Daily

daily@lists.cert.at

1 participants
3087 discussions

Tageszusammenfassung - 07.10.2019
by Daily end-of-shift report 07 Oct '19

07 Oct '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-10-2019 18:00 − Montag 07-10-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Betrügerische Mahnungen von Streaming-Seiten ignorieren! ∗∗∗ --------------------------------------------- Auf der Suche nach den neuesten Hollywood-Blockbustern im Internet stolpern zahlreiche KonsumentInnen über kinox.su. Beim Versuch, kostenlos Filme anzusehen, werden sie auf Websites wie streamovo.de, streamado.de, streamamy.de oder streamjuju.de weitergeleitet. Achtung: Die gratis Anmeldung auf diesen Websites führt nicht zu unbegrenztem Filmgenuss, sondern zu Rechnungen und Mahnungen über 395,88 Euro. Es besteht kein Grund zur Zahlung! --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-mahnungen-von-streami… ∗∗∗ visNetwork for Network Data, (Sun, Oct 6th) ∗∗∗ --------------------------------------------- DFIR Redefined Part 3 - Deeper Functionality for Investigators with R series continued --------------------------------------------- https://isc.sans.edu/diary/rss/25390 ∗∗∗ Factsheet DNS monitoring will get harder ∗∗∗ --------------------------------------------- New DNS transport protocols make it harder to monitor or modify DNS requests. This is beneficial on today’s untrusted networks. At the same time the shift may render your organisation’s security controls ineffective, expose internal naming or break connectivity. These negative side effects are hard to mitigate at a network level and require mitigation at DNS infrastructure and individual devices. --------------------------------------------- https://english.ncsc.nl/publications/factsheets/2019/oktober/2/factsheet-dn… ∗∗∗ NISTs Zero Trust Taxonomy Introduces Components, Threats and Migration Routes ∗∗∗ --------------------------------------------- NIST has published a draft Zero Trust Architecture (ZTA) special publication (SP.800.207). The purpose is to develop a technology-neutral lexicon of the logical components of a zero trust strategy, and to define ZTA, describe possible deployment scenarios, and highlight threats. --------------------------------------------- https://www.securityweek.com/nists-zero-trust-taxonomy-introduces-component… ∗∗∗ A year after patch, Drupalgeddon2 is still being employed in cybercriminal attacks ∗∗∗ --------------------------------------------- The remote code execution bug is being used in attacks against high-profile websites. --------------------------------------------- https://www.zdnet.com/article/old-drupalgeddon2-rce-is-still-being-employed… ∗∗∗ White-hat hacks Muhstik ransomware gang and releases decryption keys ∗∗∗ --------------------------------------------- Annoyed victim hacks back ransomware gang and releases all their decryption keys, along with a free decrypter. --------------------------------------------- https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-r… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerabilities exploited in VPN products used worldwide ∗∗∗ --------------------------------------------- The NCSC is investigating the exploitation, by Advanced Persistent Threat (APT) actors, of known vulnerabilities affecting Virtual Private Network (VPN) products from vendors Pulse secure, Palo Alto and Fortinet. --------------------------------------------- https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities ∗∗∗ Großer Lausch-Anruf: Signal für Android nimmt selbsttätig Anrufe an ∗∗∗ --------------------------------------------- Eine Lücke im Messenger Signal führt unter Android dazu, dass Nutzer belauscht werden könnten. Die App nimmt Sprachanrufe ohne Nutzerinteraktion entgegen. --------------------------------------------- https://heise.de/-4546500 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jackson-databind, libapreq2, libreoffice, novnc, phpbb3, and ruby-mini-magick), Fedora (mbedtls and mosquitto), Mageia (xpdf), openSUSE (bind, firefox, nginx, openssl-1_0_0, php7, python-numpy, and thunderbird), Oracle (kernel), SUSE (ansible1, ardana-ansible, ardana-cluster, ardana-db, ardana-extensions-nsx, ardana-glance, ardana-input-model, ardana-installer-ui, ardana-manila, ardana-monasca, ardana-neutron, ardana-nova, ardana-octavia, [...] --------------------------------------------- https://lwn.net/Articles/801469/ ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Rational® Quality Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by an openssh vulnerability (CVE-2018-15473) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by openssl vulnerabilities (CVE-2019-1559, CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.10.2019
by Daily end-of-shift report 04 Oct '19

04 Oct '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-10-2019 18:00 − Freitag 04-10-2019 18:00 Handler: Stephan Richter Co-Handler: Olaf Schwarz ===================== = News = ===================== ∗∗∗ Lost Files Data Wiper Poses as a Windows Security Scanner ∗∗∗ --------------------------------------------- A Windows Security Scanner that states it encrypted your files is being distributed by spam, but whether by bug or design, it instead corrupts binary data in a victims files. --------------------------------------------- https://www.bleepingcomputer.com/news/security/lost-files-data-wiper-poses-… ∗∗∗ Linux-Kernel: Android-Bug wird von NSO Group angegriffen ∗∗∗ --------------------------------------------- Googles Project Zero berichtet über einen Bug im Linux-Kernel, mit dem sich Android-Telefone angreifen lassen. Laut Google wird offenbar ein Exploit für den Bug bereits aktiv ausgenutzt. Pikant: Gefunden wurde der Bug bereits 2017 - von Google selbst. --------------------------------------------- https://www.golem.de/news/linux-kernel-android-bug-wird-von-nso-group-angeg… ∗∗∗ Investigating the security of Lime scooters ∗∗∗ --------------------------------------------- I've been looking at the security of the Lime escooters. These caught my attention because:(1) There's a whole bunch of them outside my building, and(2) I can see them via Bluetooth from my sofa which, given that I'm extremely lazy, made them more attractive targets than something that would actually require me to leave my home. --------------------------------------------- https://mjg59.dreamwidth.org/53024.html ∗∗∗ Down the Malware Rabbit Hole – Part 1 ∗∗∗ --------------------------------------------- It’s common for malware to be encoded to hide itself—or its true intentions—but have you ever given thought to what lengths attackers will go to hide their malicious code? In our first post in this series, we’ll describe how bad actors hide their malicious code and the steps taken to reveal its true form. --------------------------------------------- https://blog.sucuri.net/2019/10/down-the-malware-rabbit-hole-part-1.html ∗∗∗ COMpfun successor Reductor infects files on the fly to compromise TLS traffic ∗∗∗ --------------------------------------------- In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. --------------------------------------------- https://securelist.com/compfun-successor-reductor/93633/ ∗∗∗ Antimalware Scan Interface Detection Optics Analysis Methodology: Identification and Analysis of AMSI for WMI ∗∗∗ --------------------------------------------- AMSI offers a fantastic interface for endpoint security vendors to gain insight into in-memory buffers from components that choose have their content scanned. --------------------------------------------- https://posts.specterops.io/antimalware-scan-interface-detection-optics-ana… ∗∗∗ macOS systems abused in DDoS attacks ∗∗∗ --------------------------------------------- Up to 40,000 macOS systems expose a particular port online that can be abused for pretty big DDoS attacks. --------------------------------------------- https://www.zdnet.com/article/macos-systems-abused-in-ddos-attacks/ ===================== = Vulnerabilities = ===================== ∗∗∗ Interpeak IPnet TCP/IP Stack (Update A) ∗∗∗ --------------------------------------------- This updated medical advisory is a follow-up to the original advisory titled ICSMA-19-274-01 Interpeak IPnet TCP/IP Stack that was published October 1, 2019, on the ICS webpage on us-cert.gov. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsma-19-274-01 ∗∗∗ Microsoft Re-Releases Security Updates ∗∗∗ --------------------------------------------- Microsoft has re-released security updates to address a vulnerability in Microsoft software. A remote attacker could exploit this vulnerability to take control of an affected system. Updates are now available automatically via Windows Update or Windows Server Update Services. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/10/03/microsoft-re-relea… ∗∗∗ FreeType vulnerability CVE-2015-9290 ∗∗∗ --------------------------------------------- In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict ... --------------------------------------------- https://support.f5.com/csp/article/K38315305 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (exim, ruby, ruby-rdoc, ruby2.5, and systemd), Debian (openconnect), Mageia (thunderbird), openSUSE (lxc and mosquitto), Oracle (kernel and patch), Scientific Linux (patch), SUSE (firefox, java-1_7_0-ibm, and sqlite3), and Ubuntu (clamav). --------------------------------------------- https://lwn.net/Articles/801318/ ∗∗∗ Security Advisory 2019-13: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2019-13-security-update-for-ot… ∗∗∗ IBM Security Bulletin: Linux Kernel as used by IBM QRadar SIEM is vulnerable to Denial of Service(CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-linux-kernel-as-used-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.10.2019
by Daily end-of-shift report 03 Oct '19

03 Oct '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-10-2019 18:00 − Donnerstag 03-10-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sodinokibi Ransomware Builds An All-Star Team of Affiliates ∗∗∗ --------------------------------------------- The Sodinokibi Ransomware (REvil) has been making news lately as they target the enterprise, MSPs, and government entities through their hand-picked team of all-star affiliates. These affiliates appear to have had a prior history with the GandCrab RaaS and use similar distribution methods. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-builds… ∗∗∗ A New Wave of Buggy WordPress Infections ∗∗∗ --------------------------------------------- We’ve been following an ongoing malware campaign for the past couple of years now. This campaign is renowned for its prompt addition of exploits for newly discovered WordPress theme and plugin vulnerabilities. Every other week, the attackers introduce new domain names and slightly change the obfuscation of their scripts to prevent detection. --------------------------------------------- https://blog.sucuri.net/2019/10/a-new-wave-of-buggy-wordpress-infections.ht… ∗∗∗ FBI: Don’t pay ransomware demands, stop encouraging cybercriminals to target others ∗∗∗ --------------------------------------------- The FBI has some unambiguous advice for organisations on how they should handle ransomware demands: Dont pay. --------------------------------------------- https://www.tripwire.com/state-of-security/featured/fbi-dont-pay-ransomware/ ===================== = Vulnerabilities = ===================== ∗∗∗ Gefährliche Lücke in Magenta-Routern entdeckt ∗∗∗ --------------------------------------------- Die bereits in UPC-Zeiten verteilte Connect Box kann von außen übernommen werden. Ein Firmware-Update soll Abhilfe schaffen. --------------------------------------------- https://futurezone.at/produkte/gefaehrliche-luecke-in-magenta-routern-entde… ∗∗∗ WhatsApp Flaw Opens Android Devices to Remote Code Execution ∗∗∗ --------------------------------------------- A double-free bug could allow an attacker to achieve remote code execution; users are encouraged to update to a patched version of the messaging app. --------------------------------------------- https://threatpost.com/whatsapp-flaw-opens-android-devices-to-remote-code-e… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel), Debian (jackson-databind, libapreq2, and subversion), Fedora (glpi, memcached, and zeromq), openSUSE (rust), Oracle (kernel), Red Hat (patch), and SUSE (dovecot23, git, jasper, libseccomp, and thunderbird). --------------------------------------------- https://lwn.net/Articles/801226/ ∗∗∗ Localization update - Moderately critical - Insecure server configuration - SA-CONTRIB-2019-072 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2019-072 ∗∗∗ Simple AMP (Accelerated Mobile Pages) - Moderately critical - Access bypass - SA-CONTRIB-2019-071 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2019-071 ∗∗∗ Ubercart - Moderately critical - Cross site scripting - SA-CONTRIB-2019-070 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2019-070 ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross-Site Scripting (CVE-2019-4564) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-life… ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by information exposure (CVE-2019-4514) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-life… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Connect:Direct Web Services (CVE-2019-10246, CVE-2019-10247, CVE-2019-10241 & CVE-2018-12545) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-af… ∗∗∗ IBM Security Bulletin: IBM MQ AMQP Listeners are vulnerable to a session fixation attack (CVE-2019-4227) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-amqp-listeners… ∗∗∗ HPESBST03958 rev.1 - HPE Command View Advanced Edition (CVAE) Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03959 rev.1 - HPE Command View Advanced Edition (CVAE) Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.10.2019
by Daily end-of-shift report 02 Oct '19

02 Oct '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 01-10-2019 18:00 − Mittwoch 02-10-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Ethical hacking: Passive information gathering with Maltego ∗∗∗ --------------------------------------------- In this article, we’ll discuss passive information gathering. We’ll first look at how we can use Maltego, a common information gathering tool, to perform this form of reconnaissance. Using a hands-on walkthrough of Maltego, we’ll see how you can acquire IP addresses, sub-domains and perform different levels of reconnaissance to inform your information gathering [...] --------------------------------------------- https://resources.infosecinstitute.com/ethical-hacking-passive-information-… ∗∗∗ Hackers Turn to OpenDocument Format to Avoid AV Detection ∗∗∗ --------------------------------------------- Malware laced OpenDocument files target Microsoft Office, OpenOffice and LibreOffice users. --------------------------------------------- https://threatpost.com/hackers-turn-to-opendocument/148817/ ∗∗∗ Magecart hits again, leveraging compromised sites and newly registered domains ∗∗∗ --------------------------------------------- During alert monitoring, ThreatLabZ researchers came across multiple cases of shopping sites being compromised and injected with a skimming script. This injected script looks for the payment method and personally identifiable information (PII) and captures supplied financial information which is then sent to an adversary-controlled gate server even before the user hits the submit form. --------------------------------------------- https://www.zscaler.com/blogs/research/magecart-hits-again-leveraging-compr… ∗∗∗ Erfundene Speditionen beim Autokauf über Kleinanzeigen! ∗∗∗ --------------------------------------------- Auf der Suche nach günstigen Gebrauchtautos, Wohnmobilen, Motorrädern oder Oldtimern sind Kleinanzeigenplattformen häufig die beste Option. Doch seien Sie vorsichtig, wenn Ihr Gegenüber sich angeblich im Ausland befindet und der Kauf über eine Spedition abgewickelt werden soll. Meist handelt es sich hierbei um Kriminelle, die Ihnen das Geld aus der Tasche ziehen wollen. Das versprochene Gefährt erhalten Sie nie! --------------------------------------------- https://www.watchlist-internet.at/news/erfundene-speditionen-beim-autokauf-… ∗∗∗ Understanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exe ∗∗∗ --------------------------------------------- https://posts.specterops.io/understanding-and-defending-against-access-toke… ===================== = Vulnerabilities = ===================== ∗∗∗ Interpeak IPnet TCP/IP Stack ∗∗∗ --------------------------------------------- This advisory contains mitigations for stack-based buffer overflow, heap-based buffer overflow, integer underflow, improper restriction of operations within the bounds of a memory buffer, race condition, argument injection, and null pointer dereference vulnerabilities in the Interpeak IPnet TCP/IP stack. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-274-01 ∗∗∗ Yokogawa Products ∗∗∗ --------------------------------------------- This advisory includes mitigations for an unquoted search path or element vulnerability reported in Yokogawa’s Exaopc, Exaplog, Exaquantum, Exasmoc, Exarqe, GA10, and InsightSuiteAE products. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-274-02 ∗∗∗ Moxa EDR 810 Series ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation and improper access control vulnerabilities reported in Moxa’s EDR 810 router. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-274-03 ∗∗∗ Inadequate Patch in Hewlett Packard Enterprise iMC 7.3 E0703 ∗∗∗ --------------------------------------------- [...] This means there are (at least) two unpatched, known vulnerabilities in iMC with a CVSSv2 base score of 10.0. Basically, these bugs have been lurking around without proper patches since December 2018. --------------------------------------------- https://medium.com/tenable-techblog/inadequate-patch-in-hewlett-packard-ent… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openssl and openssl1.0), Fedora (expat, kernel, kernel-headers, kernel-tools, and phpMyAdmin), openSUSE (nghttp2 and u-boot), Oracle (kernel), Red Hat (rh-nodejs8-nodejs), Slackware (libpcap), SUSE (bind, jasper, libgcrypt, openssl-1_0_0, and php7), and Ubuntu (clamav). --------------------------------------------- https://lwn.net/Articles/801130/ ∗∗∗ PuTTY: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0863 ∗∗∗ Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2019100006 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Information disclosure vulnerability in WebSphere Application Server (CVE-2019-4441) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an Escalation of Privileges vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-14439, CVE-2019-14379, CVE-2019-12814, CVE-2019-12086) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-fa… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance has shipped a security vulnerability fix for WebSphere Application Server (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-access-m… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data – OpenSSL (CVE-2019-1543), Kubernetes (CVE-2019-1002100) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.10.2019
by Daily end-of-shift report 01 Oct '19

01 Oct '19

===================== = End-of-Day report = ===================== Timeframe: Montag 30-09-2019 18:00 − Dienstag 01-10-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Free Ouroboros Ransomware (Zeropadypt NextGen) Decryption Available ∗∗∗ --------------------------------------------- Victims of the Ouroboros Ransomware, otherwise known as Zeropadypt NextGen, can get their files decrypted for free with the help of a security researcher and a decryptor that has been made for different variants. --------------------------------------------- https://www.bleepingcomputer.com/news/security/free-ouroboros-ransomware-ze… ∗∗∗ Beyond the SISSDEN event horizon ∗∗∗ --------------------------------------------- Between May 2016 and April 2019, The Shadowserver Foundation participated in the SISSDEN EU Horizon 2020 project. The main goal of the project was to improve the cybersecurity posture of EU entities and end users through the development of situational awareness and sharing of actionable information. It exceeded KPIs, with 257 sensors in 59 countries, using 974 IP addresses across 119 ASNs and 383 unique /24 (Class C) networks, and collected 31TB of threat data. --------------------------------------------- https://www.shadowserver.org/news/beyond-the-sissden-event-horizon/ ∗∗∗ Decades-Old Code Is Putting Millions of Critical Devices at Risk ∗∗∗ --------------------------------------------- Nearly two decades ago, a company called Interpeak created a network protocol that became an industry standard. It also had severe bugs that are only now coming to light. --------------------------------------------- https://www.wired.com/story/urgent-11-ipnet-vulnerable-devices ∗∗∗ Vorsicht bei zu günstigen Technik-Angeboten ∗∗∗ --------------------------------------------- sgt-sonic.store, alpha-tech.store, omega-tech.store, grand-elec.store und beta-elec.store bieten ein breites Technik-Sortiment mit unschlagbaren Angeboten. Sehen Sie jedoch von einer Bestellung ab, denn es handelt sich um Fake-Shops. Die Ware wird trotz Vorab-Zahlung nie geliefert. Sie verlieren Ihr Geld! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-zu-guenstigen-technik-a… ===================== = Vulnerabilities = ===================== ∗∗∗ Noch ein Update für iOS, iPadOS und watchOS ∗∗∗ --------------------------------------------- Bei Apple kommen die Aktualisierungen Schlag auf Schlag. iOS 13.1.2, iPadOS 13.1.2 und watchOS 6.0.1 beheben erneut Fehler. --------------------------------------------- https://heise.de/-4543459 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apache2, linux-4.9, netty, phpbb3, and poppler), openSUSE (chromium, djvulibre, ghostscript, python-numpy, SDL2, and varnish), Oracle (nodejs:10), Red Hat (httpd24-httpd and httpd24-nghttp2, kpatch-patch, and rh-nodejs10-nodejs), and Ubuntu (linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, and SDL 2.0). --------------------------------------------- https://lwn.net/Articles/801010/ ∗∗∗ Red Hat Produkte: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0860 ∗∗∗ Foxit Reader: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0862 ∗∗∗ Theme Editor <= 2.1 - Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9894 ∗∗∗ Cisco Webex Meetings Enumeration Attack ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Directory Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 and LCM8 & LCM16 KVM Switch Firmware (CVE-2018-0732 CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ HPESBHF03955 rev.1 - HPE Simplivity Omnistack, Local and Remote File Modification and Deletion ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03956 rev.1 - HPE Simplivity Omnistack, Local and Remote Arbitrary Command Execution ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03954 rev.1 - HPE UioT, Remote Unauthorized Access and Access to sensitive Data ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.09.2019
by Daily end-of-shift report 30 Sep '19

30 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 27-09-2019 18:00 − Montag 30-09-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Angreifer können verschlüsselte PDF-Daten leaken ∗∗∗ --------------------------------------------- Passwortgeschützte PDF-Dateien bieten wenig Sicherheit. Ein Angreifer, der die Dateien manipulieren kann, kann dafür sorgen, dass deren Inhalt geleakt wird. Abhilfe gibt es nicht, dafür müsste das Dateiformat geändert werden. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-angreifer-koennen-verschluessel… ∗∗∗ Kriminelle nützen Thomas Cook Insolvenz für Phishing-Attacken ∗∗∗ --------------------------------------------- Die Insolvenz von Thomas Cook und Neckermann Reisen ist momentan in aller Munde. Betroffene KonsumentInnen gelangten nun ins Visier Krimineller. In betrügerischen Phishing-Mails werden sie aufgefordert, Kreditkartendaten und Ausweise zu übermitteln, um ihr Geld zurückzuerhalten. Die E-Mails stammen nicht von Thomas Cook und müssen ignoriert werden! --------------------------------------------- https://www.watchlist-internet.at/news/kriminelle-nuetzen-thomas-cook-insol… ∗∗∗ Masad Spyware Uses Telegram Bots for Command-and-Control ∗∗∗ --------------------------------------------- The malware harvests data, steals cryptocurrency and drops additional malware, while masquerading as a Fortnite aimbot and more. --------------------------------------------- https://threatpost.com/masad-spyware-telegram-bots/148759/ ∗∗∗ European Cybersecurity Month 2019 is launched ∗∗∗ --------------------------------------------- October marks the kick-off of the European Cybersecurity Month (ECSM), coordinated by the European Union Agency for Cybersecurity (ENISA), the European Commission and supported by the Member States. This campaign will focus on expanding awareness about cybersecurity to citizens across Europe. --------------------------------------------- https://www.enisa.europa.eu/news/european-cybersecurity-month-2019-is-launc… ∗∗∗ Malvertiser eGobbler Exploits Chrome & WebKit Bugs, Infects Over 1 Billion Ads ∗∗∗ --------------------------------------------- We have written about the threat actor eGobbler extensively on our blog over the last year as they’ve continued to emerge as a prolific source of malvertising. [...] Over the past 6 months, the threat group has leveraged obscure browser bugs in order to engineer bypasses for built-in browser mitigations against pop-ups and forced redirections. --------------------------------------------- https://blog.confiant.com/malvertiser-egobbler-exploits-chrome-webkit-bugs-… ∗∗∗ Cisco führt halbjährlichen Patchday ein ∗∗∗ --------------------------------------------- Ab sofort will Cisco alle sechs Monate gesammelte Sicherheitsupdates für sein Netzwerkbetriebssysteme IOS und IOS XE veröffentlichen. --------------------------------------------- https://heise.de/-4542793 ===================== = Vulnerabilities = ===================== ∗∗∗ MS-ISAC Releases Advisory on PHP Vulnerability ∗∗∗ --------------------------------------------- Original release date: September 27, 2019The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on a vulnerability in Hypertext Preprocessor (PHP). An attacker could exploit this vulnerability to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/09/27/ms-isac-releases-a… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (dovecot, kernel, and qemu-kvm), Debian (cimg, cups, e2fsprogs, exim4, file-roller, golang-1.11, httpie, and wpa), Fedora (curl, ghostscript, ibus, krb5, mod_md, and nbdkit), Mageia (chromium-browser-stable, libheif, and nghttp2), openSUSE (djvulibre, expat, libopenmpt, mosquitto, phpMyAdmin, and webkit2gtk3), Red Hat (nodejs:10), SUSE (gpg2), and Ubuntu (e2fsprogs and exim4). --------------------------------------------- https://lwn.net/Articles/800915/ ∗∗∗ Exim 4.92.3 security release ∗∗∗ --------------------------------------------- Exim 4.92.3 has been released with a fix for CVE-2019-16928, a heap-basedbuffer overflow in string_vformat that could lead to remote codeexecution. "The currently known exploit uses a extraordinary longEHLO string to crash the Exim process that is receiving the message. Whileat this mode of operation Exim already dropped its privileges, other paths toreach the vulnerable code may exist." --------------------------------------------- https://lwn.net/Articles/800917/ ∗∗∗ xpdf: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0857 ∗∗∗ LibreOffice: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0856 ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190930-… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect the Report Builder that is shipped with Jazz Reporting Service (CVE-2019-4494, CVE-2019-4495, CVE-2019-4497) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Vulnerabilities in kernel affect Power Hardware Management Console (CVE-2019-11479,CVE-2019-11477 and CVE-2019-11478) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ke… ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server can affect IBM SPSS Analytic Server (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect Rational Build Forge (CVE-2019-9517, CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Build Forge (CVE-2019-4473; CVE-2019-11771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Daeja ViewONE Virtual may expose internal IP addresses (CVE-2019-4246) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-daeja-viewone-virtual… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.09.2019
by Daily end-of-shift report 27 Sep '19

27 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 26-09-2019 18:00 − Freitag 27-09-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Adobe and Google Open Redirects Abused by Phishing Campaigns ∗∗∗ --------------------------------------------- Google and Adobe open redirects are being used by phishing campaigns in order to add legitimacy to the URLs used in the spam emails. --------------------------------------------- https://www.bleepingcomputer.com/news/security/adobe-and-google-open-redire… ∗∗∗ Digital Canaries in a Coal Mine: Detecting Enumeration with DNS and AD ∗∗∗ --------------------------------------------- A fundamental part of any network is the Domain Name Service (DNS). Adversaries will likely want to enumerate computers in Active Directory and connect to them, and at some point, they will likely interact with DNS doing so. A simple example is attempting to access a remote share and the resulting DNS query. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/digital-can… ∗∗∗ Researchers Disclose Another SIM Card Attack Possibly Impacting Millions ∗∗∗ --------------------------------------------- A new variant of a recently disclosed SIM card attack method could expose millions of mobile phones to remote hacking, researchers have warned. --------------------------------------------- https://www.securityweek.com/researchers-disclose-another-sim-card-attack-p… ∗∗∗ So schützen Sie sich effektiv vor Schadsoftware! ∗∗∗ --------------------------------------------- Auf dubiosen Websites, in betrügerischen E-Mails oder in scheinbar harmlosen Chat-Nachrichten kann sich Schadsoftware verstecken. Diese verseuchten Dateien dürfen nicht ausgeführt werden, da sie ansonsten das Smartphone, den Computer oder das Netzwerk infizieren. Kriminelle können so beispielsweise sensible Daten auslesen und stehlen, Rechenleistung abzweigen oder ganze Systeme lahmlegen bis eine Kaution bezahlt wird. --------------------------------------------- https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-effektiv-vor-s… ∗∗∗ Microsoft: New Nodersok malware has infected thousands of PCs ∗∗∗ --------------------------------------------- New Nodersok malware installs Node.js to turn systems into proxies, perform click-fraud. --------------------------------------------- https://www.zdnet.com/article/microsoft-new-nodersok-malware-has-infected-t… ∗∗∗ Hit by ransomware? Victims of these four types of file-encrypting malware can now retrieve their files for free ∗∗∗ --------------------------------------------- Cybersecurity researchers crack the codes of FortuneCrypt, Yatron, WannaCryFake and Avest ransomware, allowing victims to get their files back without paying cyber criminals. --------------------------------------------- https://www.zdnet.com/article/hit-by-ransomware-victims-of-these-four-types… ∗∗∗ New WhiteShadow downloader uses Microsoft SQL to retrieve malware ∗∗∗ --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/new-whiteshadow-downloade… ===================== = Vulnerabilities = ===================== ∗∗∗ Apple Releases Security Updates ∗∗∗ --------------------------------------------- Original release date: September 27, 2019Apple has released security updates to address a vulnerability in multiple products. A remote attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, and [...] --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/09/27/apple-releases-sec… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (dcmtk), openSUSE (rust), Red Hat (redhat-virtualization-host), and SUSE (ghostscript, nghttp2, and u-boot). --------------------------------------------- https://lwn.net/Articles/800699/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerabilities Affect IBM Sterling File Gateway (CVE-2019-4423, CVE-2019-4280) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerabilities Affect IBM Sterling File Gateway (CVE-2019-4423, CVE-2019-4280) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware (CVE-2018-0734, CVE-2018-0737, CVE-2018-0739) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ HPESBGN03957 rev.1 - HPE Oneview for VMware vCenter, Remote Cross-Site Scripting ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.09.2019
by Daily end-of-shift report 26 Sep '19

26 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-09-2019 18:00 − Donnerstag 26-09-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Forensoftware vBulletin: Patch schließt kritische Zero-Day-Lücke ∗∗∗ --------------------------------------------- Die Entwickler von vBulletin haben Patches bereitgestellt, die eine als kritisch eingestufte Sicherheitslücke schließen. Forenbetreiber sollten jetzt handeln. --------------------------------------------- https://heise.de/-4539833 ∗∗∗ BSI stellt Service-Paket "IT-Notfall" für kleine und mittlere Unternehmen vor ∗∗∗ --------------------------------------------- Eine Notfallkarte zum Aushängen und ein neuer Maßnahmenkatalog für Sicherheitsverantwortliche sollen KMU helfen, mit Cyber-Bedrohungen besser umzugehen. --------------------------------------------- https://heise.de/-4540075 ∗∗∗ Hackers Replace Windows Narrator to Get SYSTEM Level Access ∗∗∗ --------------------------------------------- Chinese hackers are replacing the legitimate Narrator app on targeted Windows systems with a trojanized version that gives them remote access with privileges of the most powerful account on the operating system. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-replace-windows-narr… ∗∗∗ Ransomware Decryptors Released for Yatron, WannaCryFake, & FortuneCrypt ∗∗∗ --------------------------------------------- Security vendors released decryptors for three ransomware infections today that allow victims to recover their files for free. These decryptors are for the WannaCryFake, Yatron, and FortuneCrypt Ransomware infections. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ransomware-decryptors-releas… ∗∗∗ Windows‌ ‌Exploitation‌ ‌Tricks:‌ ‌Spoofing‌ ‌Named‌ ‌Pipe‌ ‌Client‌ ‌PID‌ ∗∗∗ --------------------------------------------- Posted by James Forshaw, Project ZeroWhile researching the Access Mode Mismatch in IO Manager bug class I came across an interesting feature in named pipes which allows a server to query the connected clients PID. This feature was introduced in Vista and is exposed to servers through the GetNamedPipeClientProcessId API, pass the API a handle to the pipe server and you’ll get back the PID of the connected client. --------------------------------------------- https://googleprojectzero.blogspot.com/2019/09/windows-exploitation-tricks-… ∗∗∗ Joomla! Security Best Practices: 12 Ways to Keep Joomla! Secure ∗∗∗ --------------------------------------------- At Sucuri, we’re often asked how website owners and webmasters can secure their websites. However, most advice can often be too broad; different content management systems (CMS) exist in this ecosystem, and each requires a unique security configuration. --------------------------------------------- https://blog.sucuri.net/2019/09/joomla-security-best-practices.html ∗∗∗ Hackers looking into injecting card stealing code on routers, rather than websites ∗∗∗ --------------------------------------------- Magecart (web skimming) attacks are evolving into a direction where theyre gonna be harder and harder to detect. --------------------------------------------- https://www.zdnet.com/article/hackers-looking-into-injecting-card-stealing-… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Advisories ∗∗∗ --------------------------------------------- Original release date: September 26, 2019Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/09/26/cisco-releases-sec… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (dovecot), Debian (lemonldap-ng, openssl, and ruby-nokogiri), openSUSE (fish3, ibus, nmap, and openssl-1_1), Slackware (mozilla), SUSE (mariadb, python-numpy, and SDL2), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/800647/ ∗∗∗ Multiple Vulnerabilities in Citrix License Server for Windows and VPX ∗∗∗ --------------------------------------------- CTX261963 NewApplicable Products : LicensingMultiple Denial-of-Service vulnerabilities have been identified in Citrix License Server for Windows and VPX that, when exploited, could result in an attacker being able to force the vendor service to shutdown. --------------------------------------------- https://support.citrix.com/article/CTX261963 ∗∗∗ BlackBerry Powered by Android Security Bulletin - September 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Gutenberg - Critical - Access bypass - SA-CONTRIB-2019-069 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2019-069 ∗∗∗ Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2019-068 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2019-068 ∗∗∗ IBM Security Bulletin: Linux kernel as used by IBM QRadar SIEM is vulnerable to privilege escalation(Publicly disclosed vulnerability) (CVE-2019-3896) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-linux-kernel-as-used-… ∗∗∗ IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack caused by a memory leak in the clustering code. (CVE-2019-4141) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-and-ibm-mq-app… ∗∗∗ IBM Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler. These issues were disclosed as part of the IBM Java SDK updates in October 2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-there-are-multiple-vu… ∗∗∗ Multiple SQL Injection Vulnerabilities in eBrigade ∗∗∗ --------------------------------------------- https://sec-consult.com/en/blog/advisories/multiple-sql-injection-vulnerabi… ∗∗∗ Linux Kernel: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0840 ∗∗∗ Linux Kernel: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0838 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.09.2019
by Daily end-of-shift report 25 Sep '19

25 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-09-2019 18:00 − Mittwoch 25-09-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ vBulletin Zero-Day Exploited for Years, Gets Unofficial Patch ∗∗∗ --------------------------------------------- A zero-day exploit for the vBulletin forum platform was publicly disclosed and quickly used to attack affected versions of the forum software. It turns out, though, that this exploit has been known, utilized, and sold by researchers and attackers for years. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited… ∗∗∗ Free Decryptors Released for Two Ransomware Families ∗∗∗ --------------------------------------------- Security researchers have released decryption tools which victims of two different ransomware families can use to recover their files for free. On 25 September, Kaspersky Lab unveiled decryptors for both the Yatron and FortuneCrypt crypto-ransomware families. --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/free-de… ===================== = Vulnerabilities = ===================== ∗∗∗ Apple Releases Security Updates ∗∗∗ --------------------------------------------- Original release date: September 25, 2019Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to obtain access to sensitive information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/09/25/apple-releases-sec… ∗∗∗ Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ VMSA-2019-0015 ∗∗∗ --------------------------------------------- VMware Cloud Foundation and VMware Harbor Container Registry for PCF address remote escalation of privilege vulnerability (CVE-2019-16097) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0015.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel, libgcrypt20, and spip), Fedora (compat-openssl10, expat, ghostscript, ibus, java-1.8.0-openjdk-aarch32, and SDL2_image), openSUSE (bird, chromium, kernel, libreoffice, links, and varnish), Oracle (httpd:2.4 and qemu-kvm), Red Hat (kernel), Scientific Linux (qemu-kvm), SUSE (djvulibre, dovecot22, ghostscript, kernel, libxml2, and python-Twisted), and Ubuntu (file-roller and libreoffice). --------------------------------------------- https://lwn.net/Articles/800553/ ∗∗∗ [20190901] - Core - XSS in logo parameter of default templates ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/PO-TPPu7rQ0/791-20190901-c… ∗∗∗ SBA-ADV-20190911-01: Easy FancyBox Wordpress Plugin Stored Cross-site Scripting (XSS) ∗∗∗ --------------------------------------------- https://github.com/sbaresearch/advisories/commit/9000d9bfd120a1b8f5f1643e5f… ∗∗∗ Security Advisory - Two Integer overflow Vulnerabilities in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190925-… ∗∗∗ Security Advisory - Out-of-bounds Read Vulnerability in Gauss100 OLTP Database of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190925-… ∗∗∗ Security Advisory - Improper Validation Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190925-… ∗∗∗ Security Advisory - Insufficient Verification Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190925-… ∗∗∗ Security Advisory - Insufficient Verification Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190925-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Linux Kernel as used in IBM QRadar Network Packet Capture is vulnerable to denial of service (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-linux-kernel-as-used-… ∗∗∗ IBM Security Bulletin: IBM MQ and IBM MQ Appliance command server is vulnerable to a denial of service attack caused by specially crafted PCF messages (CVE-2019-4378) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-and-ibm-mq-app… ∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2019-10241, CVE-2019-10246 & CVE-2019-10247) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-af… ∗∗∗ IBM Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center in IBM Cloud (CVE-2019-4285) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-clickjacking-vulnerab… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Server Side Request Forgery (CVE-2019-4262) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin:IBM Security Identity Adapters has released a fix in response to the OpenSSL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletinibm-security-identity-… ∗∗∗ BIG-IQ services for stats vulnerability CVE-2019-6652 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23101430 ∗∗∗ BIG-IP APM Edge Client logging vulnerability CVE-2019-6656 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23876153 ∗∗∗ BIG-IP Analytics vulnerability CVE-2019-6655 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31152411 ∗∗∗ Martian address filtering vulnerability CVE-2019-6654 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45644893 ∗∗∗ BIG-IQ vulnerability CVE-2019-6653 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K71712132 ∗∗∗ REST Framework vulnerability CVE-2019-6651 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K89509323 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.09.2019
by Daily end-of-shift report 24 Sep '19

24 Sep '19

===================== = End-of-Day report = ===================== Timeframe: Montag 23-09-2019 18:00 − Dienstag 24-09-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ MITRE ATT&CK vulnerability spotlight: Access token manipulation ∗∗∗ --------------------------------------------- MITRE is a U.S. government federally-funded research and development center (FFRDC) which performs a large amount of research and assessment as a trusted third party for the government. One of their research areas is cybersecurity, and they have developed the MITRE ATT&CK matrix to help with research and education about cybersecurity threats. --------------------------------------------- https://resources.infosecinstitute.com/mitre-attck-access-token-manipulatio… ∗∗∗ Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs ∗∗∗ --------------------------------------------- Im keeping an eye on the certificate transparency logs[1] using automated scripts. The goal is to track domain names (and their variations) of my customers, sensitive services in Belgium, key Internet players and some interesting keywords. Yesterday I detected a peak of events related to the domain remotewebaccess.com. --------------------------------------------- https://isc.sans.edu/forums/diary/Huge+Amount+of+remotewebaccesscom+Sites+F… ∗∗∗ E-Mail der Chaos-Hacking-Gruppe ignorieren ∗∗∗ --------------------------------------------- Angeblich hat sich die Chaos-Hacking-Gruppe in Ihr E-Mail-Konto und Betriebssystem gehackt und Ihr Surfverhalten drei Monate lang beobachtet. Die Kriminellen behaupten, Sie beim Surfen auf Porno-Seiten erwischt und bei intimen Handlungen gefilmt zu haben. Damit das Video über Sie nicht an all Ihre Kontakte gesendet wird, fordern die Hacker eine Überweisung von 2.000 Euro in Form von Bitcoins. --------------------------------------------- https://www.watchlist-internet.at/news/e-mail-der-chaos-hacking-gruppe-igno… ∗∗∗ No summer vacations for Zebrocy ∗∗∗ --------------------------------------------- ESET researchers describe the latest components used in a recent Sednit campaign The post No summer vacations for Zebrocy appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2019/09/24/no-summer-vacations-zebrocy/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Updates Available for ColdFusion (APSB19-47) ∗∗∗ --------------------------------------------- Adobe has published a Security Bulletin (APSB19-47) for ColdFusion versions 2018 and 2016. These updates resolve two critical and one moderate vulnerability that could lead to arbitrary code execution and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1789 ∗∗∗ Notfallpatch: Attacken gegen Internet Explorer ∗∗∗ --------------------------------------------- Ein Update schließt eine kritische Lücke im Internet Explorer – es ist aber noch nicht über Windows Update verfügbar. Auch Windows Defender bekommt einen Patch. --------------------------------------------- https://heise.de/-4537525 ∗∗∗ Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild ∗∗∗ --------------------------------------------- Description: XSS Via Unauthenticated Plugin Options Update Affected Plugin: Rich Reviews Affected Versions: [...] --------------------------------------------- https://www.wordfence.com/blog/2019/09/rich-reviews-plugin-vulnerability-ex… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (php5), Fedora (blis, kernel, and kernel-headers), openSUSE (bird, curl, fish3, ghostscript, ibus, kernel, libgcrypt, openldap2, openssl-1_1, skopeo, and util-linux and shadow), Oracle (dovecot and kernel), Red Hat (dovecot, httpd:2.4, qemu-kvm, and redhat-virtualization-host), Scientific Linux (dovecot), SUSE (djvulibre, expat, firefox, libopenmpt, and rust), and Ubuntu (ibus and Mosquitto). --------------------------------------------- https://lwn.net/Articles/800448/ ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache Commons Compress (CVE-2019-12402) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: IBM Cloud Private for Data is affected by a vulnerability in Go Language (CVE-2019-6486) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-for… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily