=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 15-01-2020 18:00 β Donnerstag 16-01-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ Microsoft Office January Security Updates Fix Code Execution Bugs βββ
---------------------------------------------
Microsoft released the January 2019 Office security updates, bundling a total of seven security updates and three cumulative updates for five different products, six of them patching flaws allowing remote code execution.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-office-january-secβ¦
βββ PoC Exploits Published For Microsoft Crypto Bug βββ
---------------------------------------------
Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability.
---------------------------------------------
https://threatpost.com/poc-exploits-published-for-microsoft-crypto-bug/1519β¦
βββ CVE-2020-0601 Followup, (Wed, Jan 15th) βββ
---------------------------------------------
Among the patches Microsoft released yesterday, the vulnerability in the CryptoAPI got by far the most attention. Here are some answers to questions we have received about this vulnerability. Many of these questions also came from our webcast audience (for a recording, see https://sans.org/cryptoapi-isc ) Thanks to Jake Williams for helping us with the webcast!
---------------------------------------------
https://isc.sans.edu/diary/rss/25714
βββ What do Brit biz consultants and X-rated cam stars have in common? Wide open... AWS S3 buckets on public internet βββ
---------------------------------------------
Exposed: Intimate... personal details belonging to thousands of folks A pair of misconfigured cloud-hosted file silos have left thousands of peoples sensitive info sitting on the open internet.
---------------------------------------------
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/15/open_s3_β¦
βββ Analyzing Magecart Malware - From Zero to Hero βββ
---------------------------------------------
Javascript obfuscation is not a new trend, but it is widely used today to hide malware code in many websites. This post is for technical readers who want to understand Magecartβs common obfuscation pattern, and ways to decode it.
---------------------------------------------
https://www.perimeterx.com/blog/analyzing_magecart_malware_from_zero_to_herβ¦
βββ Sicherheitsupdates: LΓΌcken in VMware-Software bedrohen Android, iOS und Windows βββ
---------------------------------------------
Es sind wichtige Sicherheitsupdates fΓΌr VMware Tools und Workspace ONE SDK erschienen.
---------------------------------------------
https://heise.de/-4639627
βββ Key Cloud Security Challenges and Strategies to Overcome Them βββ
---------------------------------------------
The cloud has changed how we use and consume IT services. Where data resides along with how it is transferred, stored and processed has fundamentally changed and with-it new risk management challenges. Letβs talk about some of those challenges. First and foremost, the cat is out of the bag. Weβre not going back to the [...]
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/cloud/kβ¦
βββ UnseriΓΆse Angebote fΓΌr die digitale Vignette βββ
---------------------------------------------
Wie jedes Jahr steht bei den meisten AutofahrerInnen mit dem Jahreswechsel der Kauf einer neuen Vignette an. Diese kann analog oder digital unter anderem bei der ASFINAG, dem ΓAMTC und dem ARBΓ erworben werden. Achtung: Auch unseriΓΆse Angebote, bei denen das gesetzliche Widerrufsrecht unterschlagen wird und zusΓ€tzliche Kosten anfallen, sind im Internet zu finden.
---------------------------------------------
https://www.watchlist-internet.at/news/unserioese-angebote-fuer-die-digitalβ¦
βββ Beware of this sneaky phishing technique now being used in more attacks βββ
---------------------------------------------
Security company researchers warn of a large increase in conversation-hijacking attacks. Heres what they are and how to spot them.
---------------------------------------------
https://www.zdnet.com/article/beware-of-this-sneaky-phishing-technique-now-β¦
=====================
= Vulnerabilities =
=====================
βββ OSIsoft PI Vision βββ
---------------------------------------------
This advisory contains mitigations for improper access control, cross-site request forgery, cross-site scripting, and inclusion of sensitive information vulnerabilities in OSIsofts PI Vision visualization tool.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-014-06
βββ Radix - Moderately critical - Cross site scripting - SA-CONTRIB-2020-001 βββ
---------------------------------------------
Project: Radix
Date: 2020-January-15
Security risk: Moderately critical 13β25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross site scripting
Description: Radix is a base theme for Drupal, with Bootstrap 4, Sass, ES6 and BrowserSync built-in. The module doesnt sufficiently filter menu titles when used in a dropdown in the main menu. This vulnerability is mitigated by the fact that an attacker must have permission to edit a menu title used in the main menu.
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-001
βββ Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin βββ
---------------------------------------------
On January 7th, our Threat Intelligence team discovered vulnerabilities in WP Database Reset, a WordPress plugin installed on over 80,000 websites. One of these flaws allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state, while the other flaw allowed any authenticated user, even those with minimal permissions, [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-pβ¦
βββ Security updates for Thursday βββ
---------------------------------------------
Security updates have been issued by Debian (debian-lan-config and phpmyadmin), openSUSE (openssl-1_1), Oracle (firefox and kernel), Red Hat (.NET Core, git, java-11-openjdk, and thunderbird), SUSE (Mesa, python3, shibboleth-sp, slurm, and tigervnc), and Ubuntu (libpcap and nginx).
---------------------------------------------
https://lwn.net/Articles/809769/
βββ HPESBGN03975 rev.1 - HPE enhanced Internet Usage Manager (eIUM), Remote Cross Site Scripting βββ
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_nβ¦
βββ HPESBHF03978 rev.1 - HPE Superdome Flex Server, Multiple Remote Vulnerabilities βββ
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_nβ¦
βββ Foxit Reader und Foxit Phantom PDF Suite: Mehrere Schwachstellen βββ
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0052
βββ Wireshark: Mehrere Schwachstellen ermΓΆglichen Denial of Service βββ
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0053
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 14-01-2020 18:00 β Mittwoch 15-01-2020 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
=====================
= News =
=====================
βββ Patch Tuesday: Windows patzt bei ZertifikatsprΓΌfung βββ
---------------------------------------------
Eine LΓΌcke in der Zertifikatsvalidierung von Windows ermΓΆglicht es, die CodesignaturprΓΌfung auszutricksen und TLS-Verbindungen anzugreifen. Zudem gibt es eine SicherheitslΓΌcke im Remote Desktop Gateway.
---------------------------------------------
https://www.golem.de/news/patch-tuesday-windows-patzt-bei-zertifikatspruefuβ¦
βββ CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities βββ
---------------------------------------------
The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. A remote attacker could exploit these vulnerabilities to decrypt, modify, or inject data on user connections.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2020/01/14/cisa-releases-emerβ¦
βββ Critical Cisco DCNM flaws: Patch right now as PoC exploits are released βββ
---------------------------------------------
The need to patch Cisco Data Center Network Manager for Nexus switches becomes even more urgent.
---------------------------------------------
https://www.zdnet.com/article/critical-cisco-dcnm-flaws-patch-right-now-as-β¦
=====================
= Vulnerabilities =
=====================
βββ Oracle Critical Patch Update Advisory - January 2020 βββ
---------------------------------------------
This Critical Patch Update contains 334 new security patches across the product families listed below.
---------------------------------------------
https://www.oracle.com/security-alerts/cpujan2020.html
βββ Huawei Security Advisories βββ
---------------------------------------------
* Intel Microarchitectural Data Sampling (MDS) vulnerabilities
* Three OpenSSL Vulnerabilities in Huawei Products
* Page-Cache Side-Channel Vulnerability
* Three DoS Vulnerabilities in the SIP Module of Some Huawei Products
* Information Leakage Vulnerability in some Huawei Firewall Product
* Buffer Overflow Vulnerability in QEMU-KVM
* FRP Bypass Vulnerability in Huawei Smart Phones
* Insufficient Authentication Vulnerability in Some Huawei Smart Phones
* Improper Authentication Vulnerability in Smartphones
* FragmentSmack Vulnerability in Linux Kernel
* Two Integer Overflow Vulnerabilities in LDAP of Some Huawei Products
---------------------------------------------
https://www.huawei.com/en/psirt/all-bulletins?name=security-advisories&yearβ¦
βββ Sicherheitsupdates: Intel-LΓΌcken zur Rechteausweitung geschlossen βββ
---------------------------------------------
Intels Entwickler haben gefΓ€hrliche LΓΌcken in unter anderem Chip-/CPU-Software und VTune geschlossen.
---------------------------------------------
https://heise.de/-4638307
βββ VMSA-2020-0002 βββ
---------------------------------------------
VMware Tools workaround addresses a local privilege escalation vulnerability (CVE-2020-3941)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0002.html
βββ Security updates for Wednesday βββ
---------------------------------------------
Security updates have been issued by Arch Linux (thunderbird), CentOS (firefox), openSUSE (chromium, firefox, GraphicsMagick, log4j, nodejs8, phpMyAdmin, singularity, and virglrenderer), Oracle (kernel), Red Hat (firefox), SUSE (man, nodejs10, openssl-1_1, and php7), and Ubuntu (php5, php7.0, php7.2, php7.3 and spamassassin).
---------------------------------------------
https://lwn.net/Articles/809624/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 13-01-2020 18:00 β Dienstag 14-01-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
βββ Windows 7 Reaches End of Life Tomorrow, What You Need to Know βββ
---------------------------------------------
Its the end of an era: Windows 7 will reach end of support tomorrow, on January 14, a decade after its initial release, with Microsoft to no longer provide users with software updates and security updates or fixes.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/windows-7-reaches-end-of-liβ¦
βββ Shitrix: Das Citrix-Desaster βββ
---------------------------------------------
Eine SicherheitslΓΌcke in GerΓ€ten der Firma Citrix zeigt in erschreckender Weise, wie schlecht es um die IT-Sicherheit in BehΓΆrden steht. Es fehlt an den absoluten Grundlagen.
---------------------------------------------
https://www.golem.de/news/shitrix-das-citrix-desaster-2001-146047-rss.html
βββ Malware Obfuscation, Encoding and Encryption βββ
---------------------------------------------
Malware is complex and meant to confuse. Many computer users think malware is just another word for βvirusβ when a virus is actually a type of malware. And in addition to viruses, malware includes all sorts of malicious and unwanted code, including spyware, adware, Trojans and worms. Malware has been known to shut down [...]
---------------------------------------------
https://resources.infosecinstitute.com/malware-obfuscation-encoding-and-encβ¦
βββ CISA Releases Test for Citrix ADC and Gateway Vulnerability βββ
---------------------------------------------
The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability. According to Citrix Security Bulletin CTX267027, beginning on January 20, 2020, Citrix will be releasing new versions of Citrix ADC and Citrix Gateway that will patch CVE-2019-19781.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2020/01/13/cisa-releases-testβ¦
βββ Mehrwertdienste von Drittanbietern auf Ihrer Handyrechnung sind meist Abo-Fallen βββ
---------------------------------------------
Eine Handyrechnung, die hΓΆher ausfΓ€llt als gewohnt, bedeutet meist nichts Gutes. Oftmals finden Sie Abbuchungen von Drittanbietern, Mehrwert- oder Partnerdiensten auf Ihrer Rechnung. Sie haben wahrscheinlich unwissentlich bei einem unseriΓΆsen Anbieter einen Abo-Vertrag abgeschlossen. Ihr Geld ist hΓΆchstwahrscheinlich jedoch nicht verloren: Sie kΓΆnnen die Rechnung beim Mobilfunkanbieter beanstanden!
---------------------------------------------
https://www.watchlist-internet.at/news/mehrwertdienste-von-drittanbietern-aβ¦
βββ Microsoft spots malicious npm package stealing data from UNIX systems βββ
---------------------------------------------
Malicious JavaScript package was only active on the npm repository for two weeks.
---------------------------------------------
https://www.zdnet.com/article/microsoft-spots-malicious-npm-package-stealinβ¦
=====================
= Vulnerabilities =
=====================
βββ Security Bulletins Posted βββ
---------------------------------------------
Adobe has published security bulletins for Adobe Experience Manager (APSB20-01) and Adobe Illustrator (APSB20-03). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided βAS ISβ with no warranties and confers no rights.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1820
βββ XSA-312 - arm: a CPU may speculate past the ERET instruction βββ
---------------------------------------------
Some CPUs can speculate past an ERET instruction and potentially perform speculative accesses to memory before processing the exception return. Since the register state is often controlled by lower privilege level (i.e guest kernel/userspace) at the point of the ERET, this could potentially be used as part of a side-channel attack.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-312.html
βββ Security updates for Tuesday βββ
---------------------------------------------
Security updates have been issued by Debian (wordpress and xen), Mageia (graphicsmagick, kernel, makepasswd, and unbound), openSUSE (containerd, docker, docker-runc,, dia, ffmpeg-4, libgcrypt, php7-imagick, proftpd, rubygem-excon, shibboleth-sp, tomcat, trousers, and xen), Oracle (firefox), Red Hat (kernel), Scientific Linux (firefox), SUSE (e2fsprogs, kernel, and libsolv, libzypp, zypper), and Ubuntu (libgcrypt20, libvirt, nginx, sdl-image1.2, and spamassassin).
---------------------------------------------
https://lwn.net/Articles/809506/
βββ SAP Security Patch Day β January 2020 βββ
---------------------------------------------
This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape. On 14th of January 2020, SAP Security Patch Day saw the release of 6 Security Notes. There are 1 updates to previously released Patch Day [...]
---------------------------------------------
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771
βββ Siemens Security Advisories βββ
---------------------------------------------
https://new.siemens.com/global/en/products/services/cert.html#SecurityPubliβ¦
βββ BIG-IP engineering hotfix TMM vulnerability CVE-2020-5852 βββ
---------------------------------------------
https://support.f5.com/csp/article/K53590702
βββ BIG-IP APM Portal Access vulnerability CVE-2020-5853 βββ
---------------------------------------------
https://support.f5.com/csp/article/K73183618
βββ BIG-IP engineering hotfix Trusted Platform Module vulnerability CVE-2020-5851 βββ
---------------------------------------------
https://support.f5.com/csp/article/K91171450
βββ Critical Authentication Bypass Vulnerability in InfiniteWP Client Plugin βββ
---------------------------------------------
https://www.wordfence.com/blog/2020/01/critical-authentication-bypass-vulneβ¦
βββ OTRS: Mehrere Schwachstellen βββ
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0026
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 10-01-2020 18:00 β Montag 13-01-2020 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
βββ Citrix CVE-2019-19781 aktiv ausgenutzt βββ
---------------------------------------------
Ende 2019 wurde eine SicherheitslΓΌcke in diversen Citrix-GerΓ€ten bekannt (CVE-2019-19781), die das AusfΓΌhren beliebiger Befehle ΓΌber das Netzwerk ohne jegliche Authentifikation ermΓΆglicht (unauthenticated RCE). Am 10. JΓ€nner 2020 wurde der erste Exploit fΓΌr diese LΓΌcke auf GitHub verΓΆffentlicht und sie wird (spΓ€testens) seit diesem Zeitpunkt aktiv ausgenutzt.
---------------------------------------------
https://cert.at/de/blog/2020/1/citrix-cve-2019-19781-aktiv-ausgenutzt
βββ Network Traffic Analysis for Incident Response: Internet Protocol with Wireshark βββ
---------------------------------------------
The Internet Protocol (IP) is the most widely-used network-level protocol. Common transport-level protocols, the Transport Control Protocol (TCP) and the User Datagram Protocol (UDP), are encapsulated within IP packets. The purpose of IP is to make networks like the internet possible. Within a subnet, it is possible to route traffic [...]
---------------------------------------------
https://resources.infosecinstitute.com/network-traffic-analysis-for-incidenβ¦
=====================
= Vulnerabilities =
=====================
βββ Security updates for Monday βββ
---------------------------------------------
Security updates have been issued by Arch Linux (file and firefox), Debian (apache-log4j1.2), Fedora (chromium, dovecot, GraphicsMagick, kubernetes, libvpx, makepasswd, matio, and slurm), Mageia (libtomcrypt, ming, oniguruma, opencv, pcsc-lite, phpmyadmin, and thunderbird), openSUSE (chromium, chromium, re2, and mozilla-nspr, mozilla-nss), Red Hat (chromium-browser, firefox, and rabbitmq-server), Slackware (mozilla), and SUSE (crowbar-core, crowbar-openstack, [...]
---------------------------------------------
https://lwn.net/Articles/809312/
βββ Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-β¦
βββ Security Vulnerabilities fixed in Thunderbird 68.4.1 βββ
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 09-01-2020 18:00 β Freitag 10-01-2020 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
βββ Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641 βββ
---------------------------------------------
This is the first blog post in a three-part series that will detail how a vulnerability in iMessage can be exploited remotely without any user interaction on iOS 12.4 (fixed in iOS 12.4.1 in August 2019). It is essentially a more detailed version of my 36C3 talk from December 2019.
---------------------------------------------
https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-pβ¦
βββ Windows Debugging & Exploiting Part 3: WinDBG Time Travel Debugging βββ
---------------------------------------------
Time to start 2020? No better time for writing about the TTD (Time Travel Debugging) feature from WinDBG.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debβ¦
=====================
= Vulnerabilities =
=====================
βββ D-LINK Router: Schwachstelle ermΓΆglicht AusfΓΌhren von beliebigem Programmcode mit Administratorrechten βββ
---------------------------------------------
Betroffene Systeme: D-LINK Router DCS-935L, D-LINK Router DCS-960L
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in D-LINK Routern ausnutzen, um die Kontrolle ΓΌber das GerΓ€t zu ΓΌbernehmen.
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/01/warnβ¦
βββ VMSA-2020-0001 - VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability (CVE-2020-3940) βββ
---------------------------------------------
VMware Workspace ONE SDK and dependent mobile applications do not properly handle certificate verification failures if SSL Pinning has been enabled in the Workspace ONE UEM Console. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 6.8.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0001.html
βββ Security updates for Friday βββ
---------------------------------------------
Security updates have been issued by Debian (ldm and sa-exim), Mageia (firefox), openSUSE (chromium, firefox, and thunderbird), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, firefox, log4j, nodejs10, nodejs12, and openssl-1_0_0), and Ubuntu (firefox).
---------------------------------------------
https://lwn.net/Articles/809175/
βββ Mattermost security update 5.18.1 / 5.17.3 / 5.16.5 / 5.9.8 (ESR) released βββ
---------------------------------------------
We have released a recommended security update via Mattermost Team Edition 5.18.1, 5.17.3, 5.16.5, 5.9.8 (ESR) and Mattermost Enterprise Edition 5.18.1, 5.17.3, 5.16.5, 5.9.8 (ESR). This security update addresses a high level vulnerability discovered during a security research review by Juho Nurminen.
---------------------------------------------
https://mattermost.com/blog/mattermost-security-update-5-18-1-5-17-3-5-16-5β¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 08-01-2020 18:00 β Donnerstag 09-01-2020 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
βββ SNAKE Ransomware Is the Next Threat Targeting Business Networks βββ
---------------------------------------------
Since network administrators didnt already have enough on their plate, they now have to worry about a new ransomware called SNAKE that is targeting their networks and aiming to encrypt all of the devices connected to it [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/snake-ransomware-is-the-nextβ¦
βββ A tale of a lesser known NFS privesc βββ
---------------------------------------------
There are countless online examples of privilege escalation abusing bad NFS configuration. However they all rely on the same prerequisite: that you are able to mount the share from somewhere else. ... But it just so happens that there is another, lesser known local exploit.
---------------------------------------------
https://www.errno.fr/nfs_privesc
βββ What is the Linux Auditing System (aka AuditD)? βββ
---------------------------------------------
The Linux Auditing System is a native feature to the Linux kernel that collects certain types of system activity to facilitate incident investigation. ... Our goal is to present a neutral overview of the Linux Auditing System so anyone considering implementing it in their own organization knows what to consider before embarking on their quest and what challenges may lurk ahead.
---------------------------------------------
https://capsule8.com/blog/auditd-what-is-the-linux-auditing-system/
=====================
= Vulnerabilities =
=====================
βββ Schnell updaten: SicherheitslΓΌcke in Firefox wird aktiv ausgenutzt βββ
---------------------------------------------
Firefox hat mit Version 72.0.1 ein wichtiges Sicherheitsupdate herausgegeben. Geschlossen wird eine SicherheitslΓΌcke, die bereits aktiv ausgenutzt wird. Gemeldet wurde sie von einer chinesischen Sicherheitsfirma. (Firefox, Browser)
---------------------------------------------
https://www.golem.de/news/schnell-updaten-sicherheitsluecke-in-firefox-wirdβ¦
βββ What is Cable Haunt? βββ
---------------------------------------------
Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world. ... First, access to the vulnerable endpoint is gained through a client on the local network, such as a browser. Secondly the vulnerable endpoint is hit with a buffer overflow attack, which gives the attacker control of the modem. .. list of confirmed vulnerable modems: Sagemcom F@st 3890/3986, Technicolor TC7230, Netgear C6250EMR/CG3700EMR, COMPAL 7284E/7486E
---------------------------------------------
https://cablehaunt.com/
βββ Security updates for Thursday βββ
---------------------------------------------
Security updates have been issued by Debian (firefox-esr), Fedora (firefox), Oracle (kernel), Slackware (firefox and kernel), SUSE (apache2-mod_perl, git, java-1_7_0-ibm, java-1_7_1-ibm, log4j, mariadb, and nodejs8), and Ubuntu (gnutls28, graphicsmagick, and nss).
---------------------------------------------
https://lwn.net/Articles/809074/
βββ CVE-2020-6175 - Citrix SD-WAN Security Update βββ
---------------------------------------------
An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic. The vulnerability has been assigned the following CVE number. CVE-2020-6175 β Information Disclosure in Citrix SD-WAN Appliance 10.2.x before 10.2.6 and 11.0.x before 11.0.3
---------------------------------------------
https://support.citrix.com/article/CTX263526
βββ JSA10979 - 2020-01 Security Bulletin: Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon. (CVE-2020-1600) βββ
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10979&actp=RSS
βββ JSA10980 - 2020-01 Security Bulletin: Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash. (CVE-2020-1601) βββ
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10980&actp=RSS
βββ JSA10982 - 2020-01 Security Bulletin: Junos OS: Improper handling of specific IPv6 packets sent by clients may cause client devices IPv6 traffic to be black holed, and eventually kernel crash (vmcore) the device. (CVE-2020-1603) βββ
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10982&actp=RSS
βββ JSA10981 - 2020-01 Security Bulletin: Junos OS and Junos OS Evolved: Multiple vulnerabilities in JDHCPD allow for OS command injection and code execution of JDHCPD. βββ
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10981&actp=RSS
βββ JSA10983 - 2020-01 Security Bulletin: Junos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets (CVE-2020-1604) βββ
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10983&actp=RSS
βββ JSA10985 - 2020-01 Security Bulletin: Junos OS: Path traversal vulnerability in J-Web (CVE-2020-1606) βββ
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10985&actp=RSS
βββ JSA10986 - 2020-01 Security Bulletin: Junos OS: Cross-Site Scripting (XSS) in J-Web (CVE-2020-1607) βββ
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10986&actp=RSS
βββ JSA10987 - 2020-01 Security Bulletin: Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service (CVE-2020-1608) βββ
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10987&actp=RSS
βββ JSA10990 - 2020-01 Security Bulletin: SBR Carrier: Multiple Vulnerabilities in OpenSSL βββ
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10990&actp=RSS
βββ JSA10991 - 2020-01 Security Bulletin: SBR Carrier: Multiple Vulnerabilities in Net-SNMP βββ
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10991&actp=RSS
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 07-01-2020 18:00 β Mittwoch 08-01-2020 18:00
Handler: Robert Waldner
Co-Handler: Dimitri Robl
=====================
= News =
=====================
βββ Project Zero: Googles Bug-JΓ€ger wollen weniger schludrige Patches βββ
---------------------------------------------
Im laufenden Jahr wollen Googles Security-Bug-Forscher des Project Zero die Disclosure-Richtlinien Γ€ndern. Das soll betroffenen Unternehmen nicht nur Updates erleichtern, sondern vor allem die QualitΓ€t der Patches verbessern.
---------------------------------------------
https://www.golem.de/news/project-zero-googles-bug-jaeger-wollen-weniger-scβ¦
βββ The Basics of Packed Malware: Manually Unpacking UPX Executables βββ
---------------------------------------------
In this blog post, I want to discuss what packing is, the basics of why malware developers pack their samples and how they go about doing so. Since this is an introductory post, and I myself am still learning all this stuff, weβre going to be manually unpacking a UPX-packed binary, which is one of the simplest packers out there.
---------------------------------------------
https://kindredsec.com/2020/01/07/the-basics-of-packed-malware-manually-unpβ¦
βββ Tricky Phish Angles for Persistence, Not Passwords βββ
---------------------------------------------
The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victimβs email, files and contacts β even after the victim has changed their password.
---------------------------------------------
https://krebsonsecurity.com/2020/01/tricky-phish-angles-for-persistence-notβ¦
βββ SMS von TrackInfo zu gestopptem DHL-Paket fΓΌhrt in Abo-Falle βββ
---------------------------------------------
Zahlreiche LeserInnen wenden sich momentan an die Watchlist Internet, weil sie eine SMS von TrackInfo zu einem unzustellbaren Paket erhalten haben. Ein Link in der Nachricht fΓΌhrt auf eine gefΓ€lschte DHL-Website. Wegen zu hohen Gewichts mΓΌssten nun 2 Euro bezahlt werden. Achtung: Die Nachricht stammt von Kriminellen und soll EmpfΓ€ngerInnen in eine Abo-Falle locken!
---------------------------------------------
https://www.watchlist-internet.at/news/sms-von-trackinfo-zu-gestopptem-dhl-β¦
=====================
= Vulnerabilities =
=====================
βββ Interpeak IPnet TCP/IP Stack (Update D) βββ
---------------------------------------------
This updated medical advisory is a follow-up to the advisory update titled ICSMA-19-274-01 Interpeak IPnet TCP/IP Stack (Update C) published November 5, 2019, on the ICS webpage on us-cert.gov. This updated medical advisory contains mitigations for stack-based buffer overflow, heap-based buffer overflow, integer underflow, improper restriction of operations within the bounds of a memory buffer, race condition, argument injection, and null pointer dereference vulnerabilities in the Interpeak [...]
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-19-274-01
βββ PMASA-2020-1 βββ
---------------------------------------------
SQL injection in user accounts pageAffected VersionsphpMyAdmin 4.x versions prior to 4.9.4 are affected, at least as old as 4.0.0. phpMyAdmin 5.x version 5.0.0 is affected.CVE IDCVE-2020-5504
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2020-1/
βββ Security updates for Wednesday βββ
---------------------------------------------
Security updates have been issued by Arch Linux (firefox), Debian (python-django and wordpress), Fedora (dovecot), Mageia (opensc, radare2, and varnish), Red Hat (rh-java-common-apache-commons-beanutils), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, java-1_8_0-ibm, java-1_8_0-openjdk, libzypp, openssl-1_0_0, sysstat, and tomcat), and Ubuntu (clamav, linux-azure, and linux-lts-xenial, linux-aws).
---------------------------------------------
https://lwn.net/Articles/808975/
βββ Fortinet FortiSIEM 5.2.5 / 5.2.6 Hardcoded Key βββ
---------------------------------------------
https://cxsecurity.com/issue/WLB-2020010061
βββ Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Webex Video Mesh Node Command Injection Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Webex Centers Denial of Service Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Vision Dynamic Signage Director Authentication Bypass Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco UCS Director Information Disclosure Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Mobility Management Entity Denial of Service Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Identity Services Engine Authorization Bypass Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Finesse Cross-Site Scripting Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Unified Customer Voice Portal Insecure Direct Object Reference Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-β¦
βββ Security Advisory - Information Leak Vulnerability in Some Huawei Product βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-β¦
βββ Security Advisory - Improper Authentication Vulnerability in Several Smartphones βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-β¦
βββ Security Advisory - Improper Authentication Vulnerability in Several Smartphones βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-β¦
βββ January 6, 2020 TNS-2020-01 [R1] SimpleSAMLPHP Stand-alone Patch Available for Tenable.sc versions 5.9.x to 5.12.x βββ
---------------------------------------------
http://www.tenable.com/security/tns-2020-01-0
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 03-01-2020 18:00 β Dienstag 07-01-2020 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
βββ In eigener Sache: CERT.at sucht VerstΓ€rkung βββ
---------------------------------------------
FΓΌr ein internationales Projekt suchen wir eine/n erfahrene/n Pythonentwickler/in (Vollzeit) zum ehestmΓΆglichen Einstieg. Details finden sich auf unserer Jobs-Seite.
---------------------------------------------
https://cert.at/de/ueber-uns/jobs/
βββ Fake Windows 10 Desktop Used in New Police Browser Lock Scam βββ
---------------------------------------------
Scammers have taken an old browser scam and invigorated it using a clever and new tactic that takes advantage of your web browsers full-screen mode to show a fake Windows 10 desktop stating your computer is locked.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-windows-10-desktop-usedβ¦
βββ Android-Schadsoftware: Die Tricks mit der Google-SicherheitslΓΌcke βββ
---------------------------------------------
Sicherheitsforscher haben Schad-Apps im Play Store gefunden, die ΓΌber eine Google lange bekannte Android-SicherheitslΓΌcke und weitere Tricks Nutzer ausspionierten. Die im Oktober aktiv ausgenutzte LΓΌcke hatte Google eineinhalb Jahre vorher selbst entdeckt.
---------------------------------------------
https://www.golem.de/news/android-schadsoftware-die-tricks-mit-der-google-sβ¦
βββ A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability), (Tue, Jan 7th) βββ
---------------------------------------------
For the last week, I have been monitoring our honeypot logs for evidence of exploits taking advantage of CVE-2019-19781. Currently, I have not seen an actual "exploit" being used. But there is some evidence that people are scanning for vulnerable systems. Based on some of the errors made with these scans, I would not consider them "sophisticated." There is luckily still no public exploit I am aware of.
---------------------------------------------
https://isc.sans.edu/diary/rss/25686
βββ The Hidden Cost of Ransomware: Wholesale Password Theft βββ
---------------------------------------------
Moral of the story: Companies that experience a ransomware attack β or for that matter any type of equally invasive malware infestation β should assume that all credentials stored anywhere on the local network (including those saved inside Web browsers and password managers) are compromised and need to be changed.
---------------------------------------------
https://krebsonsecurity.com/2020/01/the-hidden-cost-of-ransomware-wholesaleβ¦
βββ Breaking PHPs mt_rand() with 2 values and no bruteforce βββ
---------------------------------------------
.. one of our researchers was adamant that it was possible to recover the Mersenne Twister seed using only two outputs of the mt_rand() function, and without any kind of bruteforce. Nevertheless, we were unable to find any information supporting this theory, and his notes on the matter were long lost. After crunching the numbers a little bit, and years after the PRNG-prediction circus, we proved him right.
---------------------------------------------
https://www.ambionics.io/blog/php-mt-rand-prediction
βββ SSH Client Auditing & Hardening βββ
---------------------------------------------
Its been known for years now that SSH servers can (and should) be hardened by removing weak default algorithms. For example, recent versions of OpenSSH ship with algorithms suspected suspected of being back-doored by the NSA (i.e.: ECDSA with the NIST P-curves), along with other algorithms with sub-128bit security levels. But did you know that client software can be hardened too?
---------------------------------------------
https://www.positronsecurity.com/blog/2020-01-07-ssh-client-auditing-and-haβ¦
βββ SSH Pentesting Guide βββ
---------------------------------------------
In this guide, I will:
* Quickly introduce the SSH protocol and implementations.
* Expose some common configuration mistakes then showcase some attacks on the protocol & implementations.
* Present some SSH pentesting & blue team tools.
* Give a standard reference for security guidelines
---------------------------------------------
https://community.turgensec.com/ssh-hacking-guide/
βββ First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust [PDF] βββ
---------------------------------------------
In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1..
---------------------------------------------
https://eprint.iacr.org/2020/014.pdf
βββ Jetzt patchen! Ransomware-Attacken auf VPN-Server mit Pulse Connect Secure βββ
---------------------------------------------
Erneut nehmen Angreifer VPN-Server mit Pulse Connect Secure ins Visier und nutzen eine kritische SicherheitslΓΌcke aus. Ein Patch ist schon lΓ€nger verfΓΌgbar.
---------------------------------------------
https://heise.de/-4629452
βββ Versteckte Kosten bei Γbernachtungsgutscheinen von Geoplus βββ
---------------------------------------------
Wie zahlreiche InternetnutzerInnen erhalten Sie womΓΆglich E-Mails von Geoplus, in denen Sie zur Teilnahme an einer europΓ€ischen Studie eingeladen werden. DafΓΌr verspricht man Ihnen einen Gutschein fΓΌr bis zu fΓΌnf kostenlose Γbernachtungen in ΓΌber 500 Hotels in 14 LΓ€ndern. Achtung: Von βkostenlosβ kann nicht die Rede sein, denn beim EinlΓΆsen der Gutscheine mΓΌssen Sie Zahlung von PflichtverpflegungssΓ€tzen leisten.
---------------------------------------------
https://www.watchlist-internet.at/news/versteckte-kosten-bei-uebernachtungsβ¦
βββ What is the random oracle model and why should you care? (Part 5) βββ
---------------------------------------------
This is part five of a series on the Random Oracle Model. See here for the previous posts: Part 1: An introduction Part 2: The ROM formalized, a scheme and a proof sketch Part 3: How we abuse the ROM to make our security proofs work Part 4: Some more examples of where the ROM β¦ Continue reading What is the random oracle model and why should you care? (Part 5) β
---------------------------------------------
https://blog.cryptographyengineering.com/2020/01/05/what-is-the-random-oracβ¦
βββ Half of the websites using WebAssembly use it for malicious purposes βββ
---------------------------------------------
In an academic research project that was carried out last year, four researchers from the Technical University in Braunschweig, Germany, looked at WebAssembly's use on the Alexa Top 1 Million popular sites on the internet, in an attempt to gauge the popularity of this new technology.
---------------------------------------------
https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-itβ¦
=====================
= Vulnerabilities =
=====================
βββ Android Security BulletinβJanuary 2020 βββ
---------------------------------------------
The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
---------------------------------------------
https://source.android.com/security/bulletin/2020-01-01.html
βββ Security updates for Friday βββ
---------------------------------------------
Security updates have been issued by Debian (netty) and Fedora (libssh, nethack, php, samba, and xen).
---------------------------------------------
https://lwn.net/Articles/808621/
βββ Security updates for Monday βββ
---------------------------------------------
Security updates have been issued by Fedora (chromium, cyrus-imapd, drupal7-l10n_update, drupal7-webform, htmldoc, nethack, php, and singularity), Mageia (advancecomp, apache-commons-compress-, cyrus-imapd, cyrus-sasl, dia, freeimage, freeradius, igraph, jhead, jss, libdwarf, libextractor, libxml2, mediawiki, memcached, mozjs60, openconnect, openssl, putty, python-ecdsa, python-werkzeug, shadowsocks-libev, and upx), Oracle (container-tools:1.0 and container-tools:ol8), and Red Hat
---------------------------------------------
https://lwn.net/Articles/808803/
βββ Security updates for Tuesday βββ
---------------------------------------------
Security updates have been issued by Debian (nss and pillow), Red Hat (java-1.8.0-ibm and kernel), Slackware (firefox), SUSE (virglrenderer), and Ubuntu (linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-kvm, linux-oracle, linux-raspi2, and linux-snapdragon).
---------------------------------------------
https://lwn.net/Articles/808881/
βββ Security Vulnerabilities fixed in Firefox 72 βββ
---------------------------------------------
Severity: high
CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
CVE-2019-17017: Type Confusion in XPCVariant.cpp
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/
βββ Security Bulletin: Multiple Vulnerabilities in Liberty affect IBM WIoTP MessageGateway βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-β¦
βββ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-β¦
βββ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-β¦
βββ Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manβ¦
βββ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Check Services for Multi-Platform βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-β¦
βββ Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manβ¦
βββ Security Bulletin: Security Vulnerabilties have been addressed in IBM Cognos Analytics βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilties-hβ¦
βββ Security Bulletin: Information Exposure vulnerability found on IBM Security Secret Server (CVE-2019-4634) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-exposure-vulnβ¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 02-01-2020 18:00 β Freitag 03-01-2020 18:00
Handler: Robert Waldner
Co-Handler: Dimitri Robl
=====================
= News =
=====================
βββ Promiscuous Cookies and Their Impending Death via the SameSite Policy βββ
---------------------------------------------
Cookies like to get around. They have no scruples about where they go save for some basic constraints relating to the origin from which they were set. I mean have a think about it:If a website sets a cookie then you click a link to another page on that [...]
---------------------------------------------
https://www.troyhunt.com/promiscuous-cookies-and-their-impending-death-via-β¦
βββ GefΓ€lschte E-Mail zu Amazon-Bestellung βββ
---------------------------------------------
Kriminelle versenden derzeit E-Mails zu einer angeblichen Amazon-Bestellung. In der Mail wird darauf hingewiesen, dass eine Bestellung von einem bisher nicht benutzten GerΓ€t aus getΓ€tigt wurde. Im Anhang findet man ein PDF mit Infos zur angeblichen Bestellung und der MΓΆglichkeit, die Bestellung zu stornieren. Wer das tut, gibt seine Amazon-Zugangsdaten an Kriminelle weiter!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-e-mail-zu-amazon-bestellβ¦
=====================
= Vulnerabilities =
=====================
βββ Workaround verfΓΌgbar: Kritische LΓΌcke in Citrix ADC und Gateway βββ
---------------------------------------------
Angreifer kΓΆnnten Systeme mit Citrix ADC und Gateway attackieren und Schadcode ausfΓΌhren. Patches sind bislang nicht erschienen.
---------------------------------------------
https://heise.de/-4627525
βββ Vulnerability Spotlight: Two buffer overflow vulnerabilities in OpenCV βββ
---------------------------------------------
Cisco Talos recently discovered two buffer overflow vulnerabilities in the OpenCV libraries. An attacker could potentially exploit these bugs to cause heap corruptions and potentially code execution. Intel Research originally developed OpenCV in 1999, but it is currently maintained by the non-profit organization OpenCV.org. OpenCV is used for numerous applications, including facial recognition technology, robotics, motion tracking [...]
---------------------------------------------
https://blog.talosintelligence.com/2020/01/opencv-buffer-overflow-jan-2020.β¦
βββ WooCommerce Conversion Tracking < 2.0.6 - CSRF to XSS βββ
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10001
βββ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private β OpenSSL (CVE-2019-1563, CVE-2019-1549, CVE-2019-1547) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-β¦
βββ Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVE-ID: CVE-2019-11244) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnβ¦
βββ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Tivoli Storage Manager FastBack (CVE-2019-2816) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-jaβ¦
βββ Security Bulletin: Vulnerabities in SSL in IBM DataPower Gateway βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabities-in-ssl-in-iβ¦
βββ Security Bulletin: IBM DataPower Gateway is potentially vulnerable to two cryptographic side-channel vulnerabilities in SSL. βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-is-β¦
βββ Security Bulletin: Potential side-channel cryptographic vulnerabilities in IBM DataPower Gateway βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-side-channel-crβ¦
βββ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Cloud Foundry β Python (CVE-2019-9947, CVE-2019-9948) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-β¦
βββ Security Bulletin: Potential disclosure of information in IBM DataPower Gateway (CVE-2018-14348) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-disclosure-of-iβ¦
βββ D-LINK Router: Schwachstelle ermΓΆglicht Offenlegung von Informationen βββ
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0002
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 30-12-2019 18:00 β Donnerstag 02-01-2020 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
βββ Ransomware in Node.js, (Thu, Jan 2nd) βββ
---------------------------------------------
Here is a sample that I spotted two days ago. Its an interesting one because its a malware that implements ransomware features developed in Node.js! The stage one is not obfuscated and I suspect the script to be a prototype or a test...
---------------------------------------------
https://isc.sans.edu/diary/rss/25664
βββ The Anatomy of Website Malware Part 2: Credit Card Stealers βββ
---------------------------------------------
One of the biggest malicious trends in the last few months and years are credit card stealers β also commonly referred to as credit card skimmers or cc stealers . In the second part of this Website Malware Anatomy series, Iβm going to deconstruct several skimmers and show you what they look like, where they are hiding, and how they work.
---------------------------------------------
https://blog.sucuri.net/2019/12/the-anatomy-of-website-malware-part-2-crediβ¦
βββ Kaufen Sie keine Welpen auf realpuppieshome.com βββ
---------------------------------------------
Auf realpuppieshome.com werden Ihnen zahlreiche entzΓΌckende Zuchtwelpen angezeigt und zur Adoption angeboten. Die aufwendig gestaltete Website tΓ€uscht dabei ein seriΓΆses Angebot vor. Doch nehmen Sie sich in Acht: Hier erhalten Sie das gewΓΌnschte Hundejunge nie. Stattdessen verlieren Sie Ihr Geld an Kriminelle.
---------------------------------------------
https://www.watchlist-internet.at/news/kaufen-sie-keine-welpen-auf-realpuppβ¦
=====================
= Vulnerabilities =
=====================
βββ December 30, 2019 TNS-2019-09 [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities βββ
---------------------------------------------
Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues in Tenable.sc.
---------------------------------------------
http://www.tenable.com/security/tns-2019-09
βββ Security updates for Tuesday βββ
---------------------------------------------
Security updates have been issued by Debian (intel-microcode and libbsd), openSUSE (chromium, LibreOffice, and spectre-meltdown-checker), and SUSE (mozilla-nspr, mozilla-nss and python-azure-agent).
---------------------------------------------
https://lwn.net/Articles/808319/
βββ Security updates for Wednesday βββ
---------------------------------------------
Security updates have been issued by Debian (igraph, jhead, libgcrypt20, otrs2, and waitress) and Mageia (clamaw, exiv2, filezilla, hunspell, libidn2, pdfresurrect, roundcubemail, and xpdf).
---------------------------------------------
https://lwn.net/Articles/808395/
βββ Security updates for Thursday βββ
---------------------------------------------
Security updates have been issued by Red Hat (chromium-browser and rh-git218-git) and SUSE (java-1_8_0-ibm and openssl-1_1).
---------------------------------------------
https://lwn.net/Articles/808488/
βββ Cisco Data Center Network Manager Authentication Bypass Vulnerabilities βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Data Center Network Manager XML External Entity Read Access Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Data Center Network Manager SQL Injection Vulnerabilities βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Data Center Network Manager Path Traversal Vulnerabilities βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Data Center Network Manager Command Injection Vulnerabilities βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Security Advisory - Missing Integrity Checking Vulnerability on Some Huawei Products βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191225-β¦
βββ Security Advisory - Information Leak Vulnerability in Some Huawei Products βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191030-β¦
βββ Security Advisory - Improper Credentials Management Vulnerability in Some Products βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200102-β¦
βββ Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200102-β¦
βββ Security Advisory - Denial of Service Vulnerability in Several Smartphones βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200102-β¦
βββ Security Advisory - Buffer Error Vulnerability in Some Huawei Products βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200102-β¦
βββ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-β¦
βββ Security Bulletin: A Security Vulnerability affects IBM Cloud Private β Swagger UI (CVE-2019-17495) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-β¦
βββ Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kubernetes (CVE-2019-11245) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-β¦
βββ Security Bulletin: IBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnβ¦
βββ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2014-3603) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnβ¦
βββ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-12402) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnβ¦
βββ Security Bulletin: A Security Vulnerability affects Cloud Foundry for IBM Cloud Private (CVE-2019-16935) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-β¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily