ ∗∗∗ SD-WAN Security Assessment: The First Hours ∗∗∗ --------------------------------------------- SD-WAN Security Assessment: The First HoursIntroductionSuppose you need to perform a security assessment of an SD-WAN solution.There are several reasons for this and one of them is selecting an SD-WAN provider or product.A traditional SD-WAN system involves many planes, technologies, mechanisms, services, protocols and features.It has distributed and multilayered architecture. So where should you start? --------------------------------------------- http://www.scada.sl/2019/07/sd-wan-security-assessment-first-hours.html ∗∗∗ Achtung Fake: cyberino.store ∗∗∗ --------------------------------------------- Bestellen Sie nicht bei cyberino.store, denn Sie werden Ihre Ware nie erhalten. Es handelt sich um einen Fake-Shop! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-fake-cyberinostore/ ∗∗∗ In eigener Sache: CERT.at sucht Verstärkung ∗∗∗ --------------------------------------------- Für unsere täglichen Routineaufgaben suchen wir derzeit 1 Berufsein- oder -umsteiger/in mit ausgeprägtem Interesse an IT-Security, welche/r uns bei den täglich anfallenden Standard-Aufgaben unterstützt. Details finden sich auf unserer Jobs-Seite. --------------------------------------------- http://www.cert.at/services/blog/20190702153623-2489.html ===================== = Vulnerabilities = ===================== ∗∗∗ SquirrelMail XSS ∗∗∗ --------------------------------------------- When viewing e-mails in HTML mode (not active by default) SquirrelMail applies a custom sanitization step in an effort to remove possibly malicious script and other content from the viewed e-mail. Due to improper handling of RCDATA and RAWTEXT type elements, the HTML parser used in this process shows differences compared to real user agent behavior. Exploiting these differences JavaScript code can be introduced which is not removed. --------------------------------------------- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-… ∗∗∗ Patchday: Android und das löchrige Media Framework ∗∗∗ --------------------------------------------- Google hat Sicherheitsupdates veröffentlicht, die kritische Lücken in Pixel-Smartphones schließen. --------------------------------------------- https://heise.de/-4460308 ∗∗∗ VMSA-2019-0010 ∗∗∗ --------------------------------------------- VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0010.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, firefox-developer-edition, libarchive, and vlc), CentOS (firefox, thunderbird, and vim), Debian (firefox-esr, openssl, and python-django), Fedora (glpi and xen), Mageia (thunderbird), openSUSE (ImageMagick, irssi, libheimdal, and phpMyAdmin), Red Hat (libssh2 and qemu-kvm), Scientific Linux (firefox, thunderbird, and vim), SUSE (389-ds, cf-cli, curl, dbus-1, dnsmasq, evolution, glib2, gnutls, graphviz, java-1_8_0-openjdk, and libxslt), [...] --------------------------------------------- https://lwn.net/Articles/792595/ ∗∗∗ Linux kernel vulnerability CVE-2019-3896 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04327111 ∗∗∗ TMM vulnerability CVE-2019-6628 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04730051 ∗∗∗ F5 TMUI and iControl Rest vulnerability CVE-2019-6634 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K64855220 ∗∗∗ iControl REST vulnerability CVE-2019-6637 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K29149494 ∗∗∗ TMM vulnerability CVE-2019-6629 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95434410 ∗∗∗ BIG-IP HTTP profile vulnerability CVE-2019-6631 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19501795 ∗∗∗ iControl REST vulnerability CVE-2019-6620 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20445457 ∗∗∗ iControl REST and tmsh vulnerability CVE-2019-6621 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20541896 ∗∗∗ iControl REST vulnerability CVE-2019-6641 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K22384173 ∗∗∗ BIG-IP TMUI vulnerability CVE-2019-6625 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K79902360 ∗∗∗ iControl REST vulnerability CVE-2019-6638 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K67825238 ∗∗∗ SNMP vulnerability CVE-2019-6640 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K40443301 ∗∗∗ BIG-IP Appliance mode vulnerability CVE-2019-6633 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K73522927 ∗∗∗ BIG-IP Appliance mode vulnerability CVE-2019-6635 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11330536 ∗∗∗ vCMP vulnerability CVE-2019-6632 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01413496 ∗∗∗ F5 SSL Orchestrator vulnerability CVE-2019-6630 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33444350 ∗∗∗ F5 SSL Orchestrator vulnerability CVE-2019-6627 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K36320691 ∗∗∗ BIG-IP AFM and PEM TMUI XSS vulnerability CVE-2019-6639 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K61002104 ∗∗∗ iControl REST vulnerability CVE-2019-6622 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44885536 ∗∗∗ TMM vulnerability CVE-2019-6623 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K72335002 ∗∗∗ BIG-IP TMUI XSS vulnerability CVE-2019-6626 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00432398 ∗∗∗ IP Intelligence Feed List TMUI vulnerability CVE-2019-6636 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K68151373 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.07.2019
by Daily end-of-shift report 01 Jul '19

01 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 28-06-2019 18:00 − Montag 01-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mehrere Sicherheitslücken im Datenbankmanagementsystem IBM Db2 ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für IBM Db2. Insgesamt gilt das Sicherheitsrisiko als "hoch". --------------------------------------------- https://heise.de/-4457961 ∗∗∗ Verschlüsselte Kommunikation: Angriff auf PGP-Keyserver demonstriert hoffnungslose Situation ∗∗∗ --------------------------------------------- Mit einem gezielten Angriff auf zwei PGP-Schlüssel demonstrieren Unbekannte, dass ein zentraler Teil der PGP-Infrastruktur wahrscheinlich unrettbar kaputt ist. --------------------------------------------- https://heise.de/-4458354 ∗∗∗ Sicherheitsupdates: BIG-IP-Appliances von F5 angreifbar ∗∗∗ --------------------------------------------- In verschiedenen Netzwerkprodukten vom Hersteller F5 findet sich eine Root-Schwachstelle. --------------------------------------------- https://heise.de/-4457976 ∗∗∗ RATs and stealers rush through “Heaven’s Gate” with new loader ∗∗∗ --------------------------------------------- By Holger Unterbrink and Edmund Brumaghin. Executive summaryMalware is constantly finding new ways to avoid detection. This doesnt mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the radar for just a few days is enough to infect sufficient machines to earn a decent amount of revenue for an attack. --------------------------------------------- https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-h… ∗∗∗ Achtung vor Job-Angeboten der Wentics GmbH ∗∗∗ --------------------------------------------- Arbeitssuchende, die Job-Börsen bei der Suche nach dem neuen Beruf nutzen, müssen sich vor betrügerischen Angeboten in Acht nehmen. So kontaktieren Kriminelle beispielsweise als Wentics GmbH Internetnutzer/innen und bieten verlockende Jobs im Home Office gegen hervorragende Bezahlung an. Betroffene dürfen keine Daten übermitteln, denn es handelt sich um einen Identitätsmissbrauch zum Zweck der Geldwäsche! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-job-angeboten-der-wentic… ∗∗∗ Netzpolitik - Phishing-Mails: Betrüger setzen nun auf QR-Codes ∗∗∗ --------------------------------------------- Betrüger versuchen, Sharepoint-Logindaten zu bekommen – Bildcodes gelangen durch Spamfilter --------------------------------------------- https://derstandard.at/2000105726829/Phishing-Mails-Betrueger-setzen-nun-au… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Kritische Lücke in Firewalls und Hotspots von Zyxel ∗∗∗ --------------------------------------------- Verschiedene Netzwerkgeräte von Zyxel sind über eine kritische Schwachstelle attackierbar. --------------------------------------------- https://heise.de/-4458725 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (expat, golang-go.crypto, gpac, and rdesktop), Fedora (chromium, GraphicsMagick, kernel, kernel-headers, pdns, and xen), openSUSE (chromium, dbus-1, evince, libvirt, postgresql96, tomcat, and wireshark), Oracle (thunderbird and vim), Scientific Linux (thunderbird), Slackware (irssi), SUSE (gvfs), and Ubuntu (linux-lts-xenial, linux-aws, linux-azure and linux-oem, linux-oracle, linux-raspi2, linux-snapdragon). --------------------------------------------- https://lwn.net/Articles/792463/ ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is impacted by multiple PHP vulnerabilities(CVE-2019-11038 CVE-2019-11039 CVE-2019-11040) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a FileServer functionality vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: A vulnerabilityin IBM Java Runtime affect Financial Transaction Manager for Check Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerabilityin-ibm… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: API Connect is impacted by an information leakage vulnerability in Oracle MySQL (CVE-2018-3123) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-impact… ∗∗∗ IBM Security Bulletin: Password disclosure in IBM Spectrum Protect Server (CVE-2019-4140) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-disclosure-i… ∗∗∗ IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2018-1922, CVE-2018-1923, CVE-2018-1936, CVE-2018-1978, CVE-2018-1980, CVE-2019-4014, CVE-2019-4015, CVE-2019-4016, CVE-2019-4094) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerab… ∗∗∗ IBM Security Bulletin: IBM Planning Analytics Administration is affected by a vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-planning-analytic… ∗∗∗ IBM Security Bulletin: IBM Cloud Private Monitoring is vulnerable to XSS attack in Prometheus (CVE-2018-14041) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-mon… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.06.2019
by Daily end-of-shift report 28 Jun '19

28 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 27-06-2019 18:00 − Freitag 28-06-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: ImageMagick Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- Successfully exploiting these issues may allow an attacker to gain access to sensitive information, bypass certain security restrictions and to perform unauthorized actions or cause a denial-of-service condition. This may aid in launching further attacks. Due to the nature of this issue, code execution may be possible but this has not been confirmed. ImageMagick version 7.0.8-34 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/108913 ∗∗∗ Vuln: OpenJPEG Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- Attackers can exploit these issues to cause the application to crash or execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. OpenJPEG version 2.3.0 and prior are vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/108921 ∗∗∗ Vuln: Symantec Endpoint Encryption CVE-2019-9703 Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- Local attackers can exploit this issue to gain elevated privileges. Versions prior to Symantec Endpoint Encryption 11.3.0 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108796 ∗∗∗ Vuln: Symantec Endpoint Encryption CVE-2019-9702 Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- Local attackers can exploit this issue to gain elevated privileges. Versions prior to Symantec Endpoint Encryption 11.3.0 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108795 ∗∗∗ McAfee schließt mehrere Schwachstellen in Enterprise Security Manager ∗∗∗ --------------------------------------------- Neue Versionen des SIEM von McAfee beseitigen insgesamt zehn potenzielle Angriffspunkte, von denen zum Teil ein hohes Sicherheitsrisiko ausgeht. --------------------------------------------- https://heise.de/-4457190 ∗∗∗ Medtronic recalls vulnerable MiniMed insulin pumps ∗∗∗ --------------------------------------------- Medtronic, the world’s largest medical device company, has issued a recall of some of its insulin pumps because they can be tampered with by attackers. About the vulnerable devices The affected devices are insulin pumps from the MiniMed 508 and Paradigm series ... --------------------------------------------- https://www.helpnetsecurity.com/2019/06/28/hackable-medtronic-insulin-pumps… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (expat and mupdf), Fedora (drupal7-uuid, php-brumann-polyfill-unserialize, and php-typo3-phar-stream-wrapper2), openSUSE (thunderbird), Oracle (thunderbird and vim), SUSE (glibc), and Ubuntu (poppler). --------------------------------------------- https://lwn.net/Articles/792318/ ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a wget vulnerability (CVE-2019-5953) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities (CVE-2019-7221, CVE-2019-6974, CVE-2018-17972, CVE-2018-9568) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Admin Console (CVE-2019-4269) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by multiple libssh2 vulnerabilities (CVE-2019-3863, CVE-2019-3857, CVE-2019-3856, CVE-2019-3855) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a an openssl vulnerability (CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: Sensitive information disclosure affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2019-4369) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-sensitive-information… ∗∗∗ IBM Security Bulletin: Guardium StealthBits Integration is affected by an SQLite vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-guardium-stealthbits-… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an OpenSSH vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ F5 tmsh vulnerability CVE-2019-6642 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K40378764 ∗∗∗ PHOENIX CONTACT Security Advisory for Industrial Controllers ILC1x0, ILC1x1, AXC1050 and AXC3050 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-015 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.06.2019
by Daily end-of-shift report 27 Jun '19

27 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 26-06-2019 18:00 − Donnerstag 27-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ How Hackers Turn Microsoft Excels Own Features Against It ∗∗∗ --------------------------------------------- A pair of recent findings show how hackers can compromise Excel users without any fancy exploits. --------------------------------------------- https://www.wired.com/story/microsoft-excel-hacking-power-query-macros ∗∗∗ Fake Instagram Verification ∗∗∗ --------------------------------------------- Across various social media platforms there are verification checkmark symbols that appear near the name of the account’s page we view. For example, this verified account indicator seen from our our Twitter page: These verification checkmarks exist as a credibility indicator to help show authenticity and integrity to social media page visitors. --------------------------------------------- https://blog.sucuri.net/2019/06/fake-instagram-verification.html ∗∗∗ NIST Releases Report on Managing IoT Risks ∗∗∗ --------------------------------------------- Original release date: June 26, 2019The National Institute of Standards and Technology (NIST) has released the Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks report. The publication—the first in a planned series on IoT—aims to help federal agencies and other organizations manage the cybersecurity and privacy risks associated with individual IoT devices. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/06/26/nist-releases-repo… ∗∗∗ Europäischer Rechtsakt zur Cyber-Sicherheit tritt in Kraft ∗∗∗ --------------------------------------------- Der europäische Rechtsakt zur Cyber-Sicherheit ("Cybersecurity Act") ist am 27. Juni 2019 in Kraft getreten. Kernelemente des Rechtsakts sind ein neues, permanentes Mandat für die europäische Cyber-Sicherheitsagentur ENISA sowie die Einführung eines einheitlichen europäischen Zertifizierungsrahmens für IKT-Produkte, -Dienstleistungen und -Prozesse. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Cybersecuri… ∗∗∗ GreenFlash Sundown exploit kit expands via large malvertising campaign ∗∗∗ --------------------------------------------- The GreenFlash exploit kit, which we typically saw targeting South Korean users, reaches globally with a large malvertising campaign via a popular website.Categories: Threat analysisTags: EKexploit kitGreenFlash Sundownmalvertisingseon ransomware [...] --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-ex… ∗∗∗ Bestellen Sie nicht bei media-blue.store ∗∗∗ --------------------------------------------- Wer bei media-blue.store glaubt, ein Schnäppchen ergattert zu haben, irrt sich, denn die Ware wird trotz Bezahlung nie geliefert. Es handelt sich um einen Fake-Shop! --------------------------------------------- https://www.watchlist-internet.at/news/bestellen-sie-nicht-bei-media-bluest… ===================== = Vulnerabilities = ===================== ∗∗∗ Epyc crypto flaw? AMD emits firmware fix for server processors after Googler smashes RAM encryption algorithms ∗∗∗ --------------------------------------------- SEV code cracked to leak secret keys Updated Microchip slinger AMD has issued a firmware patch to fix the encryption in its Secure Encrypted Virtualization technology (SEV), used to defend the memory of Linux KVM virtual machines running on its Epyc processors. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/06/26/amd_epyc_ke… ∗∗∗ Advanced Forum - Critical - Cross Site Scripting - SA-CONTRIB-2019-054 ∗∗∗ --------------------------------------------- Project: Advanced Forum Version: 7.x-2.x-dev Date: 2019-June-26 Security risk: Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All Vulnerability: Cross Site Scripting --------------------------------------------- https://www.drupal.org/sa-contrib-2019-054 ∗∗∗ Kritische Lücken in Cisco Data Center Network Manager ∗∗∗ --------------------------------------------- Eine Schwachstelle gefährdet Netzwerkgeräte von Cisco. Ein Sicherheitsupdate schließt mehrere Schlupflöcher. --------------------------------------------- https://heise.de/-4456661 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (drupal7-uuid, php-brumann-polyfill-unserialize, and php-typo3-phar-stream-wrapper2), openSUSE (ansible, compat-openssl098, exempi, glib2, gstreamer-0_10-plugins-base, gstreamer-plugins-base, libmediainfo, libssh2_org, SDL2, sqlite3, and wireshark), Oracle (firefox), Red Hat (thunderbird and vim), Scientific Linux (firefox), SUSE (java-1_8_0-ibm), and Ubuntu (bzip2 and expat). --------------------------------------------- https://lwn.net/Articles/792231/ ∗∗∗ Kubernetes CLI tool security flaw lets attackers run code on host machine ∗∗∗ --------------------------------------------- Interesting bug can lead to total compromise of cloud production environments. --------------------------------------------- https://www.zdnet.com/article/kubernetes-cli-tool-security-flaw-lets-attack… ∗∗∗ Vuln: GNU Binutils CVE-2019-12972 Heap Based Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108903 ∗∗∗ Vuln: Linux Kernel CVE-2019-12984 Null Pointer Dereference Remote Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108905 ∗∗∗ OpenJPEG: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0545 ∗∗∗ ImageMagick: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0547 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.06.2019
by Daily end-of-shift report 26 Jun '19

26 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 25-06-2019 18:00 − Mittwoch 26-06-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ YouTube Bitcoin Scams Pushing the njRAT Backdoor InfoStealer ∗∗∗ --------------------------------------------- YouTube scams are promoting software that pretends to allow users to get free Bitcoins, but instead installs the njRAT remote access Trojan and password stealer. --------------------------------------------- https://www.bleepingcomputer.com/news/security/youtube-bitcoin-scams-pushin… ∗∗∗ Brickerbot 2.0: Neue Schadsoftware möchte IoT-Geräte zerstören ∗∗∗ --------------------------------------------- Wie das Vorbild Brickerbot möchte die Schadsoftware Silex unsichere IoT-Geräte zerstören. Auch ungeschützte Linux-Server könnten ihr Opfer werden. Der Entwickler der Schadsoftware arbeitet an weiteren Funktionen. --------------------------------------------- https://www.golem.de/news/brickerbot-2-0-neue-schadsoftware-moechte-iot-ger… ∗∗∗ Subdomain Takeover: Sicherheitsfirmen übernehmen Subdomain von EA ∗∗∗ --------------------------------------------- Die Subdomain eaplayinvite.ea.com des Spieleherstellers Electronic Arts ist von Sicherheitsfirmen übernommen worden. Über einen weiteren Angriff konnten die Firmen auch an Nutzerdaten gelangen. --------------------------------------------- https://www.golem.de/news/subdomain-takeover-sicherheitsfirmen-uebernehmen-… ∗∗∗ Achtung vor Scamming im Internet ∗∗∗ --------------------------------------------- Scamming (dt. Vorschussbetrug) beschreibt eine beliebte Betrugsform im Internet, die Kriminelle nutzen, um an schnelles Geld zu gelangen. Sie versprechen ihren Opfern Erbschaften, Millionengewinne, günstige Kredite oder spielen ihnen eine Notlage vor und drängen sie zu hohen Vorschusszahlungen. Es handelt sich ausnahmslos um leere Versprechen und Geld landet ausschließlich in den Taschen der Betrüger/innen. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-scamming-im-internet/ ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Nessus CVE-2019-3961 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- Nessus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Nessus 8.4.0 and prior versions are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/108892 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python3.4), Oracle (firefox), Red Hat (firefox and kernel-alt), SUSE (ImageMagick and SUSE Manager Server 3.2), and Ubuntu (bzip2). --------------------------------------------- https://lwn.net/Articles/792111/ ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190626-… ∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Connect:Direct Web Services (CVE-2018-1890) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-af… ∗∗∗ IBM Security Bulletin: WebSphere App Server – Out of Memory Exception can cause DOS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-websphere-app-server-… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli System Automation Application Manager April 2019 CPU (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: A security vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components and Watson Content Analytics (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-exist… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.06.2019
by Daily end-of-shift report 25 Jun '19

25 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Montag 24-06-2019 18:00 − Dienstag 25-06-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic ∗∗∗ --------------------------------------------- Oracle WebLogic has recently disclosed and patched remote-code-execution (RCE) vulnerabilities in its software, many of which were due to insecure deserialization. Oracle addressed the most recent vulnerability, CVE-2019-2729, in an out-of-band security patch on June 18, 2019. CVE-2019-2729 was assigned a CVSS score of 9.8, making it a critical vulnerability. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fYmCaoi4AE8/ ∗∗∗ Thunderbird 60.7.2: Mozilla fixt potenziell gefährliche Lückenkombination ∗∗∗ --------------------------------------------- Das Mozilla Entwickler-Team hat vergangene Woche zwei Sicherheitslücken in Thunderbird behoben, die zuvor in Firefox aktiv ausgenutzt worden war. --------------------------------------------- https://heise.de/-4454671 ∗∗∗ Side-Channel Attacks: OpenSSH erhält Schutz vor Spectre, RAMBleed und Co. ∗∗∗ --------------------------------------------- Die temporäre Verschlüsselung im RAM soll mit OpenSSH genutzte Keys künftig vor Seitenkanalangriffen schützen. --------------------------------------------- https://heise.de/-4455055 ∗∗∗ Phishing-Versuch gegen free-Kund/innen der Advanzia Bank S.A. ∗∗∗ --------------------------------------------- Konsument/innen finden eine E-Mail in ihrem Posteingang, in der sie über die Notwendigkeit einer Datenbestätigung informiert werden, um die free-Kreditkarte weiter nutzen zu können. Die Nachricht erweckt den Eindruck, von der Advanzia Bank S.A. zu stammen, doch sie wird von Kriminellen verschickt. Dem Link darf nicht gefolgt werden, denn es handelt sich um einen Phishing-Versuch! --------------------------------------------- https://www.watchlist-internet.at/news/phishing-versuch-gegen-free-kundinne… ∗∗∗ New Mac malware abuses recently disclosed Gatekeeper zero-day ∗∗∗ --------------------------------------------- Researchers find new OSX/Linker malware abusing still-unpatched macOS Gatekeeper bypass. --------------------------------------------- https://www.zdnet.com/article/new-mac-malware-abuses-recently-disclosed-gat… ===================== = Vulnerabilities = ===================== ∗∗∗ TYPO3 9.5.8 and 8.7.27 security releases published ∗∗∗ --------------------------------------------- We are announcing the release of the following TYPO3 updates: TYPO3 9.5.8 LTS TYPO3 8.7.27 LTS All versions are security releases and contain important security fixes --------------------------------------------- https://typo3.org/article/typo3-958-and-8727-security-releases-published/ ∗∗∗ TYPO3-EXT-SA-2019-014: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin) ∗∗∗ --------------------------------------------- CVE: CVE-2019-11768 and CVE-2019-12616 * PMASA-2019-3: SQL injection in Designer feature * PMASA-2019-4: CSRF vulnerability in login form --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2019-014/ ∗∗∗ Kubernetes CVE-2019-11246 Incomplete Fix Arbitrary File Overwrite Vulnerability ∗∗∗ --------------------------------------------- Kubernetes is prone to a vulnerability that may allow attackers to overwrite arbitrary files. Successful exploits may allow an attacker to write arbitrary files in the context of the user running the affected application. Versions prior to kubernetes 1.12.9, 1.13.6, and 1.14.2 are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/108866/discuss ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (python), Debian (bzip2, libvirt, python2.7, python3.4, rdesktop, and thunderbird), Fedora (thunderbird and tomcat), openSUSE (aubio, docker, enigmail, GraphicsMagick, and python-Jinja2), SUSE (kernel, libvirt, postgresql96, and tomcat), and Ubuntu (ceph, firefox, imagemagick, libmysofa, linux, linux-hwe, neutron, and policykit-desktop-privileges). --------------------------------------------- https://lwn.net/Articles/792006/ ∗∗∗ Alpine Linux Docker image vulnerability CVE-2019-5021 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K25551452 ∗∗∗ QEMU: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0541 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.06.2019
by Daily end-of-shift report 24 Jun '19

24 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 21-06-2019 18:00 − Montag 24-06-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft: Were fighting Windows malware spread via Excel in email with bad macro ∗∗∗ --------------------------------------------- Earlier this month Microsoft warned that attackers were firing spam that exploited an Office flaw to install a trojan. The bug meant the attackers didn't require Windows users to enable macros. However, a new malware campaign that doesn't exploit a specific vulnerability in Microsoft software takes the opposite approach, using malicious macro functions in an Excel attachment to compromise fully patched Windows PCs. --------------------------------------------- https://www.zdnet.com/article/microsoft-were-fighting-windows-malware-sprea… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Schwachstelle in bzip2 - je nach Setup für RCE ausnutzbar ∗∗∗ --------------------------------------------- Kritische Schwachstelle in bzip2 - je nach Setup für RCE ausnutzbar 24. Juni 2019 Beschreibung In der Kompressions-Software bzip2 gibt es eine Lücke, durch die sich in manchen Konfigurationen beliebiger Code mit den Rechten des Benutzers ausführen lässt. CVSS3 Score: 9.8 (laut NIST NVD) CVE-Nummer: CVE-2019-12900 Auswirkungen Angreifer müssen es schaffen, entsprechend präparierte komprimierte Dateien zur Dekompression zu bringen. Dies kann zB durch Versand solcher --------------------------------------------- http://www.cert.at/warnings/all/20190624.html ∗∗∗ Tor Browser 8.5.3 Fixes a Sandbox Escape Vulnerability in Firefox ∗∗∗ --------------------------------------------- Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest version. --------------------------------------------- https://www.bleepingcomputer.com/news/software/tor-browser-853-fixes-a-sand… ∗∗∗ Sicherheitslücke: Outlook-App ermöglichte Auslesen von E-Mails ∗∗∗ --------------------------------------------- Eigentlich sollte in E-Mails eingebetteter Javascript-Code nicht ausgeführt werden. Mit der Android-Version von Microsofts Outlook war dies durch einen Trick möglich. Mit einer präparierten E-Mail konnte unter anderem das Mailkonto ausgelesen werden. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-outlook-app-ermoeglichte-ausles… ∗∗∗ Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer ∗∗∗ --------------------------------------------- If you use VLC media player on your computer and havent updated it recently, dont you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. Thats because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities... --------------------------------------------- https://thehackernews.com/2019/06/vlc-media-player-hacking.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jackson-databind, libvirt, pdns, and vim), Fedora (evince, firefox, gjs, libxslt, mozjs60, and poppler), openSUSE (dbus-1, firefox, ImageMagick, netpbm, openssh, and thunderbird), Oracle (libssh2, libvirt, and python), Scientific Linux (python), SUSE (compat-openssl098 , dbus-1 , evince , exempi , firefox , glib2 , gstreamer-0_10-plugins-base , gstreamer-plugins-base , java-1_8_0-ibm , libssh2_org , libvirt , netpbm , samba , SDL2 , sqlite3 , thunderbird, wireshark), Ubuntu (web2py) --------------------------------------------- https://lwn.net/Articles/791921/ ∗∗∗ cURL: Windows OpenSSL engine code injection ∗∗∗ --------------------------------------------- A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. This flaw exists in the official curl-for-windows binaries built and hosted by the curl project (all versions up to and including 7.65.1_1). It does not exist in the curl executable shipped by Microsoft, bundled with Windows 10. It possibly exists in other curl builds for Windows too that uses OpenSSL. --------------------------------------------- https://curl.haxx.se/docs/CVE-2019-5443.html ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Nagios XI ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0534 ∗∗∗ Mattermost security update 5.11.1 / 5.10.2 / 5.9.2 / 4.10.10 (ESR) released ∗∗∗ --------------------------------------------- We are releasing a recommended security update via Mattermost Team Edition 5.11.1, 5.10.2, 5.9.2 and 4.10.10 (ESR) and Mattermost Enterprise Edition 5.11.1, 5.10.2, 5.9.2 and 4.10.10 (ESR). This security update addresses a medium-level vulnerability discovered during a security research review by Zonduu. --------------------------------------------- https://mattermost.com/blog/mattermost-security-update-5-11-1-5-10-2-5-9-2-… ∗∗∗ Secure Hub accepts 10 digit worxpin when "PIN Length Requirement" Client Property is set to more than 10 ∗∗∗ --------------------------------------------- Secure Hub when enrolling would prompt for Worxpin post successful enrollment and you would observe that Worxpin requirement is met as soon as 10 Digit PIN is set while XM console has PIN Length Requirement set to more than 10. --------------------------------------------- https://support.citrix.com/article/CTX256810 ∗∗∗ IBM Security Bulletin: Vulnerability affects IBM Cloud Object Storage SDK Java (June 2019) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-affects… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Access Manager Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL affect QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-cu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.06.2019
by Daily end-of-shift report 21 Jun '19

21 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-06-2019 18:00 − Freitag 21-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Botnet Uses SSH and ADB to Create Android Cryptomining Army ∗∗∗ --------------------------------------------- Researchers discovered a cryptocurrency mining botnet that uses the Android Debug Bridge (ADB) Wi-Fi interface and SSH connections to hosts stored in the known_hosts list to spread to other devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-c… ===================== = Vulnerabilities = ===================== ∗∗∗ PHOENIX CONTACT Automation Worx Software Suite ∗∗∗ --------------------------------------------- This advisory includes mitigations for access of uninitialized pointer, out-of-bounds read, and use after free vulnerabilities reported in Phoenix Contacts Automation Worx Software Suite. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-171-01 ∗∗∗ Cisco schließt zwei kritische und zahlreiche weitere Schwachstellen ∗∗∗ --------------------------------------------- Updates für Ciscos SD-WAN-Lösung und DNA Center beseitigen kritische Sicherheitsprobleme. Aber auch zahlreiche weitere Produkte wurden frisch gepatcht. --------------------------------------------- https://heise.de/-4451734 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, gvfs, intel-microcode, and python-urllib3), Fedora (advancecomp, firefox, freeradius, kubernetes, pam-u2f, and rubygem-jquery-ui-rails), openSUSE (elfutils and sssd), Red Hat (chromium-browser), SUSE (doxygen and samba), and Ubuntu (evince, firefox, Gunicorn, libvirt, and sqlite3). --------------------------------------------- https://lwn.net/Articles/791572/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libvirt and python), Debian (intel-microcode, php-horde-form, and znc), Fedora (firefox), Mageia (firefox, flash-player-plugin, git, graphicsmagick, kernel, kernel-linus, kernel-tmb, phpmyadmin, and thunderbird), Oracle (libssh2, libvirt, and python), Red Hat (libvirt and python), Scientific Linux (libvirt), Slackware (bind and mozilla), SUSE (enigmail), and Ubuntu (bind9, intel-microcode, mosquitto, postgresql-10, postgresql-11, and thunderbird). --------------------------------------------- https://lwn.net/Articles/791669/ ∗∗∗ Synology-SA-19:28 Linux kernel ∗∗∗ --------------------------------------------- CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 allow remote attackers to conduct denial-of-service attacks via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_28 ∗∗∗ Multiple vulnerabilities in VAIO Update ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN13555032/ ∗∗∗ Intel-SA-00213: Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT vulnerabilities ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42117350 ∗∗∗ Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/ ∗∗∗ Security vulnerabilities fixed in Thunderbird 60.7.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/ ∗∗∗ AirPort Base Station Firmware Update 7.8.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT210091 ∗∗∗ CVE-2019-10072 Apache Tomcat HTTP/2 DoS ∗∗∗ --------------------------------------------- https://mail-archives.apache.org/mod_mbox/tomcat-announce/201906.mbox/brows… ∗∗∗ DSA-2019-084: Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Security Update for PC Doctor Vulnerability ∗∗∗ --------------------------------------------- https://www.dell.com/support/article/at/de/atdhs1/sln317291/dsa-2019-084-de… ∗∗∗ [webapps] WebERP 4.15 - SQL injection ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/47013 ∗∗∗ DoS Vulnerability in Huawei S Series Switch Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-… ∗∗∗ IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following jQuery vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-mess… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability in Node.js (CVE-2019-5737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-is-a… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js lodash module vulnerability (CVE-2018-16487) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-mess… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-5390 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.06.2019
by Daily end-of-shift report 19 Jun '19

19 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 18-06-2019 18:00 − Mittwoch 19-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Zombieload: Intel-Microcode für Windows v1809/v1803 verfügbar ∗∗∗ --------------------------------------------- Schutz gegen Microarchitectural Data Sampling wie Zombieload: Wer noch Windows 10 oder Windows Server in einer älteren Version auf einem Intel-Prozessor nutzt, erhält nun direkt über das Betriebssystem passenden Microcode, um das System gegen Seitenkanalangriffe zu härten. --------------------------------------------- https://www.golem.de/news/zombieload-intel-microcode-fuer-windows-v1809-v18… ∗∗∗ Pass the salt! Popular CMSs aren’t securing passwords properly ∗∗∗ --------------------------------------------- A group of researchers has discovered that many of the webs most popular content management systems are using obsolete algorithms to protect their users passwords. --------------------------------------------- https://nakedsecurity.sophos.com/2019/06/19/popular-content-platforms-putti… ∗∗∗ Quick Detect: Exim "Return of the Wizard" Attack, (Wed, Jun 19th) ∗∗∗ --------------------------------------------- Thanks to our reader Alex for sharing some of his mail logs with the latest attempts to exploit CVE-2019-10149 (aka "Return of the Wizard"). The vulnerability affects Exim and was patched about two weeks ago. There are likely still plenty of vulnerable servers, but it looks like attackers are branching out and are hitting servers not running Exim as well. --------------------------------------------- https://isc.sans.edu/diary/rss/25052 ∗∗∗ Evading Sysmon DNS Monitoring ∗∗∗ --------------------------------------------- In a recent update to Sysmon, a new feature was introduced allowing the ability to log DNS events. While this gives an excellent datapoint for defenders (shout out to the SysInternals team for continuing to provide and support these awesome tools for free), for us as attackers, this means that should our implant or payloads attempt to communicate via DNS, BlueTeam have a potential way to pick up on indicators which could lead to detection. --------------------------------------------- https://blog.xpnsec.com/ ∗∗∗ BSI veröffentlicht Empfehlungen zur sicheren Konfiguration von Microsoft-Office-Produkten ∗∗∗ --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat für den Einsatz auf dem Betriebssystem Microsoft Windows sieben Cyber-Sicherheitsempfehlungen für eine sichere Konfiguration von Microsoft Office 2013/2016/2019 erstellt. Diese behandeln zum einen übergreifende Richtlinien für Microsoft Office, zum anderen Richtlinien für sechs häufig genutzte Microsoft Office-Anwendungen (Access, Excel, Outlook, PowerPoint, Visio und Word). --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Empfehlunge… ∗∗∗ Achtung vor gefälschten News zu BitUp und Bitcoin Code ∗∗∗ --------------------------------------------- Internetnutzer/innen stoßen vermehrt auf erfundene Nachrichtenartikel, die die Angebote von Bitcoin Code oder BitUp bewerben. Berichtet wird vom „größten Deal der Geschichte“ bei den Fernsehsendungen „Die Höhle der Löwen“ oder „2 Minuten 2 Millionen“. Die Angebote auf bitcoincodesoftapps.com und bitupapp.com sind unseriös und Anleger/innen verlieren ihr Geld! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-gefaelschten-news-zu-bit… ===================== = Vulnerabilities = ===================== ∗∗∗ Zero Day: Mozilla schließt ausgenutzte Sicherheitslücke in Firefox ∗∗∗ --------------------------------------------- Firefox-Hersteller Mozilla hat eine kritische Sicherheitslücke in seinem Browser geschlossen, die wohl aktiv ausgenutzt wird. Updates stehen bereit und werden von Mozilla bereits verteilt. --------------------------------------------- https://www.golem.de/news/zero-day-mozilla-schliesst-ausgenutzte-sicherheit… ∗∗∗ Oracle Releases Security Advisory for WebLogic ∗∗∗ --------------------------------------------- Original release date: June 19, 2019 Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/06/19/Oracle-Releases-Se… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dbus, firefox, kernel, linux-lts, linux-zen, and python), CentOS (bind and kernel), Debian (firefox-esr, glib2.0, and vim), Fedora (dbus, kernel, kernel-headers, mingw-libxslt, poppler, and python-gnupg), openSUSE (gnome-shell, kernel, libcroco, php7, postgresql10, python, sssd, and thunderbird), Oracle (kernel and libvirt), Red Hat (go-toolset:rhel8, gvfs, java-11-openjdk, pki-deps:10.6, systemd, and WALinuxAgent), SUSE (docker, kernel, libvirt, [...] --------------------------------------------- https://lwn.net/Articles/791462/ ∗∗∗ PHOENIX CONTACT Multiple Vulnerabilities in Automation Worx Software Suite ∗∗∗ --------------------------------------------- Security Advisory for Automation Worx Software Suite version 1.86 and earlier --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-014 ∗∗∗ Vuln: Symantec DLP CVE-2019-9701 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108733 ∗∗∗ Samba: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0521 ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by sensitive information leakage in LoopBack (CVE-2019-4382) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4377) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Command Center (CVE-2019-2602) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM API Connect ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by sensitive information leak (CVE-2018-2013) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by software stack information leak (CVE-2018-2011) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V5 is vulnerable to CSRF attacks (CVE-2018-1858) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-vul… ∗∗∗ FreeBSD SACK Slowness vulnerability CVE-2019-5599 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K75521003 ∗∗∗ Linux SACK Slowness vulnerability CVE-2019-11478 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26618426 ∗∗∗ Linux SACK Panic vulnerability CVE-2019-11477 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K78234183 ∗∗∗ Excess resource consumption due to low MSS values vulnerability CVE-2019-11479 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35421172 ∗∗∗ Intel CSME and SPS vulnerability CVE-2019-0093 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13710800 ∗∗∗ Intel Server Platform Services vulnerability CVE-2019-0089 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K47234311 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.06.2019
by Daily end-of-shift report 18 Jun '19

18 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Montag 17-06-2019 18:00 − Dienstag 18-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Security Alert: Booking.Com Fake Emails Infect Computers with Sodinokibi Ransomware ∗∗∗ --------------------------------------------- A new spam campaign pretending to be from Booking.com is now targeting users. The emails carry a document containing macro code. If someone clicks on the document, opens it, and allows the execution of the macro code, a loader will be spawned. This will download and run ransomware of the Sodinokibi class. --------------------------------------------- https://heimdalsecurity.com/blog/booking-com-fake-emails-sodinokibi-ransomw… ∗∗∗ Plurox: Modular backdoor ∗∗∗ --------------------------------------------- The analysis showed the Backdoor.Win32.Plurox to have a few quite unpleasant features. What’s more, the backdoor is modular, which means that its functionality can be expanded with the aid of plugins. --------------------------------------------- https://securelist.com/plurox-modular-backdoor/91213/ ∗∗∗ Malware sidesteps Google permissions policy with new 2FA bypass technique ∗∗∗ --------------------------------------------- When Google restricted the use of SMS and Call Log permissions in Android apps in March 2019, one of the positive effects was that credential-stealing apps lost the option to abuse these permissions for bypassing SMS-based two-factor authentication (2FA) mechanisms. We have now discovered malicious apps capable of accessing one-time passwords (OTPs) in SMS 2FA messages without using SMS permissions, circumventing Google’s recent restrictions. As a bonus, this technique also works to obtain OTPs from some email-based 2FA systems. --------------------------------------------- https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-by… ∗∗∗ Sharing the Secrets: Pwning an industrial IoT router ∗∗∗ --------------------------------------------- I get involved in a lot of IoT and ICS pen tests and found an interesting device on one of them. I didn’t have enough time on the job to go as deep as I wanted, so got PTP to buy a couple to play with. eBay FTW! It’s an Ewon Flexy IoT Router. --------------------------------------------- https://www.pentestpartners.com/security-blog/sharing-the-secrets-pwning-an… ∗∗∗ Bestellen Sie nicht bei lastore.net ∗∗∗ --------------------------------------------- Auch wenn die Preise bei lastore.net sehr verlockend sind, raten wir von einer Bestellung ab. Denn lastore.net ist ein Fake-Shop, der trotz Bezahlung keine Ware liefert! --------------------------------------------- https://www.watchlist-internet.at/news/bestellen-sie-nicht-bei-lastorenet/ ===================== = Vulnerabilities = ===================== ∗∗∗ TCP SACK PANIC: Linux- und FreeBSD-Kernel lassen sich aus der Ferne angreifen ∗∗∗ --------------------------------------------- Netflix hat einige Sicherheitsprobleme im Netzwerk-Stack von Linux- und FreeBSD-Kerneln entdeckt, die sich für Denial-of-Service-Attacken eignen. --------------------------------------------- https://heise.de/-4449183 ∗∗∗ Vulnerability Spotlight: Two bugs in KCodes NetUSB affect some NETGEAR routers ∗∗∗ --------------------------------------------- KCodes’ NetUSB kernel module contains two vulnerabilities that could allow an attacker to inappropriately access information on some NETGEAR wireless routers. Specific models of these routers utilize the kernel module from KCodes, a Taiwanese company. The module is custom-made for each device, but they all contain similar functions. --------------------------------------------- https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-two-bugs… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (linux-hardened), Debian (kdepim, kernel, linux-4.9, and phpmyadmin), Fedora (ansible and glib2), openSUSE (kernel and vim), Oracle (bind and kernel), Red Hat (kernel and kernel-rt), Scientific Linux (bind and kernel), SUSE (dbus-1, ImageMagick, kernel, netpbm, openssh, and sqlite3), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon and linux, --------------------------------------------- https://lwn.net/Articles/791370/ ∗∗∗ Critical Flaw Exposes TP-Link Wi-Fi Extenders to Remote Attacks ∗∗∗ --------------------------------------------- A critical remote code execution vulnerability discovered by an IBM X-Force researcher allows an unauthenticated attacker to take complete control of some TP-Link Wi-Fi extenders. Firmware updates that should patch the flaw have been made available by the vendor. --------------------------------------------- https://www.securityweek.com/critical-flaw-exposes-tp-link-wi-fi-extenders-… ∗∗∗ MISP: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- MISP ist eine Open-Source-Plattform für den Informationsaustausch über Bedrohungen. Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in MISP ausnutzen, um beliebigen Programmcode auszuführen. CVE Liste: CVE-2019-12868 --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0515 ∗∗∗ Improper Access Control Vulnerability in AppDNA ∗∗∗ --------------------------------------------- A vulnerability has been identified in AppDNA that could result in access controls not being enforced when accessing the web console potentially allowing privilege escalation and remote code execution. --------------------------------------------- https://support.citrix.com/article/CTX253828 ∗∗∗ IBM Security Bulletin: Password exposure via job log in IBM Spectrum Protect Plus (CVE-2019-4385) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-exposure-via… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to CSV Injection (CVE-2019-4364) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-4303) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Tivoli System Automation for Multiplatforms April 2019 CPU (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5743 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: An Arbitrary Download Vulnerability Affects IBM Campaign (CVE-2019-4384) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-arbitrary-download… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability Affects IBM Marketing Platform (CVE-2017-1107) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.06.2019
by Daily end-of-shift report 17 Jun '19

17 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-06-2019 18:00 − Montag 17-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ U.S. Govt Achieves BlueKeep Remote Code Execution, Issues Alert ∗∗∗ --------------------------------------------- The Cybersecurity and Infrastructure Security Agency (CISA) published an alert for Windows users to patch the critical severity Remote Desktop Services (RDS) RCE security flaw dubbed BlueKeep. --------------------------------------------- https://www.bleepingcomputer.com/news/security/us-govt-achieves-bluekeep-re… ∗∗∗ Ermittler entschlüsselten neue Version der GandCrab-Ransomware ∗∗∗ --------------------------------------------- Wer Opfer der Ransomware wurde, kann die Schadsoftware mit dem neuen Tool kostenfrei entfernen. --------------------------------------------- https://futurezone.at/netzpolitik/ermittler-entschluesselten-neue-version-d… ∗∗∗ An infection from Rig exploit kit, (Mon, Jun 17th) ∗∗∗ --------------------------------------------- [...] Today's diary reviews a recent example of infection traffic caused by Rig EK. --------------------------------------------- https://isc.sans.edu/diary/rss/25040 ∗∗∗ Überteuertes Visum für Kanada auf kanadaeta.com und kanada-eta.de ∗∗∗ --------------------------------------------- Zahlreiche verärgerte Konsument/innen berichten uns von überteuerten ETA-Anträgen (Electronic Travel Authorization) – also Reisegenehmigungen – auf kanadaeta.com und kanada-eta.de. Statt etwa 5 Euro auf der offiziellen Website der kanadischen Regierung werden hier zwischen 50 und 80 Euro für ein Visum verrechnet. Die Watchlist Internet empfiehlt: Die offizielle Regierungswebsite nutzen! --------------------------------------------- https://www.watchlist-internet.at/news/ueberteuertes-visum-fuer-kanada-auf-… ∗∗∗ Security researcher finds critical XSS bug in Googles Invoice Submission Portal ∗∗∗ --------------------------------------------- Security bug would have allowed hackers access to one of Googles backend apps. --------------------------------------------- https://www.zdnet.com/article/security-researcher-finds-critical-xss-bug-in… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and thunderbird), Debian (php-horde-form, pyxdg, thunderbird, and znc), Fedora (containernetworking-plugins, mediawiki, and podman), openSUSE (chromium), Red Hat (bind, chromium-browser, and flash-plugin), SUSE (docker, glibc, gstreamer-0_10-plugins-base, gstreamer-plugins-base, postgresql10, sqlite3, and thunderbird), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/791277/ ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-pla… ∗∗∗ IBM Security Bulletin: Vulnerability in strongswan affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-stro… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL and strongswan affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-fabric-os-firmware-fo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.06.2019
by Daily end-of-shift report 14 Jun '19

14 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-06-2019 18:00 − Freitag 14-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs ∗∗∗ --------------------------------------------- Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations’ computing resources to use for malicious purposes and it remains a top security concern. In this blog post, we will detail an attack type where an API [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/T-m0jjHJA_o/ ∗∗∗ Security and Privacy, Two Sides of the Same Coin ∗∗∗ --------------------------------------------- ENISA Annual Privacy Forum 2019 --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/security-and-privacy-two-sides-… ∗∗∗ Phishing-Mails gaukeln Ende von WhatsApp-Abonnement vor ∗∗∗ --------------------------------------------- Eine aktuelle Phishing-Welle versucht, WhatsApp-Nutzer über ein angeblich auslaufendes Abonnement zur Preisgabe von Zahlungsdaten zu bewegen. --------------------------------------------- https://heise.de/-4447165 ∗∗∗ Linux servers under attack via latest Exim flaw ∗∗∗ --------------------------------------------- It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149). Active campaigns One security enthusiast detected exploitation attempts five days ago: [...] --------------------------------------------- https://www.helpnetsecurity.com/2019/06/14/exploiting-cve-2019-10149/ ∗∗∗ Adware and PUPs families add push notifications as an attack vector ∗∗∗ --------------------------------------------- Push notifications are being added to the arsenal of PUPs, adware, and even a Trojan browser extension that spams Facebook groups. --------------------------------------------- https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-p… ∗∗∗ Yubico Replacing YubiKey FIPS Devices Due to Security Issue ∗∗∗ --------------------------------------------- Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA signatures generated on these devices to have reduced strength. --------------------------------------------- https://www.securityweek.com/yubico-replacing-yubikey-fips-devices-due-secu… ∗∗∗ French Authorities Release Free Decryptor for PyLocky Ransomware ∗∗∗ --------------------------------------------- The French Ministry of Interior has released a free decryption tool for the PyLocky ransomware to help victims recover their data. --------------------------------------------- https://www.securityweek.com/french-authorities-release-free-decryptor-pylo… ∗∗∗ MISP 2.4.109 released (aka cool-attributes-to-object) ∗∗∗ --------------------------------------------- MISP 2.4.109 releasedA new version of MISP (2.4.109) has been released with a host of new features, improvements, bug fixes and a minor security fix. We strongly advise all users to update their MISP installations to this latest version. --------------------------------------------- https://www.misp-project.org/2019/06/14/MISP.2.4.109.released.html ===================== = Vulnerabilities = ===================== ∗∗∗ BD Alaris Gateway Workstation ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper access control and unrestricted upload of file with dangerous type vulnerabilities reported in BD’s Alaris Gateway Workstation. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01 ∗∗∗ Johnson Controls exacqVision Enterprise System Manager ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper authorization vulnerability reported in Johnson Controls exacqVision Enterprise System Manager. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-164-01 ∗∗∗ Xen Security Advisory XSA-295 - Unlimited Arm Atomics Operations ∗∗∗ --------------------------------------------- An attacker in a domU could perform a denial of service attack on Xen by accessing a memory region shared with the hypervisor, while Xen is performing an atomic operation on the same region. As a result Xen could end up looping boundlessly. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-295.txt ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (gvim, lib32-openssl, openssl, and vim), Debian (dbus), Fedora (dovecot, evince, js-jquery-jstree, libxslt, php-phpmyadmin-sql-parser, and phpMyAdmin), openSUSE (neovim and rubygem-rack), Oracle (docker-engine and python), Scientific Linux (python), Slackware (mozilla), and SUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, elfutils, libvirt, and python-requests). --------------------------------------------- https://lwn.net/Articles/791165/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact Remote Code Execution (CVE-2019-4103) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-netcool-im… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is affected by a XXE (XML External Entity) Injection vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Notes 9 and Domino 9 are affected by Open Source James Clark Expat Vulnerabilities (CVE-2013-0340, CVE-2013-0341) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-notes-9-and-domin… ∗∗∗ IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cognos-controller… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.06.2019
by Daily end-of-shift report 13 Jun '19

13 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-06-2019 18:00 − Donnerstag 13-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ What is "THAT" Address Doing on my Network, (Thu, Jun 13th) ∗∗∗ --------------------------------------------- Disclosure: ISC does not endorse any one particular vendor. That said, you may recognize what type of firewall I use :) --------------------------------------------- https://isc.sans.edu/diary/rss/25028 ∗∗∗ LDAP Swiss Army Knife ∗∗∗ --------------------------------------------- This paper presents the "LDAP Swiss Army Knife", an easy to use LDAP server implementation built for penetration oder software testing. Apart from general usage as a server or proxy it also shows some specific attacks against Java/JNDI based LDAP clients. --------------------------------------------- https://packetstormsecurity.com/files/153270/LDAP-Swiss-Army-Knife.html ∗∗∗ SandboxEscaper enthüllt fünften Win-Exploit, Microsoft patcht die übrigen ∗∗∗ --------------------------------------------- Pünktlich zum Patchday hat Microsoft auch die 0-Day-Lücken des Hackers "SandboxEscaper" geschlossen. Alle bis auf eine. --------------------------------------------- https://heise.de/-4445318 ∗∗∗ Vermeintliche E-Mail von A1 ignorieren ∗∗∗ --------------------------------------------- Eine E-Mail von A1, in der es heißt, dass Ihnen irrtümlicherweise 86,43 Euro in Rechnung gestellt wurde, können Sie ignorieren. Es handelt sich um einen Versuch, an Ihre Zugangs- und Bankdaten zu gelangen. --------------------------------------------- https://www.watchlist-internet.at/news/vermeintliche-e-mail-von-a1-ignorier… ∗∗∗ SEC security alert warns about misconfigured NAS, DBs, and cloud storage servers ∗∗∗ --------------------------------------------- SEC OCIE inspections finds that companies have failed to properly secure network-accessible storage systems. --------------------------------------------- https://www.zdnet.com/article/sec-security-alert-warns-about-misconfigured-… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ About the security content of iCloud for Windows 10.4 ∗∗∗ --------------------------------------------- This document describes the security content of iCloud for Windows 10.4. --------------------------------------------- https://support.apple.com/en-us/HT210212 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (firefox, kernel, kernel-headers, libreswan, python-urllib3, and vim), Red Hat (python), SUSE (sssd), and Ubuntu (dbus). --------------------------------------------- https://lwn.net/Articles/791052/ ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2019-4403) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-secur… ∗∗∗ IBM Security Bulletin: IBM i Clustering is affected by CVE-2019-4381 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-clustering-is-a… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud April 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in Python affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-py… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.06.2019
by Daily end-of-shift report 12 Jun '19

12 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-06-2019 18:00 − Mittwoch 12-06-2019 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft Releases June 2019 Office Updates With Security Fixes ∗∗∗ --------------------------------------------- Microsoft released the June 2019 Office Updates today, which consist of 13 security updates and 13 non-security updates. Given that some of the Microsoft Office security updates issued today also resolve critical vulnerabilities, it is strongly advised to install them as soon as possible. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-releases-june-2019… ∗∗∗ Bad Cert Vulnerability Can Bring Down Any Windows Server ∗∗∗ --------------------------------------------- A Google security expert today revealed that an unpatched issue in the main cryptographic library in Microsofts operating system can cause a denial-of-service (DoS) condition on Windows 8 servers and above. --------------------------------------------- https://www.bleepingcomputer.com/news/security/bad-cert-vulnerability-can-b… ∗∗∗ Ransomware identification for the judicious analyst ∗∗∗ --------------------------------------------- When facing a ransomware infection, it helps to be familiar with some tools as well as key points to identify ransomware correctly. --------------------------------------------- https://www.gdatasoftware.com/blog/2019/06/31666-ransomware-identification-… ∗∗∗ RAMBleed: Rowhammer kann auch Daten auslesen ∗∗∗ --------------------------------------------- Mit Angriffen durch RAM-Bitflips lassen sich unberechtigt Speicherinhalte auslesen. Als Demonstration zeigen Forscher, wie sie mit Nutzerrechten einen RSA-Key eines SSH-Daemons auslesen können. --------------------------------------------- https://www.golem.de/news/rambleed-rowhammer-kann-auch-daten-auslesen-1906-… ∗∗∗ DICOM Standard in Medical Devices ∗∗∗ --------------------------------------------- NCCIC is aware of a public report of a vulnerability in the DICOM (Digital Imaging and Communications in Medicine) standard with proof-of-concept (PoC) exploit code. The DICOM standard is the international standard to transmit, store, retrieve, print, process, and display medical imaging information. According to this report, the vulnerability is exploitable by embedding executable code into the 128 byte preamble. This report was released without coordination with NCCIC or any known vendor. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-19-162-01 ∗∗∗ AVML - Acquire Volatile Memory for Linux ∗∗∗ --------------------------------------------- AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary. AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori. No on-target compilation or fingerprinting is needed. --------------------------------------------- https://github.com/microsoft/avml ∗∗∗ Windows-Schwachstelle „Bluekeep“: Erneute Warnung vor wurmartigen Angriffen ∗∗∗ --------------------------------------------- Wurmartige Cyber-Angriffe mit den Schadprogrammen WannaCry und NotPetya haben im Jahr 2017 weltweit Millionenschäden verursacht und einzelne Unternehmen in Existenznöte gebracht. Ein vergleichbares Szenario ermöglicht die kritische Schwachstelle Bluekeep, die im Remote-Desktop-Protocol-Dienst (RDP) von Microsoft-Windows enthalten ist. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hatte bereits im Mai ebenso wie Microsoft vor dieser Schwachstelle gewarnt und --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Windows-Sch… ∗∗∗ Achtung vor angeblichen Microsoft-Anrufen ∗∗∗ --------------------------------------------- Eine neue Welle angeblicher Microsoft Anrufe rollt momentan über Österreich hinweg. Die Anrufer/innen behaupten, Probleme auf den Geräten der Betroffenen gefunden zu haben. Vorsicht: Es handelt sich um Betrüger/innen, die versuchen, Zugriff auf das System ihrer Opfer zu erhalten und Daten zu stehlen. Konsument/innen sollten derartige Anrufe umgehend beenden. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-angeblichen-microsoft-an… ===================== = Vulnerabilities = ===================== ∗∗∗ Intel Releases Security Updates, Mitigations for Multiple Products ∗∗∗ --------------------------------------------- Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Sec… ∗∗∗ Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series ∗∗∗ --------------------------------------------- The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities resulting from old software components embedded in the firmware. --------------------------------------------- https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-wago… ∗∗∗ Patchday: Gefährliche Lücke in Aufgabenplanung von Windows 10 gepatcht ∗∗∗ --------------------------------------------- Microsoft hat jede Menge Sicherheitsupdates für Windows, Office und weitere Software veröffentlicht. Viele Lücke gelten als kritisch. --------------------------------------------- https://heise.de/-4444614 ∗∗∗ Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine ∗∗∗ --------------------------------------------- The Preempt research team found two critical Microsoft vulnerabilities that consist of three logical flaws in NTLM, the company’s proprietary authentication protocol. These vulnerabilities allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS. The research shows that all Windows versions are vulnerable. --------------------------------------------- https://www.helpnetsecurity.com/2019/06/11/microsoft-ntlm-vulnerabilities/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libgd2, mediawiki, otrs2, vlc, and zookeeper), Fedora (containernetworking-plugins, kernel, kernel-headers, nodejs-tough-cookie, podman, python-django, and python-urllib3), openSUSE (virtualbox), SUSE (gnome-shell, libcroco, and php7), and Ubuntu (dbus, Neovim, and vim). --------------------------------------------- https://lwn.net/Articles/790976/ ∗∗∗ Flaw in Evernote Extension Allows Hackers to Steal Data ∗∗∗ --------------------------------------------- A vulnerability identified by researchers in a popular Evernote extension for Chrome can be exploited by hackers to steal sensitive information from the websites accessed by a user. read more --------------------------------------------- https://www.securityweek.com/flaw-evernote-extension-allows-hackers-steal-d… ∗∗∗ MISP: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- MISP ist eine Open-Source-Plattform für den Informationsaustausch über Bedrohungen. Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in MISP ausnutzen, um seine Privilegien zu erhöhen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0491 ∗∗∗ Security Advisory - DLL Hijacking Vulnerability on Huawei HiSuite ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190612-… ∗∗∗ IBM Security Bulletin: A security vulnerability has been idenfied in IBM SDK which affects IBM Db2 Query Management Facility for z/OS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.06.2019
by Daily end-of-shift report 11 Jun '19

11 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-06-2019 18:00 − Dienstag 11-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Paketmanagement: Java-Dependencies über unsichere HTTP-Downloads ∗∗∗ --------------------------------------------- In zahlreichen Java-Projekten werden Abhängigkeiten ungeprüft über HTTP ohne TLS heruntergeladen. Ein Netzwerkangreifer kann dadurch trivial die Downloads manipulieren und Schadcode ausführen. --------------------------------------------- https://www.golem.de/news/paketmanagement-java-dependencies-ueber-unsichere… ∗∗∗ Tip: Sysmon Will Log DNS Queries ∗∗∗ --------------------------------------------- [...] Mark announced a new version of Sysmon that will log DNS queries (and replies): [...] --------------------------------------------- https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/ ∗∗∗ Microsoft Office: Gefährliches RTF-Dokument bringt Backdoor-Trojaner mit ∗∗∗ --------------------------------------------- Derzeit nutzen Angreifer vermehrt eine zwei Jahre alte Office-Lücke aus, für die es bereits einen Patch gibt. Dabei stehen vor allem Ziele in Europa im Fokus. --------------------------------------------- https://heise.de/-4444187 ∗∗∗ China Telecom Routes European Traffic to Its Network for Two Hours ∗∗∗ --------------------------------------------- For two hours last week, a BGP route leak resulted in large portions of European Internet traffic being routed through China Telecom’s network. read more --------------------------------------------- https://www.securityweek.com/china-telecom-routes-european-traffic-its-netw… ∗∗∗ Bitcoin-Erpressungs-Mail mit erfundenen Webcam-Aufnahmen ∗∗∗ --------------------------------------------- Kriminelle versenden massenhaft E-Mails an Internet-Nutzer/innen, in denen sie behaupten, dass die Systeme der Empfänger/innen gehackt wurden. Sie geben an, dadurch Videos über die Webcam aufgenommen zu haben, die die Empfänger/innen beim Masturbieren zeigen sollen. Um eine Verbreitung der Aufnahmen zu verhindern, werden 2000 Euro in Bitcoins gefordert. Es besteht kein Grund zur Sorge, denn es handelt sich um einen Erpressungsversuch und die Videos existieren nicht. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressungs-mail-mit-erfunde… ∗∗∗ Major HSM vulnerabilities impact banks, cloud providers, governments ∗∗∗ --------------------------------------------- Researchers disclose major vulnerabilities in HSMs (Hardware Security Modules). --------------------------------------------- https://www.zdnet.com/article/major-hsm-vulnerabilities-impact-banks-cloud-… ∗∗∗ Das CERT, das Wolf rief ∗∗∗ --------------------------------------------- Die Fabel ist bekannt: dem Hirtenjungen war fad, er schlug Alarm ("Wolf!"), um die Eintönigkeit zu vertreiben, und als dann der Wolf wirklich da war, hörte keiner mehr auf seinen Hilferuf. Wir haben regelmäßig ein ähnliches Thema: Wir sollen möglichst früh vor kommenden Problemen warnen, aber wenn der vorhergesagte Notfall doch nicht eintritt, dann senkt das unsere Glaubwürdigkeit. --------------------------------------------- http://www.cert.at/services/blog/20190611093533-2484.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe ColdFusion (APSB19-27), Adobe Flash Player (APSB19-30) and Adobe Campaign (APSB19-28). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1760 ∗∗∗ SAP Security Patch Day – June 2019 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580 ∗∗∗ --------------------------------------------- There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, including denial of service and the disclosure of sensitive information. --------------------------------------------- https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-multiple… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and pam-u2f), Debian (cyrus-imapd), Fedora (curl, cyrus-imapd, kernel, kernel-headers, php, and vim), openSUSE (axis, bind, bubblewrap, evolution, firefox, gnome-shell, libpng16, and rmt-server), Oracle (edk2 and kernel), and SUSE (bind, cloud7, and libvirt). --------------------------------------------- https://lwn.net/Articles/790818/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind and thunderbird), Mageia (firefox, ghostscript, graphicsmagick, imagemagick, postgresql, and thunderbird), Oracle (kernel), Red Hat (Advanced Virtualization and rh-haproxy18-haproxy), SUSE (bind, gstreamer-0_10-plugins-base, thunderbird, and vim), and Ubuntu (elfutils, glib2.0, and libsndfile). --------------------------------------------- https://lwn.net/Articles/790875/ ∗∗∗ Synology-SA-19:26 Photo Station ∗∗∗ --------------------------------------------- These vulnerabilities allow remote attackers to obtain sensitive information or modify system settings via a susceptible version of Photo Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_26 ∗∗∗ IBM Security Bulletin: IBM MQ Advanced Cloud Pak may print out plain text credentials in logs. (CVE-2019-4239) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud… ∗∗∗ [20190603] - Core - ACL hardening of com_joomlaupdate ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_M8Ux7hoaTM/785-20190603-c… ∗∗∗ [20190602] - Core - XSS in subform field ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/pYcjfxwUS9o/784-20190602-c… ∗∗∗ [20190601] - Core - CSV injection in com_actionlogs ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/XjAgqEhAS7g/783-20190601-c… ∗∗∗ # SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt ∗∗∗ # SSA-557804: Mirror Port Isolation Vulnerability in SCALANCE X switches ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-557804.txt ∗∗∗ # SSA-480230: Denial-of-Service in Webserver of Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-480230.txt ∗∗∗ # SSA-307392: Denial-of-Service in OPC UA in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt ∗∗∗ # SSA-254686: Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt ∗∗∗ # SSA-181018: Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-181018.txt ∗∗∗ # SSA-816980: Multiple Web Vulnerabilities in SIMATIC Ident MV420 and MV440 families ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-816980.txt ∗∗∗ # SSA-774850: Vulnerabilities in SIEMENS LOGO!8 devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-774850.txt ∗∗∗ # SSA-646841: Recoverable Password from Configuration Storage in SCALANCE X Switches ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-646841.txt ∗∗∗ # SSA-212009: Vulnerabilities in Siveillance VMS ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-212009.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.06.2019
by Daily end-of-shift report 07 Jun '19

07 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-06-2019 18:00 − Freitag 07-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ SandboxEscaper Debuts ByeBear Windows Patch Bypass ∗∗∗ --------------------------------------------- SandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch. --------------------------------------------- https://threatpost.com/sandboxescaper-byebear-windows-bypass/145470/ ∗∗∗ Keep an Eye on Your WMI Logs, (Thu, Jun 6th) ∗∗∗ --------------------------------------------- WMI ("Windows Management Instrumentation")[1] is, like Microsoft says, "the infrastructure for management data and operations on Windows-based operating systems". Personally, I like to make a (very) rough comparison between WMI and SNMP: You can query information about a system (read) but also alter it (write). WMI is present on Windows systems since the version Windows 2000. As you can imagine, when a tool is available by default on all systems, [...] --------------------------------------------- https://isc.sans.edu/diary/rss/25012 ∗∗∗ The EU Cybersecurity Act: a new Era dawns on ENISA ∗∗∗ --------------------------------------------- Today, 7th June 2019, the EU Cybersecurity Act was published in the Official Journal of the European Union. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/the-eu-cybersecurity-act-a-new-… ∗∗∗ Bloodhound walkthrough. A Tool for Many Tradecrafts ∗∗∗ --------------------------------------------- A walkthrough on how to set up and use BloodHound BloodHound (https://github.com/BloodHoundAD/BloodHound) is an application used to visualize active directory environments. The front-end is built on electron and the back-end is a Neo4j database, the data leveraged is pulled from a series of data collectors also referred to as ingestors which come in PowerShell and [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/bloodhound-walkthrough-a-tool… ∗∗∗ New Mirai Variant Adds 8 New Exploits, Targets Additional IoT Devices ∗∗∗ --------------------------------------------- Palo Alto Networks Unit 42 has been tracking the evolution of the Mirai malware, known for targeting embedded devices with the primary intent of launching DDoS attacks and self-propagation, since 2016 when it took down several notable targets. As part of this ongoing research, we’ve recently discovered a new variant of Mirai that[...] --------------------------------------------- https://unit42.paloaltonetworks.com/new-mirai-variant-adds-8-new-exploits-t… ∗∗∗ A botnet is brute-forcing over 1.5 million RDP servers all over the world ∗∗∗ --------------------------------------------- Furthermore, statistics show that despite BlueKeep, most RDP attacks today are brute-force attempts. --------------------------------------------- https://www.zdnet.com/article/a-botnet-is-brute-forcing-over-1-5-million-rd… ===================== = Vulnerabilities = ===================== ∗∗∗ Optergy Proton Enterprise Building Management System ∗∗∗ --------------------------------------------- This advisory includes mitigations for information exposure, cross-site request forgery, unrestricted upload of file with dangerous type, open redirect, hidden functionality, exposed dangerous method or function, and use of hard-coded credentials vulnerabilities reported in Optergy’s Proton/Enterprise Building Management System. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-157-01 ∗∗∗ Panasonic Control FPWIN Pro ∗∗∗ --------------------------------------------- This advisory includes mitigations for heap-based buffer overflow and type confusion vulnerabilities reported in Panasonics Control FPWIN Pro PLC programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (evolution and qemu), Fedora (cyrus-imapd and hostapd), Gentoo (exim), openSUSE (exim), Red Hat (qpid-proton), SUSE (bind, libvirt, mariadb, mariadb-connector-c, python, and rubygem-rack), and Ubuntu (firefox, jinja2, and linux-lts-xenial, linux-aws). --------------------------------------------- https://lwn.net/Articles/790647/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM API Connect’s Developer Portal is impacted by vulnerabilities in PHP (CVE-2019-11035 CVE-2019-11034) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-deve… ∗∗∗ IBM Security Bulletin: Secure Gateway is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-secure-gateway-is-aff… ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is impacted by Cross Site Scripting vulnerability (CVE-2016-10531 CVE-2018-3721 CVE-2017-0268) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… ∗∗∗ Intel UEFI vulnerability CVE-2019-0119 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K85585101 ∗∗∗ Intel Xeon access control vulnerability CVE-2019-0126 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37428370 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.06.2019
by Daily end-of-shift report 06 Jun '19

06 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-06-2019 18:00 − Donnerstag 06-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ USB Killer: What it is and how to protect your devices ∗∗∗ --------------------------------------------- Introduction What’s more ubiquitous in the PC world than USB sticks? They’re easy to use, affordable and are used by millions of people on a daily basis. Everyone knows that USB sticks can house nasties, including malware, but did you know that this same little drive can completely destroy a system by simply inserting it? --------------------------------------------- https://resources.infosecinstitute.com/usb-killer-how-to-protect-your-devic… ∗∗∗ Telecoms taken by storm: Natural phenomena dominate the outage picture ∗∗∗ --------------------------------------------- A total of 157 telecom outages were reported by the 28 EU member states and 2 EFTA countries, as part of the EU-wide telecom security breach reporting for the year 2018. Today ENISA, the EU Agency for Cybersecurity, publishes the 8th annual report on telecom security incidents, analyzing root causes, impact, and trends. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/telecoms-taken-by-storm-natural… ∗∗∗ Will you be Europe’s best cybersecurity talent? ∗∗∗ --------------------------------------------- European countries have started or are preparing to kick off their national cybersecurity competitions. The winners of the national contests will represent their countries in the ultimate cybersecurity competition on the continent: the European Cyber Security Challenge (ECSC) 2019. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/will-you-be-europe-s-best-cyber… ∗∗∗ Emotet bei Heise – Lehren aus einem Trojaner-Angriff ∗∗∗ --------------------------------------------- Es gab einen schwerwiegenden Einbruch in das Heise-Netz. An der Beseitigung arbeiten aktuell die IT-Abteilungen der Heise Gruppe und weitere Spezialisten. --------------------------------------------- https://heise.de/-4437807 ∗∗∗ Vorsicht bei BAWAG PSK-Mails ∗∗∗ --------------------------------------------- Mit der Aufforderung Ihren "secTAN" zu aktivieren, versuchen Kriminelle derzeit an Ihre Bankzugangsdaten zu gelangen. In der vermeintlichen E-Mail der Bank werden Sie aufgefordert, einem Link zu folgen. Dieser Link führt jedoch zu einer gefälschten BAWAG PSK-Website! Wir raten dazu, derartige Mails in den Spam-Ordner zu verschieben. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-bawag-psk-mails/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Exim-Sicherheitslücke gefährlicher als gedacht ∗∗∗ --------------------------------------------- EineSicherheitslücke im Exim-Mailserver lässt sich auch übers Netz zur Codeausführung ausnutzen, der Angriff dauert aber in der Standardkonfiguration mehrere Tage. Lokal ist er trivial und emöglicht es Nutzern, Root-Rechte zu erlangen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-root-zugriff-fuer-angreifer-bei… ∗∗∗ Angreifer könnten Kommunikationssoftware von Cisco lahmlegen ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Cisco Unified Communications Manager, Webex Meetings Server & Co. --------------------------------------------- https://heise.de/-4440986 ∗∗∗ VMSA-2019-0009 ∗∗∗ --------------------------------------------- VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities. (CVE-2019-5522, CVE-2019-5525) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0009.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (binutils), Debian (exim4 and poppler), Fedora (deepin-api, kernel, kernel-headers, kernel-tools, and php), openSUSE (cronie), and Ubuntu (apparmor, exim4, mariadb-10.1, php5, and php7.0, php7.2). --------------------------------------------- https://lwn.net/Articles/790541/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM® Intelligent Operations Center does not correctly validate file types before uploading files (CVE-2019-4069) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-intelligent-opera… ∗∗∗ IBM Security Bulletin: IBM® Intelligent Operations Center has a weak user-creation policy (CVE-2019-4066) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-intelligent-opera… ∗∗∗ IBM Security Bulletin: IBM® Intelligent Operations Center is vulnerable to user enumeration (CVE-2019-4068) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-intelligent-opera… ∗∗∗ IBM Security Bulletin: User passwords might be obtained by a brute force attack on IBM® Intelligent Operations Center (CVE-2019-4067) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-user-passwords-might-… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in IBM® Intelligent Operations Center (CVE-2019-4070) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is impacted by multiple vulnerabilities in IBM Java SDK (CVE-2018-3139 CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.06.2019
by Daily end-of-shift report 05 Jun '19

05 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-06-2019 18:00 − Mittwoch 05-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ We Decide What You See: Remote Code Execution on a Major IPTV Platform ∗∗∗ --------------------------------------------- Check Point Research discerned there to be over 1000 providers of this service with quite likely very high numbers of worldwide customers. As this vulnerability has been patched, we can now reveal what was involved. --------------------------------------------- https://research.checkpoint.com/we-decide-what-you-see-remote-code-executio… ∗∗∗ Its alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign ∗∗∗ --------------------------------------------- Cisco Talos recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. We assess that the attackers carried out these operations between January and April 2019 in an effort to install malware on users machines via malicious documents. --------------------------------------------- https://blog.talosintelligence.com/2019/06/frankenstein-campaign.html ∗∗∗ Warnung vor den Geschäftspraktiken bei FutureNet ∗∗∗ --------------------------------------------- FutureNet der BCU Trading LLC aus Dubai verspricht User/innen leicht zu verdienendes Geld. Zum einen soll durch das Kaufen von ‚AdPacks‘ und Anklicken von Werbungen, zum anderen durch das Anwerben neuer Nutzer/innen Geld verdient werden können. Es häufen sich aber die Meldungen zu ausbleibenden Zahlungen und das polnische Amt für Wettbewerb und Verbraucherschutz (UOKIK) warnt wegen dem Verdacht auf ein Pyramidensystem vor dem Unternehmen. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-den-geschaeftspraktiken-… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: VIM-Modelines erlauben Codeausführung ∗∗∗ --------------------------------------------- Im Texteditor VIM wurde eine Sicherheitslücke gefunden, bei der ein speziell präpariertes Dokument Code ausführen kann. Die dafür genutzte Funktion der Modelines ist nur auf manchen Systemen aktiv. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-vim-modelines-erlauben-codeausf… ∗∗∗ phpmyadmin: PMASA-2019-4 ∗∗∗ --------------------------------------------- CSRF vulnerability in login form Affected Versions: All versions prior to phpMyAdmin 4.9.0 are affected, probably at least as old as version 4.0 (perhaps even earlier) CVE ID: CVE-2019-12616 --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2019-4/ ∗∗∗ phpmyadmin: PMASA-2019-3 ∗∗∗ --------------------------------------------- SQL injection in Designer feature Affected Versions: phpMyAdmin versions prior to 4.8.6 are affected. CVE ID: CVE-2019-11768 --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2019-3/ ∗∗∗ Django security releases issued: 2.2.2, 2.1.9 and 1.11.21 ∗∗∗ --------------------------------------------- * CVE-2019-12308: AdminURLFieldWidget XSS * Patched bundled jQuery for CVE-2019-11358: Prototype pollution --------------------------------------------- https://www.djangoproject.com/weblog/2019/jun/03/security-releases/ ∗∗∗ Wireless Presenter von Logitech und Inateck anfällig für Angriffe über Funk ∗∗∗ --------------------------------------------- Die Pentesting-Firma SySS hat bereits zum wiederholten Male Sicherheitslücken in Wireless-Presenter-Systemen gefunden, über die sich Systeme kapern lassen. --------------------------------------------- https://heise.de/-4439795 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python-django), openSUSE (curl and libtasn1), Oracle (kernel), Red Hat (etcd, kernel-alt, and rh-python36-python-jinja2), Scientific Linux (thunderbird), SUSE (libvirt), and Ubuntu (db5.3, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws-hwe, linux-hwe, linux-oracle, linux-hwe, and linux-raspi2, linux-snapdragon). --------------------------------------------- https://lwn.net/Articles/790411/ ∗∗∗ PHOENIX CONTACT PLCNext AXC F 2152 ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-155-01 ∗∗∗ PHOENIX CONTACT FL NAT SMx ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-155-02 ∗∗∗ Geutebrück G-Cam and G-Code ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-155-03 ∗∗∗ 2019-06-05: Multiple Vulnerabilities in ABB CP635 HMI ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&Language… ∗∗∗ 2019-06-05: Vulnerabilities in ABB PB610 ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&Language… ∗∗∗ 2019-06-05: Vulnerabilities in ABB CP651 HMI ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&Language… ∗∗∗ Security Advisory - XSS Vulnerability in Huawei HedEx products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190605-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server in IBM Cloud April 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server used in IBM WebSphere Application Server in IBM Cloud (CVE-2019-0211 CVE-2019-0220) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue reveals internal data in application error messages ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue does not prevent caching of sensitive pages ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue web application is vulnerable to clickjacking attack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue web server allows downgrading to non-secure HTTP ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue discloses internal data left over from the product development phases ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ TECSON/GOK Improper Authentication and Access Control on multiple devices ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-012 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.06.2019
by Daily end-of-shift report 04 Jun '19

04 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Montag 03-06-2019 18:00 − Dienstag 04-06-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ VU#576688: Microsoft windows RDP Network Level Authenticaion can bypass the Windows lock screen ∗∗∗ --------------------------------------------- Microsoft Windows Remote Desktop supports a feature called Network Level Authentication(NLA),which moves the authentication aspect of a remote session from the RDP layer to the network-layer. The use of NLA is recommended to reduce the attack surface of systems exposed using the RDP protocol. --------------------------------------------- https://kb.cert.org/vuls/id/576688 ∗∗∗ VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles ∗∗∗ --------------------------------------------- The Lazarus Group, generally linked to the North Korean government, is one of the most notorious threat groups seen in recent years. At VB2018 ESET researchers Peter Kálnai and Michal Poslušný presented a paper looking at the groups various campaigns. Today, we publish their paper and the recording of their presentation. Read more --------------------------------------------- https://www.virusbulletin.com:443/blog/2019/06/vb2018-paper-lazarus-group-m… ∗∗∗ So schützen Sie sich vor Kleinanzeigen-Betrug ∗∗∗ --------------------------------------------- Kleinanzeigen-Plattformen erfreuen sich großer Beliebtheit. Sie bieten eine hervorragende Möglichkeit, alte Gegenstände zu verkaufen, die nicht mehr gebraucht werden, oder wahre Schnäppchen aus zweiter Hand zu ergattern. Doch Vorsicht: Sowohl hinter angeblichen Interessent/innen als auch Verkäufer/innen verstecken sich oft Kriminelle, die es nur auf das Geld oder die Ware ihrer Opfer abgesehen haben. --------------------------------------------- https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-kleinanzei… ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - June 2019 ∗∗∗ --------------------------------------------- The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-06-01.html ∗∗∗ Potentielles Sicherheitsproblem in Mailserver-Software Exim - Patches ab 11. 6. verfügbar ∗∗∗ --------------------------------------------- Das Exim-Projekt hat am 4. 6. 2019 Vorab-Informationen zu einer schwerwiegenden Sicherheitslücke veröffentlicht. Entsprechende Patches sind bereits für Linux-Distributionen etc. verfügbar, und so können von diesen - zeitgleich mit Veröffentlichung des Patches - ab 11. 6. fehlerbereinigte Pakete ausgerollt werden. --------------------------------------------- http://www.cert.at/warnings/all/20190604.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (python-django and python2-django), Debian (heimdal), Fedora (kernel, kernel-headers, kernel-tools, and sqlite), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork and GraphicsMagick), Oracle (thunderbird), Red Hat (systemd and thunderbird), SUSE (bind and firefox), and Ubuntu (qtbase-opensource-src). --------------------------------------------- https://lwn.net/Articles/790266/ ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Analyzer and Information Governance Catalog is affected by an Information Disclosure vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js denial of service vulnerability (CVE-2019-5737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: Jazz for Service Management (JazzSM) could allow a remote attacker to conduct phishing attacks, using an open redirect attack (CVE-2019-4201) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-jazz-for-service-mana… ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere eXtreme Scale ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Malicious File Upload attack (CVE-2019-4056) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Back and Refresh Attack (CVE-2019-4048) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Reverse Tabnabbing (CVE-2018-2028) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.06.2019
by Daily end-of-shift report 03 Jun '19

03 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 31-05-2019 18:00 − Montag 03-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Vorsicht: Offizielle Windows-10-Apps zeigen schädliche Werbung an ∗∗∗ --------------------------------------------- Der Konzern warnt Windows-Nutzer: Microsoft-Anwendungen leiten ihre Nutzer auf betrügerische Websites um. --------------------------------------------- https://futurezone.at/digital-life/vorsicht-offizielle-windows-10-apps-zeig… ∗∗∗ Legacy app whitelist can be abused to bypass latest macOS security features, expert warns ∗∗∗ --------------------------------------------- Three words to ruin an Apple engineers day: Patrick Wardle disclosure Malware can bypass protections in macOS Mojave, and potentially access user data as well as the webcam and mic – by exploiting a hole in Apples legacy app support. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/06/03/macos_secur… ∗∗∗ GandCrab ransomware operation says its shutting down ∗∗∗ --------------------------------------------- GandCrab crew says it made enough money and plans to retire within a month. --------------------------------------------- https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutti… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#877837: Multiple vulnerabilities in Quest (Dell) Kace K1000 Appliance ∗∗∗ --------------------------------------------- CVE-2018-5404:The Dell Kace K1000 Appliance allows an authenticated,remote attacker with least privileges(User Console Only role)to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. (CWE-89) CVE-2018-5405:The Dell Kace K1000 Appliance allows an authenticated least privileged user with‘User Console Only’rights to potentially inject arbitrary JavaScript code on the tickets page. --------------------------------------------- https://kb.cert.org/vuls/id/877837 ∗∗∗ Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Border Gateway Protocol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Sicherheitsupdate: Nvidia Geforce Experience angreifbar ∗∗∗ --------------------------------------------- Ein lokaler Angreifer könnte über Schwachstellen in Nvidia Geforce Experience Schadcode auf Computer schieben. --------------------------------------------- https://heise.de/-4437588 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, and live-media), Debian (doxygen and php5), Fedora (cryptopp, drupal7-context, drupal7-ds, drupal7-module_filter, drupal7-path_breadcrumbs, drupal7-uuid, drupal7-views, drupal7-xmlsitemap, and sleuthkit), openSUSE (axis, chromium, containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, curl, doxygen, GraphicsMagick, [...] --------------------------------------------- https://lwn.net/Articles/790174/ ∗∗∗ Vuln: Apache Hadoop CVE-2018-8029 Remote Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108518 ∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to denial of service (CVE-2019-0199) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a information disclosure (CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-as-used-in-ib… ∗∗∗ ASP.NET x-up-devcap-post-charset header security exposure ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54150332 ∗∗∗ HPESBMU03923 rev.1 - HPE Smart Update Manager (SUM), Local Unauthorized Elevation of Privilege ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBMU03922 rev.1 - HPE Smart Update Manager (SUM), Remote Unauthorized Access ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.05.2019
by Daily end-of-shift report 31 May '19

31 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-05-2019 18:00 − Freitag 31-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Analyzing First Stage Shellcode, (Thu, May 30th) ∗∗∗ --------------------------------------------- Yesterday, reader Alex submitted a PowerShell script he downloaded from a website. Xavier, handler on duty, showed him the script launched shellcode that tried to establish a TCP connection. --------------------------------------------- https://isc.sans.edu/diary/rss/24984 ∗∗∗ Retrieving Second Stage Payload with Ncat, (Fri, May 31st) ∗∗∗ --------------------------------------------- In diary entry "Analyzing First Stage Shellcode", I show how to analyze first stage shellcode when you have no access to the server with the second stage payload. --------------------------------------------- https://isc.sans.edu/diary/rss/24988 ∗∗∗ HiddenWasp Malware Stings Targeted Linux Systems ∗∗∗ --------------------------------------------- Intezer has discovered a new, sophisticated malware that they have named "HiddenWasp", targeting Linux systems. --------------------------------------------- https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/ ∗∗∗ Über 50.000 Datenbank-Server über Uralt-Windows-Bug mit Krypto-Minern infiziert ∗∗∗ --------------------------------------------- Mit raffinierten Methoden haben Hacker zehntausende schlecht gesicherte Windows-Server gekapert und schürfen dort heimlich Monero. --------------------------------------------- https://heise.de/-4435622 ∗∗∗ Your threat model is wrong ∗∗∗ --------------------------------------------- Several subjects have come up with the past week that all come down to the same thing: your threat model is wrong. Instead of addressing the the threat that exists, youve morphed the threat into something else that youd rather deal with, or which is easier to understand. --------------------------------------------- https://blog.erratasec.com/2019/05/your-threat-model-is-wrong.html ===================== = Vulnerabilities = ===================== ∗∗∗ Convert Plus Plugin Flaw Lets Attackers Become a Wordpress Admin ∗∗∗ --------------------------------------------- A critical vulnerability in Convert Plus, a commercial plugin for WordPress websites estimated to have 100,000 active installations, allows an unauthenticated attacker to create accounts with administrator privileges. --------------------------------------------- https://www.bleepingcomputer.com/news/security/convert-plus-plugin-flaw-let… ∗∗∗ AVEVA Vijeo Citect and CitectSCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for an insufficiently protected credentials vulnerability reported in AVEVA's Vijeo Citect and CitectSCADA supervisory control and data acquisition software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-150-01 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox and libvirt), Debian (openjdk-8 and tomcat7), Fedora (drupal7-entity), Mageia (kernel), openSUSE (bluez, gnutls, and libu2f-host), Oracle (bind), Red Hat (bind), Scientific Linux (bind), SUSE (axis, libtasn1, and rmt-server), and Ubuntu (sudo). --------------------------------------------- https://lwn.net/Articles/789849/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (miniupnpd and qemu), Fedora (drupal7-entity and xen), openSUSE (kernel), Oracle (bind and firefox), Red Hat (go-toolset-1.11-golang), SUSE (cronie, evolution, firefox, gnome-shell, java-1_7_0-openjdk, jpeg, and mailman), and Ubuntu (corosync, evolution-data-server, gnutls28, and libseccomp). --------------------------------------------- https://lwn.net/Articles/789995/ ∗∗∗ Security Advisory 2019-08: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-08-security-update-for-ot… ∗∗∗ Security Advisory 2019-09: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-09-security-update-for-ot… ∗∗∗ HPESBNS03925 rev.1 - HPE Nonstop Maintenance Entity family of products, Local Disclosure of Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ AirPort Base Station Firmware Update 7.9.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT210090 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Watson Knowledge Catalog (with Information Server) is affected by a Cryptographic vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-watson-knowledge-… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server containers are vulnerable to privilege escalation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK (January 2019) affecting IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5 and V5.0.4 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 & 8, IBM SDK, Java Technology Edition Version 8 and Eclipse OpenJ9 Affect Transformation Extender ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (April 2019 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Tivoli Storage Manager FastBack (CVE-2018-12547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Commons Compress may affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: Multiple open source vulnerabilities affect IBM PureApplication System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-open-source-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.05.2019
by Daily end-of-shift report 29 May '19

29 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-05-2019 18:00 − Mittwoch 29-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Researchers uncover smart padlock's dumb security ∗∗∗ --------------------------------------------- Pen Test Partners has found some major security flaws in the Bluetooth Nokelock that consumers might like to know about. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/29/researchers-uncover-smart-padlo… ∗∗∗ CVE-2019-0725: An Analysis of Its Exploitability ∗∗∗ --------------------------------------------- May's Patch Tuesday saw what is likely to be one of the most prominent vulnerabilities this year with the "wormable" Windows Terminal Services vulnerability (CVE-2019-0708). However, there's another remote code execution (RCE) vulnerability that would be hard to ignore: CVE-2019-0725, an RCE vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) Server. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/3268yMf2sDY/ ∗∗∗ Learning to Rank Strings Output for Speedier Malware Analysis ∗∗∗ --------------------------------------------- Reverse engineers, forensic investigators, and incident responders have an arsenal of tools at their disposal to dissect malicious software binaries. When performing malware analysis, they successively apply these tools in order to gradually gather clues about a binary's function, design detection methods, and ascertain how to contain its damage. One of the most useful initial steps is to inspect its printable characters via the Strings program. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-string… ∗∗∗ Docker: Lücke erlaubt Root-Zugriff auf Dateien ∗∗∗ --------------------------------------------- Über eine Lücke in allen Docker-Versionen könnten Angreifer ihre Privilegien erweitern. Exploit-Code ist verfügbar; der Patch steckt noch im Review-Prozess. --------------------------------------------- https://heise.de/-4434730 ∗∗∗ A dive into Turla PowerShell usage ∗∗∗ --------------------------------------------- ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only --------------------------------------------- https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/ ∗∗∗ Google Researcher Finds Code Execution Vulnerability in Notepad ∗∗∗ --------------------------------------------- Google Project Zero researcher Tavis Ormandy revealed on Tuesday that he identified a code execution vulnerability in Microsoft’s Notepad text editor. --------------------------------------------- https://www.securityweek.com/google-researcher-finds-code-execution-vulnera… ∗∗∗ diekundenexperten.at für Versicherungsrücktritte ist unseriös ∗∗∗ --------------------------------------------- Auf diekundenexperten.at wird Konsument/innen ein Angebot präsentiert, welches beim Rücktritt von Lebensversicherungen ohne Geldverlust und Risiko helfen soll. Die Behauptungen sind allerdings nicht mit geltendem Recht vereinbar und es sind weder ein Impressum noch sonstige Informationen über die Website-Betreiber/innen auffindbar. Aufgrund dieser Mängel raten wir von einer Übermittlung persönlicher Informationen ab. --------------------------------------------- https://www.watchlist-internet.at/news/diekundenexpertenat-fuer-versicherun… ∗∗∗ Proofpoint Q1 2019 Threat Report: Emotet carries the quarter with consistent high-volume campaigns ∗∗∗ --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/proofpoint-q1-2019-threat… ===================== = Vulnerabilities = ===================== ∗∗∗ Emerson Ovation OCR400 Controller ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow and heap-based buffer overflow vulnerabilities reported in Emersons Ovation OCR400 Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-148-01 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (webkit2gtk), Debian (kernel and libav), Fedora (c3p0 and community-mysql), Scientific Linux (pacemaker), SUSE (axis, libtasn1, NetworkManager, sles12sp3-docker-image, sles12sp4-image, system-user-root, and xen), and Ubuntu (freerdp, GNU Screen, keepalived, and thunderbird). --------------------------------------------- https://lwn.net/Articles/789709/ ∗∗∗ About the security content of iCloud for Windows 7.12 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT210125 ∗∗∗ About the security content of iTunes for Windows 12.9.5 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT210124 ∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Some Microsoft Windows Systems ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190529-… ∗∗∗ Security Advisory - Some Huawei 4G LTE devices are exposed to a message replay vulnerability ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190529-… ∗∗∗ IBM Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in Drupal core (CVE-2019-10909 CVE-2019-10910 CVE-2019-10911) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-deve… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in Google Guava could affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-go… Next End-of-Day report: 2019-05-31 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.05.2019
by Daily end-of-shift report 28 May '19

28 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 27-05-2019 18:00 − Dienstag 28-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ DNSSEC-Chain: DANE für Browser ist praktisch tot ∗∗∗ --------------------------------------------- Eine TLS-Erweiterung sollte die Nutzung von DANE und DNSSEC im Browser erleichtern und die Validierung beschleunigen. Der Vorschlag wird nun aber offenbar nicht weiter verfolgt. --------------------------------------------- https://www.golem.de/news/dnssec-chain-dane-fuer-browser-ist-praktisch-tot-… ∗∗∗ Google-protected mobile browsers were open to phishing for over a year ∗∗∗ --------------------------------------------- Researchers revealed a massive hole in Google Safe Browsings mobile browser protection that existed for over a year. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/28/google-protected-mobile-browser… ∗∗∗ Return to the City of Cron – Malware Infections on Joomla and WordPress ∗∗∗ --------------------------------------------- We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created by a cron that was scheduled to download malware from a third party domain. --------------------------------------------- https://blog.sucuri.net/2019/05/return-to-the-city-of-cron-malware-infectio… ∗∗∗ W3C und WHATWG erarbeiten künftig gemeinsam die HTML-Spezifikation ∗∗∗ --------------------------------------------- Das World Wide Web Consortium und die Arbeitsgruppe WHATWG bündeln ihre Bemühungen zur Standardisierung der Webtechniken. --------------------------------------------- https://heise.de/-4433970 ∗∗∗ Bitcoin-Erpressungsversuch gegen Unternehmen und Website-Betreiber/innen ∗∗∗ --------------------------------------------- Unternehmen und Website-Betreiber/innen erhalten momentan erpresserische Nachrichten per E-Mail, in Kommentarfunktionen oder in Chats. Kriminelle drohen damit, Millionen von Spam-Nachrichten im Namen der Betroffenen zu verschicken, wenn nicht binnen kurzer Zeit ein hoher Geldbetrag in Bitcoin bezahlt wird. Wir gehen von leeren Drohungen aus, raten aber dennoch zu einer Anzeige wegen Erpressung. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressungsversuch-gegen-unt… ∗∗∗ Emissary Panda Attacks Middle East Government Sharepoint Servers ∗∗∗ --------------------------------------------- Our latest research shows attacks against Middle East government Sharepoint servers using a newly patched vulnerability. --------------------------------------------- https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-gove… ===================== = Vulnerabilities = ===================== ∗∗∗ SAP UI5 1.0.0 is vulnerable to Content Spoofing in multiples parameters ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2019050283 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox and thunderbird), Debian (sox and vcftools), Fedora (safelease and sharpziplib), openSUSE (chromium, evolution, graphviz, nmap, systemd, transfig, and ucode-intel), Red Hat (pacemaker), SUSE (curl, libvirt, openssl, php7, php72, and systemd), and Ubuntu (gnome-desktop3, keepalived, and samba). --------------------------------------------- https://lwn.net/Articles/789595/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.05.2019
by Daily end-of-shift report 27 May '19

27 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-05-2019 18:00 − Montag 27-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Joomla and WordPress Found Harboring Malicious Redirect Code ∗∗∗ --------------------------------------------- New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites. --------------------------------------------- https://threatpost.com/joomla-and-wordpress-malicious-redirect-code/145068/ ∗∗∗ Serious Security: Don’t let your SQL server attack you with ransomware ∗∗∗ --------------------------------------------- Tales from the honeypot: this time a MySQL-based attack. Old tricks still work, because were still making old mistakes - heres what to do. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/25/serious-security-dont-let-your-… ∗∗∗ Alles Fake: sendlein.net, reipel.net, kleimer.net und lieberg24.com ∗∗∗ --------------------------------------------- Die verlockenden Technik-Angebote bei sendlein.net, reipel.net, kleimer.net oder lieberg24.com sind leider zu schön, um wahr zu sein! Es handelt sich um betrügerische Shops, die nicht liefern. Sie verlieren Ihr Geld und geben Kreditkartendaten preis, die für Online-Einkäufe verwendet werden könnten! --------------------------------------------- https://www.watchlist-internet.at/news/alles-fake-sendleinnet-reipelnet-kle… ∗∗∗ Intense scanning activity detected for BlueKeep RDP flaw ∗∗∗ --------------------------------------------- A threat actor hidden behind Tor nodes is scanning for Windows systems vulnerable to BlueKeep flaw. --------------------------------------------- https://www.zdnet.com/article/intense-scanning-activity-detected-for-blueke… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin - May 2019 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. ... This advisory is in response to the Android Security Bulletin (May) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ New unpatched macOS Gatekeeper Bypass Published Online ∗∗∗ --------------------------------------------- Details have been released for an unpatched vulnerability in macOS 10.14.5 (Mojave) and below that allows a hacker to execute arbitrary code without user interaction. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-unpatched-macos-gatekeep… ∗∗∗ Fortinet schließt mehrere Sicherheitslücken in FortiOS und Co. ∗∗∗ --------------------------------------------- Das SSL-VPN-Webportal von FortiOS war über mehrere Wege angreifbar – aus der Ferne und teils ohne Authentifizierung. Der Hersteller rät zum Update. --------------------------------------------- https://heise.de/-4432813 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, jackson-databind, minissdpd, php5, thunderbird, wireshark, and wpa), Fedora (curl, drupal7, firefox, kernel, libmediainfo, mediaconch, mediainfo, mod_http2, mupdf, rust, and singularity), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork), Oracle (firefox and libvirt), Scientific Linux (firefox and libvirt), and SUSE (bluez, curl, gnutls, java-1_7_1-ibm, libu2f-host, libvirt, python3, screen, and xen). --------------------------------------------- https://lwn.net/Articles/789523/ ∗∗∗ SSA-932041: Vulnerability in Radiography and Mobile X-ray Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-932041.txt ∗∗∗ SSA-832947: Vulnerability in Laboratory Diagnostics Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-832947.txt ∗∗∗ SSA-433987: Vulnerability in Radiation Oncology Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-433987.txt ∗∗∗ SSA-406175: Vulnerability in Siemens Healthineers Software Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-406175.txt ∗∗∗ SSA-166360: Vulnerability in Advanced Therapy Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-166360.txt ∗∗∗ SSA-616199: Vulnerability in Point of Care Diagnostics Products from Siemens Healthineers - Blood Gas ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-616199.txt ∗∗∗ IBM Security Bulletin: IBM QRadar WinCollect Agent Does Not Verify TLS Syslog Certificate (CVE-2019-4264) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-wincollect… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder shipped with Jazz Reporting Service (CVE-2019-4184) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ GNU Binutils vulnerability CVE-2019-9070 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13534168 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.05.2019
by Daily end-of-shift report 24 May '19

24 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-05-2019 18:00 − Freitag 24-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Hacker veröffentlicht vier Windows-0-Day-Lücken innerhalb weniger Tage ∗∗∗ --------------------------------------------- Als "SandboxEscaper" und "Polar Bear" hat ein Hacker insgesamt vier bislang ungepatchte Windows-Lücken veröffentlicht. Grund zur Panik besteht aber nicht. --------------------------------------------- https://heise.de/-4430811 ∗∗∗ CEO Fraud goes WhatsApp ∗∗∗ --------------------------------------------- Uns wurde in den letzten Tagen von zwei Firmen berichtet, dass sie Ziel von CEO Fraud Versuchen waren, wobei der Kontakt per WhatsApp Nachricht erfolgte. Wir kannten das Schema bisher eigentlich nur per Email: Der "Geschäftsführer" verlangt per Mail die Hilfe bei einer wichtigen, aber vertraulichen Überweisung. Details siehe Wikipedia. Daher: bitte hier nicht nur an Email denken. --------------------------------------------- http://www.cert.at/services/blog/20190524171920-2476.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (zookeeper), Fedora (kernel, singularity, and thunderbird), openSUSE (java-1_8_0-openjdk), Oracle (curl), Red Hat (firefox, libvirt, and virt:rhel), SUSE (php5, python-Jinja2, python-Pillow, and sysstat), and Ubuntu (MariaDB). --------------------------------------------- https://lwn.net/Articles/789353/ ∗∗∗ Vuln: Atlassian Bitbucket Server CVE-2019-3397 Directory Traversal Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108447 ∗∗∗ IBM Security Bulletin: A security vulnerability has been addressed in IBM Cognos Analytics (CVE-2019-4139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Cross-site scripting and failure to enforce HTTP Strict Transport Security vulnerabilities in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4137, CVE-2019-4138) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-2426, CVE-2018-12547, CVE-2018-1890) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-guardium-stealthbits-… ∗∗∗ IBM Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability… ∗∗∗ IBM Security Bulletin: security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Potential Spoofing vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1902) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-spoofing-vu… ∗∗∗ Binutils vulnerability CVE-2019-9075 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42059040 ∗∗∗ Binutils vulnerability CVE-2019-9074 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K09092524 ∗∗∗ GNU Binutils vulnerability CVE-2019-9077 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00056379 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.05.2019
by Daily end-of-shift report 23 May '19

23 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-05-2019 18:00 − Donnerstag 23-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day ∗∗∗ --------------------------------------------- SandboxEscaper held true to that promise, on Thursday releasing on GitHub the proof-of-concepts (PoCs) for another three Windows LPE flaws, and a sandbox-escape zero-day vulnerability impacting Internet Explorer 11. One of them however turns out to already be patched. ... Though SandboxEscaper released PoC demos for these last three flaws, researchers have not yet confirmed their validity. --------------------------------------------- https://threatpost.com/sandboxescaper-more-exploits-ie-zero-day/145010/ ∗∗∗ IT threat evolution Q1 2019 ∗∗∗ --------------------------------------------- Zebrocy and GreyEnergy, four zero-day vulnerabilities in Windows, attacks on cryptocurrency exchanges, a very old bug in WinRAR, attacks on smart devices and other events of the first quarter of 2019. --------------------------------------------- https://securelist.com/it-threat-evolution-q1-2019/90978/ ∗∗∗ Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903 ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1903 (a.k.a., “19H1”), and for Windows Server version 1903. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2019/05/23/security-baseline-f… ∗∗∗ New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices ∗∗∗ --------------------------------------------- We discovered a new variant of Mirai that uses a total of 13 different exploits, almost all of which have been used in previous Mirai-related attacks. Typical of Mirai variants, it has backdoor and distributed denial-of-service (DDoS) capabilities. However, this case stands out as the first to have used all 13 exploits together in a single campaign --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-varia… ∗∗∗ Jeder dritte RDP-Server Österreichs auf „BlueKeep“ anfällig ∗∗∗ --------------------------------------------- In einem überraschenden Schritt hat Microsoft vergangene Woche eine kritische Schwachstelle in den eigentlich nicht mehr unterstützten Betriebssystemen Windows XP und Server 2003 behoben. Die Remote Code Execution „BlueKeep“ (CVE-2019-0708) in der Fernwartungsfunktion Remote Desktop Service (RDP) ist für entfernte Angreifer direkt ausnutzbar und wird als kritisch eingestuft. --------------------------------------------- https://www.offensity.com/de/blog/jeder-dritte-rdp-server-oesterreichs-auf-… ∗∗∗ GetCrypt Ransomware Brute Forces Credentials, Decryptor Released ∗∗∗ --------------------------------------------- A new ransomware called GetCrypt is being installed through malvertising campaigns that redirect victims to the RIG exploit kit. ... If you were infected with the GetCrypt Ransomware, it is possible to get your files back for free. All you need is a original unencrypted copy of a file that has been encrypted. --------------------------------------------- https://www.bleepingcomputer.com/news/security/getcrypt-ransomware-brute-fo… ∗∗∗ iX 6/2019: Follow-Up zu den Sicherheitsproblemen in Office 365 ∗∗∗ --------------------------------------------- Auf die von der iX aufgedeckten Sicherheitsproblemen in Office 365 reagierte Microsoft nun – zufriedenstellen konnten die Antworten aber nicht. --------------------------------------------- https://heise.de/-4429020 ∗∗∗ Apple behebt Firmwareproblem bei T2-Sicherheitschip ∗∗∗ --------------------------------------------- Der Konzern hat ein Zusatzupdate für macOS 10.14.5 freigegeben, das bestimmte MacBook-Pro-Modelle betrifft. Details sind noch rar. --------------------------------------------- https://heise.de/-4429365 ∗∗∗ Undurchsichtige Angebote auf retinollift.com und hyaluronicone.com ∗∗∗ --------------------------------------------- Auf retinollift.com und hyaluronicone.com werden diverse Beautyprodukte angeboten und auch ein besonderes Tagesangebot als „Today’s Special“ beworben. Dieses Spezialangebot enthält eine vermeintlich kostenlose Probe, lediglich der Versand muss per Kreditkarte bezahlt werden. Kurz darauf kommt es aber zu weiteren Abbuchungen, denen die verärgerten Konsument/innen nie bewusst zugestimmt haben. --------------------------------------------- https://www.watchlist-internet.at/news/undurchsichtige-angebote-auf-retinol… ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress plugin "WP Open Graph" vulnerable to cross-site request forgery ∗∗∗ --------------------------------------------- Description: WordPress plugin "WP Open Graph" provided by Custom4Web contains a cross-site request forgery vulnerability (CWE-352). Impact: If a user views a malicious page while logged in, unintended operations may be performed. --------------------------------------------- https://jvn.jp/en/jp/JVN33652328/ ∗∗∗ Vuln: Apache Camel CVE-2019-0188 XML External Entity Injection Vulnerability ∗∗∗ --------------------------------------------- Apache Camel is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks. --------------------------------------------- http://www.securityfocus.com/bid/108422 ∗∗∗ Vuln: QEMU CVE-2019-12247 Integer Overflow Vulnerability ∗∗∗ --------------------------------------------- Attackers can exploit this issue to crash the QEMU instance, resulting in a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. --------------------------------------------- http://www.securityfocus.com/bid/108434 ∗∗∗ WD My Cloud RCE ∗∗∗ --------------------------------------------- In this post I’ll explain how I discoverd several vulnerabilities in Western Digital NAS devices and used them together to execute code remotely, as root. To take control of the NAS an attacker needs to be in the same network and know its IP address. --------------------------------------------- https://bnbdr.github.io/posts/wd/ ∗∗∗ DoS Vulnerability in RTSP Module of Huawei Smart Phones ∗∗∗ --------------------------------------------- There is a DoS vulnerability in RTSP module of some Huawei smart phones. Remote attacker could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. ... CVE-2019-5284. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190523-… ∗∗∗ Tcl code injection security exposure ∗∗∗ --------------------------------------------- Certain coding practices may allow an attacker to inject arbitrary Tool Command Language (Tcl) commands, which could be executed in the security context of the target Tcl script. --------------------------------------------- https://support.f5.com/csp/article/K15650046 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ffmpeg and firefox-esr), openSUSE (bzip2, chromium, and GraphicsMagick), Slackware (curl), SUSE (ucode-intel), and Ubuntu (curl and intel-microcode). --------------------------------------------- https://lwn.net/Articles/789224/ ∗∗∗ Synology-SA-19:25 Virtual Machine Manager ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to bypass security constraints via a susceptible version of Virtual Machine Manager. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_25 ∗∗∗ cURL: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0444 ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is potentially impacted by a weak cipher (CVE-2019-4256) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache ActiveMQ Affects IBM Control Center (CVE-2019-0222) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.05.2019
by Daily end-of-shift report 22 May '19

22 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-05-2019 18:00 − Mittwoch 22-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Zero-Day Exploit [Local Privilege Escalation, Anm.] for Bug in Windows 10 Task Scheduler ∗∗∗ --------------------------------------------- Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsofts monthly cycle of security updates. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-bug… ∗∗∗ Forthcoming OpenSSL Releases ∗∗∗ --------------------------------------------- These releases will be made available on 28th May 2019 between approximately 1200-1600 UTC. OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not address any CVEs. OpenSSL 1.1.1c is a bug-fix release (and contains the equivalent security hardening fixes as for 1.1.0k and 1.0.2s where relevant). --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2019-May/000150.html ∗∗∗ Sophisticated Spear Phishing Campaigns using Homograph Attacks ∗∗∗ --------------------------------------------- Over the last few months we did some research on how to create phishing emails which are good enough to fool even security professionals. Therefore, we were looking into quite an old topic: Punycode domains and IDN homograph attacks. --------------------------------------------- https://www.offensity.com/en/newsroom/sophisticated-spear-phishing-campaign… ∗∗∗ Gefälschte Gewinn-SMS im Namen der Post führt in Abo-Falle ∗∗∗ --------------------------------------------- Konsument/innen erhalten eine gefälschte SMS-Nachricht im Namen der Post AG aufgrund einer angeblichen Gewinnspielteilnahme zugesandt. Wer dem Link folgt, an einer kurzen Umfrage teilnimmt und einen Gewinn auswählt, tappt in eine Abo-Falle. Es bleibt nämlich nicht bei der einmaligen Zahlung von 2 Euro für Adidas Schuhe, die nie geliefert werden, sondern es folgen laufend weitere Abbuchungen durch die ILS Company ApS. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-gewinn-sms-im-namen-der-… ===================== = Vulnerabilities = ===================== ∗∗∗ Mozilla Firefox und Thunderbird: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Es bestehen mehrere Schwachstellen in Mozilla Thunderbird, Mozilla Firefox und Mozilla Firefox ESR. Ein Angreifer kann dies ausnutzen, um den Browser zum Absturz zu bringen, um Daten zu manipulieren, um Sicherheitsmechanismen zu umgehen, um vertrauliche Daten einzusehen oder schädlichen Programmcode auszuführen. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/05/warn… ∗∗∗ DoS Vulnerability in Huawei S Series Switch Products ∗∗∗ --------------------------------------------- Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. ... CVE-2019-5285. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ruby and wget), Debian (proftpd-dfsg), Fedora (firefox, mupdf, nss, and wavpack), openSUSE (evolution, GraphicsMagick, graphviz, libxslt, openssl-1_0_0, ovmf, and sqlite3), Red Hat (dotnet, python27-python and python27-python-jinja2, and rh-mariadb102-mariadb and rh-mariadb102-galera), Slackware (mozilla), SUSE (gnutls, java-1_7_1-ibm, and java-1_8_0-ibm), and Ubuntu (curl, firefox, php5, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/789132/ ∗∗∗ Computrols CBAS Web ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-141-01 ∗∗∗ Mitsubishi Electric MELSEC-Q Series Ethernet Module ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-141-02 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM License Key Server Administration and Reporting Tool and Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack due to incorrect permissions on MQ directories. (CVE-2019-4078) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-… ∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a denial of service attack within the error logging function (CVE-2019-4039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.05.2019
by Daily end-of-shift report 21 May '19

21 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 20-05-2019 18:00 − Dienstag 21-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ DDoS attacks in Q1 2019 ∗∗∗ --------------------------------------------- Q1 2019 held no particular surprises, save for countries such as Saudi Arabia, the Netherlands, and Romania maintaining a high level of DDoS activity. --------------------------------------------- https://securelist.com/ddos-report-q1-2019/90792/ ∗∗∗ Jetzt patchen! Exploit-Code für RDP-Lücke BlueKeep in Windows gesichtet ∗∗∗ --------------------------------------------- Wer ältere Windows-Versionen als 10 und 8.1 nutzt, sollte aufgrund von möglichen Angriffen spätestens jetzt die aktuellen Sicherheitsupdates installieren. --------------------------------------------- https://heise.de/-4427183 ∗∗∗ Zweite Ausgabe des Deutsch-Französischen IT-Sicherheitslagebilds erschienen ∗∗∗ --------------------------------------------- Darin tragen das Bundesamt für Sicherheit in der Informationstechnik (BSI) und die französische Agence nationale de la sécurité des systèmes d'information (ANSSI) nationale Erkenntnisse und Erfahrungen zu zwei aktuellen Themen vergleichend zusammen und bereiten diese für die allgemeine Öffentlichkeit auf. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/D-F-IT-Sich… ∗∗∗ So schützen Sie sich vor Abo-Fallen im Internet ∗∗∗ --------------------------------------------- Gleich vorweg sei gesagt: Auch im Internet hat niemand etwas zu verschenken! Seien Sie daher skeptisch bei schier unglaublichen Gratisangeboten oder Gewinnversprechen in E-Mails und SMS, auf Social Media, auf Websites oder in Online-Werbung. Kriminelle nutzen diese häufig, um Konsument/innen in eine Abo-Falle zu locken. --------------------------------------------- https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-abo-fallen… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: systemd CVE-2018-20839 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- systemd is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. systemd 242 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/108389 ∗∗∗ Linux Privilege Escalation via LXD & Hijacked UNIX Socket Credentials ∗∗∗ --------------------------------------------- Linux systems running LXD are vulnerable to privilege escalation via multiple attack paths, two of which are published in my “lxd_root” GitHub repository. This blog will go into the details of what I think is a very interesting path - abusing relayed UNIX socket credentials to speak directly to systemd’s private interface. --------------------------------------------- https://shenaniganslabs.io/2019/05/21/LXD-LPE.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7 and jackson-databind), Fedora (checkstyle and gradle), openSUSE (qemu and xen), SUSE (ffmpeg, kvm, and ucode-intel), and Ubuntu (libraw and python-urllib3). --------------------------------------------- https://lwn.net/Articles/789017/ ∗∗∗ IBM Addresses Reported Intel Security Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-addresses-reported-intel-security-vulne… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Web Experience Factory ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.05.2019
by Daily end-of-shift report 20 May '19

20 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-05-2019 18:00 − Montag 20-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Linksys-Router leaken offenbar alle verbundenen Geräte ∗∗∗ --------------------------------------------- Linksys will die Sicherheitslücke bereits 2014 geschlossen haben, doch laut dem Sicherheitsforscher Troy Mursch leaken die Router weiterhin die Daten aller jemals verbundenen Geräte. (Router-Lücke, Netzwerk) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-linksys-router-leaken-offenbar-… ∗∗∗ ENISA is setting the ground for Industry 4.0 Cybersecurity ∗∗∗ --------------------------------------------- The EU Agency for Cybersecurity ENISA is stepping up its efforts to foster cybersecurity for Industry 4.0 by publishing a new paper on ‘Challenges and Recommendations for Industry 4.0 Cybersecurity’ . --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-is-setting-the-ground-for… ∗∗∗ Security researchers discover Linux version of Winnti malware ∗∗∗ --------------------------------------------- Winnti Linux variant used in 2015 in the hack of a Vietnamese gaming company. --------------------------------------------- https://www.zdnet.com/article/security-researchers-discover-linux-version-o… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cups-filters, dhcpcd5, faad2, ghostscript, graphicsmagick, jruby, lemonldap-ng, and libspring-security-2.0-java), Fedora (gnome-desktop3, java-1.8.0-openjdk-aarch32, libu2f-host, samba, sqlite, webkit2gtk3, xen, and ytnef), Mageia (docker, flash-player-plugin, freeradius, libsndfile, libxslt, mariadb, netpbm, python-jinja2, tomcat-native, and virtualbox), openSUSE (kernel and ucode-intel), and SUSE (kernel, kvm, libvirt, nmap, and transfig). --------------------------------------------- https://lwn.net/Articles/788911/ ∗∗∗ MIELE Multiple Vulnerabilities in XGW 3000 ZigBee Gateway ∗∗∗ --------------------------------------------- Miele XGW 3000 is prone to mutiple vulerabilities in version <= 2.3.4 (1.4.6) --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-010 ∗∗∗ IBM Security Bulletin: Vulnerabiliies in ghostscript affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-gho… ∗∗∗ IBM Security Bulletin: A vulnerability in OpenSSL affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-op… ∗∗∗ IBM Security Bulletin: A vulnerability in Corosync affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-co… ∗∗∗ IBM Security Bulletin: A vulnerability in Docker affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-do… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by a security degradation vulnerability in Kubernetes (CVE-2019-9946) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V5 is impacted by information disclosure (CVE-2018-1991) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-imp… ∗∗∗ HPESBST03928 rev.1 - Command View Advanced Edition (CVAE) Products using JDK, Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03917 rev.1 - HPE Integrated Lights-Out 4 (iLO 4) for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.05.2019
by Daily end-of-shift report 17 May '19

17 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-05-2019 18:00 − Freitag 17-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cyber Security Challenge 2019 ∗∗∗ --------------------------------------------- Auch heuer veranstaltet der Verein Cyber Security Austria gemeinsam mit dem Abwehramt die Austria Cyber Security Challenge, quasi das Äquivalent zu den Mathe/Chemie/Latein/... - Olympiaden für Cyber Security.Über das Jahr hinweg werden einerseits die Staatsmeister ermittelt, aber auch das österreichische Team für den Europäischen Wettbewerb ausgesucht. --------------------------------------------- http://www.cert.at/services/blog/20190517101951-2471.html ∗∗∗ Google recalls Titan Bluetooth keys after finding security flaw ∗∗∗ --------------------------------------------- Google had egg on its face this week after it had to recall some of its Titan hardware security keys for being insecure. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/17/google-recalls-titan-bluetooth-… ∗∗∗ A Large Chunk of Ethereum Clients Remain Unpatched ∗∗∗ --------------------------------------------- In a report shared with ZDNet today, security researchers from SRLabs revealed that a large chunk of the Ethereum client software that runs on Ethereum nodes has yet to receive a patch for a critical security flaw the company discovered earlier this year. --------------------------------------------- https://it.slashdot.org/story/19/05/17/151222/a-large-chunk-of-ethereum-cli… ∗∗∗ Intel fixt teils kritische Lücken in UEFI-BIOS, ME und Linux-Grafiktreiber ∗∗∗ --------------------------------------------- In den vergangenen Tagen beschäftigten Intel neben ZombieLoad noch weitere Lücken. Die sind zum Glück nicht aus der Ferne ausnutzbar. --------------------------------------------- https://heise.de/-4423912 ∗∗∗ Dateidiebstahl und mehr: Problematische Lücken in Apples AirDrop-Technik ∗∗∗ --------------------------------------------- Mit dem AWDL-Verfahren können iPhones, Macs und Co. direkt Daten austauschen. Forscher aus Darmstadt zeigten nun neue Missbrauchsmöglichkeiten. --------------------------------------------- https://heise.de/-4424245 ===================== = Vulnerabilities = ===================== ∗∗∗ DNS-Software BIND: Neue Version schließt mehrere Schwachstellen ∗∗∗ --------------------------------------------- Die BIND-Versionen 9.11.7, 9.14.2 und aktualisierte BIND-Packages für Linux sind gegen zwei potzenzielle Denial-of-Service-Angriffspunkte abgesichert. --------------------------------------------- https://heise.de/-4424425 ∗∗∗ Security Advisory - MITM Vulnerability on Huawei Share ∗∗∗ --------------------------------------------- There is a man-in-the-middle(MITM) vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190517-… ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Wacom Update Helper ∗∗∗ --------------------------------------------- There are two privilege escalation vulnerabilities in the Wacom update helper. The update helper is a utility installed alongside the macOS application for Wacom tablets. The application interacts with the tablet and allows the user to manage it. These vulnerabilities could allow an attacker with local access to raise their privileges to root. --------------------------------------------- https://blog.talosintelligence.com/2019/05/wacom-update-helper-vuln-spotlig… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jquery), Fedora (kernel-headers, php-typo3-phar-stream-wrapper, and python3), openSUSE (qemu, ucode-intel, and xen), Red Hat (chromium-browser, java-1.8.0-ibm, and rh-python35-python-jinja2), SUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, evolution, graphviz, kernel, qemu, and systemd), and Ubuntu (libmediainfo, libvirt, and Wireshark). --------------------------------------------- https://lwn.net/Articles/788773/ ∗∗∗ Drupal: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Drupal [genauer: externen Modulen, Anm.] ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0433 ∗∗∗ Symantec Messaging Gateway: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer aus dem angrenzenden Netzwerk kann eine Schwachstelle in Symantec Messaging Gateway ausnutzen, um Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0432 ∗∗∗ F-Secure Produkte: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/05/warn… ∗∗∗ Vuln: Fuji Electric Alpha7 PC Loader Out-of-Bounds Read Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108359 ∗∗∗ Potential Impact on Processors in the POWER Family ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ ∗∗∗ IBM Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2019-4293) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-vulnera… ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-5-x… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ SSB-501863 (Last Update: 2019-05-16): Customer Information on Microsoft Windows RDP Vulnerability for Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssb-501863.pdf ∗∗∗ Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52370164 ∗∗∗ Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K97035296 ∗∗∗ Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K80159635 ∗∗∗ Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K34303485 ∗∗∗ INTEL-SA-00233 Microarchitectural Data Sampling Advisory ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41283800 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.05.2019
by Daily end-of-shift report 16 May '19

16 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-05-2019 18:00 − Donnerstag 16-05-2019 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Announcing the all new Attack Surface Analyzer 2.0 ∗∗∗ --------------------------------------------- Attack Surface Analyzer 2.0 can help you identify security risks introduced when installing software on Windows, Linux, or macOS by analyzing changes to the file system, registry, network ports, .. --------------------------------------------- https://www.microsoft.com/security/blog/2019/05/15/announcing-new-attack-su… ∗∗∗ Sicherheitsupdate: WordPress-Plugin WP Live Chat Support für Attacken anfällig ∗∗∗ --------------------------------------------- Aufgrund eines Fehlers könnten Angreifer Schadcode auf WordPress-Websites mit dem Zusatzmodul WP Live Chat Support verankern. --------------------------------------------- https://heise.de/-4423479 ∗∗∗ Kritische Schwachstelle in Microsoft Remote Desktop Services - Updates verfügbar ∗∗∗ --------------------------------------------- Microsoft hat als Teil des "Patch Tuesday" ein Update für eine Schwachstelle in "Remote Desktop Services" veröffentlicht. Diese Schwachstelle ermöglicht es einem Angreifer, durch eine speziell .. --------------------------------------------- http://www.cert.at/warnings/all/20190516.html ∗∗∗ An MDS reading list ∗∗∗ --------------------------------------------- We contemplated putting together an LWN article on the "microarchitecturaldata sampling" (MDS) vulnerabilities, as weve done for pastspeculative-execution issues. But the truth of the matter is that its .. --------------------------------------------- https://lwn.net/Articles/788522/ ∗∗∗ IT-Security - Zombieload und Co.: Softwarehersteller geben zunehmend gegen Prozessorlücken auf ∗∗∗ --------------------------------------------- Apple hat aktuelle Patches wegen massiven Performanceverlusten nur teilweise aktiviert, Googles v8-Team sieht Aufwand nicht gerechtfertigt --------------------------------------------- https://derstandard.at/2000103251668/Zombieload-und-Co-Softwarehersteller-g… ∗∗∗ $100 million GozNym cybercrime network dismantled as suspects charged ∗∗∗ --------------------------------------------- The sophisticated conspiracy saw tens of thousands of victims’ computers infected with the GozNym malware in order to steal online banking passwords, and raid .. --------------------------------------------- https://hotforsecurity.bitdefender.com/blog/100-million-goznym-cybercrime-n… ∗∗∗ Threat Actor Profile: TA542, From Banker to Malware Distribution Service ∗∗∗ --------------------------------------------- Proofpoint researchers began tracking a prolific actor (referred to as TA542) in 2014 when reports first emerged about the appearance of the group’s signature payload, Emotet (aka Geodo). TA542 consistently uses the latest version of this malware, launching widespread email campaigns .. --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta54… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Unified Intelligence Center Remote File Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow a remote attacker to gain the ability to .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/05/15/Cisco-Releases-Mul… ∗∗∗ Drupal core - Moderately critical - Third-party libraries - SA-CORE-2019-007 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2019-007 ∗∗∗ Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys ∗∗∗ --------------------------------------------- https://security.googleblog.com/2019/05/titan-keys-update.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.05.2019
by Daily end-of-shift report 15 May '19

15 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-05-2019 18:00 − Mittwoch 15-05-2019 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücken: Adobe patcht PDF-Werkzeuge und den Flash Player ∗∗∗ --------------------------------------------- Adobe hat turnusmäßig neue Sicherheitsupdates veröffentlicht. Im Mai 2019 sollten vor allem der Adobe Reader und Adobe Acrobat abgesichert werden. Auch für den Flash Player gibt es eine Warnung .. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-adobe-patcht-pdf-werkzeuge-und… ∗∗∗ Best of the Web: Trust-Siegel verteilt Keylogger ∗∗∗ --------------------------------------------- Eigentlich soll das Best-of-the-Web-Siegel die Sicherheit von Webseiten zertifizieren, stattdessen wurden über ein gehacktes Script Keylogger .. --------------------------------------------- https://www.golem.de/news/best-of-the-web-trust-siegel-verteilt-keylogger-1… ∗∗∗ May 2019 Security Update Release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2019/05/14/may-2019-security-updat… ∗∗∗ Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) ∗∗∗ --------------------------------------------- Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updat… ∗∗∗ Three New Masque Attacks against iOS: Demolishing, Breaking and Hijacking ∗∗∗ --------------------------------------------- In the recent release of iOS 8.4, Apple fixed several vulnerabilities including vulnerabilities that allow attackers to deploy two new kinds of Masque Attack (CVE-2015-3722/3725, and CVE-2015-3725). We call these exploits Manifest Masque and Extension Masque, which can be used to demolish apps, including system apps (e.g., Apple Watch, .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2015/06/three_new_masqueatt.html ∗∗∗ array_diff_ukey Usage in Malware Obfuscation ∗∗∗ --------------------------------------------- We discovered a PHP backdoor on a WordPress installation that contained some interesting obfuscation .. --------------------------------------------- http://labs.sucuri.net/?note=2019-05-14 ∗∗∗ IT-Security - Grazer Forscher entdeckten neue Lücken bei Intel-Prozessoren ∗∗∗ --------------------------------------------- Prozessoren der Jahre 2012 bis 2018 betroffen – Neue Updates werden notwendig --------------------------------------------- https://derstandard.at/2000103122472/Grazer-Forscher-entdeckten-neue-Sicher… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: SAP BusinessObjects Business Intelligence CVE-2019-0289 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- SAP BusinessObjects Business Intelligence CVE-2019-0289 Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/108311 ∗∗∗ Synology-SA-19:23 Samba AD DC ∗∗∗ --------------------------------------------- CVE-2018-16860 allows man-in-the-middle attackers to bypass security constraints via a susceptible version of Directory Server for Windows Domain. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_23 ∗∗∗ DSA-4443 samba - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2019/dsa-4443 ∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/05/13/Cisco-Releases-Sec… ∗∗∗ Authorization Bypass Vulnerability in RSA NetWitness (CVE-2019-3724) ∗∗∗ --------------------------------------------- https://sec-consult.com/en/blog/advisories/authorization-bypass-vulnerabili… ∗∗∗ VMSA-2019-0007 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0007.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.05.2019
by Daily end-of-shift report 14 May '19

14 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 13-05-2019 18:00 − Dienstag 14-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Unklare Angebote zu Strafregisterauszug, Führungs- und Leumundszeugnis ∗∗∗ --------------------------------------------- Auf leumundszeugnis.at, strafregisterauszug.at, fuehrungszeugnis.at und amtsweg.info können Konsument/innen Online-Wegweiser bzw. E-Books erwerben, die beschreiben, wie gewisse Anträge bei den zuständigen Ämtern online gestellt werden können. Für zahlreiche Interessent/innen ist aber nicht klar erkennbar, dass nur Anleitungen und nicht die amtlichen Dokumente selbst angeboten werden. --------------------------------------------- https://www.watchlist-internet.at/news/unklare-angebote-zu-strafregisteraus… ===================== = Vulnerabilities = ===================== ∗∗∗ Update WhatsApp now: Bug lets snoopers put spyware on your phone with just a call ∗∗∗ --------------------------------------------- WhatsApp has disclosed a serious vulnerability in the messaging app that gives snoops a way to remotely inject Israeli spyware on iPhone and Android devices simply by calling the target. The bug, detailed in a Monday Facebook advisory for CVE-2019-3568, is a buffer overflow vulnerability within WhatsApp's VOIP function. --------------------------------------------- https://www.zdnet.com/article/update-whatsapp-now-bug-lets-snoopers-put-spy… ∗∗∗ Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder ∗∗∗ --------------------------------------------- Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild. Out of 87 total flaws, a whopping number of vulnerabilities (i.e., --------------------------------------------- https://thehackernews.com/2019/05/adobe-software-updates.html ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Original release date: May 14, 2019 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:watchOS 5.2.1Safari 12.1.1Apple TV Software 7.3tvOS 12.3iOS 12.3macOS Mojave 10.14.5, --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/05/14/Apple-Releases-Mul… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (flatpak, ghostscript, and python-jinja2), Debian (cups-filters, imagemagick, qt4-x11, and samba), Fedora (httpd and wpa_supplicant), openSUSE (freeradius-server, nmap, python-Jinja2, signing-party, and webkit2gtk3), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), Scientific Linux (python-jinja2), SUSE (cf-cli, java-1_8_0-openjdk, and libxslt), and Ubuntu (isc-dhcp, openjdk-8, openjdk-lts, samba, and VCFtools). --------------------------------------------- https://lwn.net/Articles/788373/ ∗∗∗ Intel Desktop Firmware: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Intel Desktop Board products BIOS ist das BIOS welches mit Intel Motherboards ausgeliefert wird. Die Server Firmware stellt die Software-Grundbetriebskomponenten für Mainboards bereit. Ein lokaler Angreifer kann eine Schwachstelle in Intel Desktop Firmware und Intel Server Firmware ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0399 ∗∗∗ ASUS WebStorage abused to spy on users at the router level ∗∗∗ --------------------------------------------- ESET researcher Anton Cherepanov published a report detailing attack vectors related to WebStorage, ASUS's cloud storage service, on Tuesday. According to the team, the Plead malware may be being distributed through MiTM attacks taking place against ASUS software. Plead is a malware variant which specializes in data theft through a combination of the Plead backdoor and Drigo exfiltration tool. --------------------------------------------- https://www.zdnet.com/article/asus-webstorage-abused-to-spy-on-users-at-the… ∗∗∗ Cisco Secure Boot Hardware Tampering Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XE Software Web UI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud January 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in Liberty for Java for IBM Cloud (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ SSA-102144 (Last Update: 2019-05-14): Code Execution Vulnerability in LOGO! Soft Comfort ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf ∗∗∗ SSA-542701 (Last Update: 2019-05-14): Vulnerabilities in SIEMENS LOGO! ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf ∗∗∗ SSA-549547 (Last Update: 2019-05-14): Multiple Vulnerabilites in SCALANCE W1750D ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf ∗∗∗ SSA-606525 (Last Update: 2019-05-14): Denial-of-Service Vulnerability in SINAMICS PERFECT HARMONY GH180 Ethernet Modbus Interface (G28) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf ∗∗∗ SSA-697412 (Last Update: 2019-05-14): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf ∗∗∗ SSA-705517 (Last Update: 2019-05-14): Remote Code Execution Vulnerability in SIMATIC WinCC and SIMATIC PCS 7 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf ∗∗∗ SSA-804486 (Last Update: 2019-05-14): Multiple Vulnerabilities in SIMATIC Panels and SIMATIC WinCC (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf ∗∗∗ SSA-865156 (Last Update: 2019-05-14): Denial-of-Service Vulnerability in SINAMICS PERFECT HARMONY GH180 Fieldbus Network ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf ∗∗∗ SSA-902727 (Last Update: 2019-05-14): Multiple Vulnerabilities in Licensing Software for SISHIP Automation Solutions ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf ∗∗∗ HPESBMU03935 rev.1 - HPE Unified OSS Console Software Products using Apache CouchDB, Remote Code Execution, Remote Escalation of Privilege ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.05.2019
by Daily end-of-shift report 13 May '19

13 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-05-2019 18:00 − Montag 13-05-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Administration: Microsoft empfiehlt ein separat abgesichertes Gerät ∗∗∗ --------------------------------------------- Wer komplexe Systeme administriert, kann auch schnell zu einem attraktiven Angriffsziel werden. Microsoft gibt einige Tipps aus dem eigenen Hause, um diese Gefahr zu minimieren. Dazu gehört der Einsatz spezieller Geräte. --------------------------------------------- https://www.golem.de/news/administration-microsoft-empfiehlt-ein-separat-ab… ∗∗∗ Hashfunktion: Der nächste Nagel im Sarg von SHA-1 ∗∗∗ --------------------------------------------- Eigentlich wissen es alle: Die Hashfunktion SHA-1 ist tot. Forscher haben jetzt eine Methode gefunden, Angriffe auf das Verfahren noch praxisrelevanter zu machen. --------------------------------------------- https://www.golem.de/news/hashfunktion-der-naechste-nagel-im-sarg-von-sha-1… ∗∗∗ AR19-133A: Microsoft Office 365 Security Observations ∗∗∗ --------------------------------------------- Original release date: May 13, 2019 Summary As the number of organizations migrating email services to Microsoft Office 365 (O365) and other cloud services increases, the use of third-party companies that move organizations to the cloud is also increasing. Organizations and their third-party partners need to be aware of the risks involved in transitioning to O365 and other cloud services. --------------------------------------------- https://www.us-cert.gov/ncas/analysis-reports/AR19-133A ∗∗∗ Hackers are collecting payment details, user passwords from 4,600 sites ∗∗∗ --------------------------------------------- Hackers have breached analytics service Picreel and open-source project Alpaca Forms and have modified JavaScript files on the infrastructure of these two companies to embed malicious code on over 4,600 websites, security researchers have told ZDNet. The attack is ongoing, and the malicious scripts are still live, at the time of this articles publishing. --------------------------------------------- https://www.zdnet.com/article/hackers-are-collecting-payment-details-user-p… ∗∗∗ Microsoft erweitert BitLocker-Verwaltungsoptionen für Unternehmen ∗∗∗ --------------------------------------------- Microsoft plant zur Verwaltung der BitLocker-Verschlüsselung in Unternehmensumgebungen Erweiterungen für Intune und den System Center Configuration Manager. --------------------------------------------- https://heise.de/-4420137 ∗∗∗ Jetzt patchen: Angreifer nehmen ältere SharePoint-Server-Lücke ins Visier ∗∗∗ --------------------------------------------- Die schon im Februar/März gefixte Lücke CVE-2019-0604 wird aktiv ausgenutzt. Wer die Updates noch nicht installiert hat, sollte spätestens jetzt handeln. --------------------------------------------- https://heise.de/-4420747 ∗∗∗ Images Loading Credit Card Swipers ∗∗∗ --------------------------------------------- We’ve come across an interesting approach to injecting credit card swipers into Magento web pages. Instead of injecting a real script, attackers insert a seemingly benign, invisible image from the same site. The catch is, the tag has an "onload" event handler that loads the malicious script. --------------------------------------------- http://labs.sucuri.net/?note=2019-05-10 ∗∗∗ NVIDIA Patches High Severity Bugs in GPU Display Driver ∗∗∗ --------------------------------------------- NVIDIA has released patches to address High severity vulnerabilities in its NVIDIA GPU Display Driver that could allow an attacker to escalate privileges or execute code on vulnerable systems. read more --------------------------------------------- https://www.securityweek.com/nvidia-patches-high-severity-bugs-gpu-display-… ===================== = Vulnerabilities = ===================== ∗∗∗ SQLite: Schwachstelle in Programmbibliothek erlaubt Remote Code Execution ∗∗∗ --------------------------------------------- Seit April gibt es SQLite in Version 3.28.0. Angesichts einer kritischen Schwachstelle in früheren Versionen sollten Entwickler schleunigst umsteigen. --------------------------------------------- https://heise.de/-4421109 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (atftp, ghostscript, openjdk-7, and postgresql-9.4), Fedora (java-11-openjdk, mosquitto, and php), Mageia (bash, binutils, clamav, cronie, jasper, kernel, mxml, openexr, openssh, python, qt4, svgsalamander, sysstat, tar, and tcpreplay), openSUSE (openssl, python3, sqlite3, webkit2gtk3, and wireshark), Red Hat (bind, flatpak, freeradius:3.0, java-1.8.0-openjdk, python-jinja2, rh-ror42-rubygem-actionpack, rh-ror50-rubygem-actionpack, rh-ruby23-ruby, [...] --------------------------------------------- https://lwn.net/Articles/788266/ ∗∗∗ Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2019050121 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server April 2019 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ RDQM and IBM MQ Appliance are vulnerable to a denial of service attack (CVE-2018-1084) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-rdqm-and-ibm-m… ∗∗∗ IBM Security Bulletin: Rational DOORS Web Access is affected Cross-site scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-doors-web-ac… ∗∗∗ Linux kernel vulnerability CVE-2017-8824 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15526101 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in the Roav A1 Dashcam ∗∗∗ --------------------------------------------- https://blog.talosintelligence.com/2019/05/vulnerability-spotlight-multiple… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.05.2019
by Daily end-of-shift report 10 May '19

10 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-05-2019 18:00 − Freitag 10-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Drupal: Security-Release fürs CMS repariert sicherheitsanfällige Komponente ∗∗∗ --------------------------------------------- Drupal-Nutzer sollten den CMS-Core aktualisieren. Die Entwickler haben eine Schwachstelle gefixt, die als "moderately critical" gilt. --------------------------------------------- https://heise.de/-4420050 ∗∗∗ BSI stellt Open-Source-Prüfwerkzeug für Evidence Records bereit ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Pruefwerkzeug-Evi… ∗∗∗ Types of backup and five backup mistakes to avoid ∗∗∗ --------------------------------------------- What are the main types of backup operations and how to avoid the sinking feeling of realizing that you may not get your data back? The post Types of backup and five backup mistakes to avoid appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2019/05/10/types-backup-mistakes-avoid/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9, postgresql-9.6, qemu, and symfony), Fedora (kernel, kernel-tools, mod_cluster, rubygem-actioncable, rubygem-actionmailer, rubygem-actionpack, rubygem-actionview, rubygem-activejob, rubygem-activemodel, rubygem-activerecord, rubygem-activestorage, rubygem-activesupport, rubygem-rails, and rubygem-railties), openSUSE (wireshark), Red Hat (freeradius), Scientific Linux (freeradius), and Ubuntu (bind9 and wpa). --------------------------------------------- https://lwn.net/Articles/788066/ ∗∗∗ ZDI-19-459: (0Day) Hewlett Packard Enterprise Intelligent Management Center Standard ImcLoginMgrImpl Hard-coded Cryptographic Key Credentials Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-459/ ∗∗∗ ZDI-19-458: (0Day) Hewlett Packard Enterprise Intelligent Management Center dbman Use of Hard-coded Credentials Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-458/ ∗∗∗ ZDI-19-457: (0Day) Hewlett Packard Enterprise Intelligent Management Center AMF3 Externalizable Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-457/ ∗∗∗ ZDI-19-456: (0Day) Hewlett Packard Enterprise Intelligent Management Center AccessMgrServlet className Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-456/ ∗∗∗ ZDI-19-455: (0Day) Hewlett Packard Enterprise Intelligent Management Center TopoMsgServlet Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-455/ ∗∗∗ ZDI-19-454: (0Day) Hewlett Packard Enterprise Intelligent Management Center soapConfigContent Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-454/ ∗∗∗ ZDI-19-453: (0Day) Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-453/ ∗∗∗ ZDI-19-452: (0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectDevType Expression Language Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-452/ ∗∗∗ Security Notice - Statement on the Suspected Huawei Issue in the U.S. DoDs 5G Ecosystem Report ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2019/huawei-sn-20190510-01-… ∗∗∗ IBM Security Bulletin: Security Vulnerability in IBM® Java SDK affect IBM Rational Team Concert Apr 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale with CES stack enabled that could allow sensitive data to be included with service snaps. This data could be sent to IBM during service engagements (CVE-2019-4259) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-has-b… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for ACH Services for Multi-Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential cross-site request forgery vulnerability (CVE-2018-1790) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ Linux kernel vulnerability CVE-2018-13405 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00854051 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily