Daily

daily@lists.cert.at

1 participants
3087 discussions

Tageszusammenfassung - 28.05.2019
by Daily end-of-shift report 28 May '19

28 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 27-05-2019 18:00 − Dienstag 28-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ DNSSEC-Chain: DANE für Browser ist praktisch tot ∗∗∗ --------------------------------------------- Eine TLS-Erweiterung sollte die Nutzung von DANE und DNSSEC im Browser erleichtern und die Validierung beschleunigen. Der Vorschlag wird nun aber offenbar nicht weiter verfolgt. --------------------------------------------- https://www.golem.de/news/dnssec-chain-dane-fuer-browser-ist-praktisch-tot-… ∗∗∗ Google-protected mobile browsers were open to phishing for over a year ∗∗∗ --------------------------------------------- Researchers revealed a massive hole in Google Safe Browsings mobile browser protection that existed for over a year. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/28/google-protected-mobile-browser… ∗∗∗ Return to the City of Cron – Malware Infections on Joomla and WordPress ∗∗∗ --------------------------------------------- We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created by a cron that was scheduled to download malware from a third party domain. --------------------------------------------- https://blog.sucuri.net/2019/05/return-to-the-city-of-cron-malware-infectio… ∗∗∗ W3C und WHATWG erarbeiten künftig gemeinsam die HTML-Spezifikation ∗∗∗ --------------------------------------------- Das World Wide Web Consortium und die Arbeitsgruppe WHATWG bündeln ihre Bemühungen zur Standardisierung der Webtechniken. --------------------------------------------- https://heise.de/-4433970 ∗∗∗ Bitcoin-Erpressungsversuch gegen Unternehmen und Website-Betreiber/innen ∗∗∗ --------------------------------------------- Unternehmen und Website-Betreiber/innen erhalten momentan erpresserische Nachrichten per E-Mail, in Kommentarfunktionen oder in Chats. Kriminelle drohen damit, Millionen von Spam-Nachrichten im Namen der Betroffenen zu verschicken, wenn nicht binnen kurzer Zeit ein hoher Geldbetrag in Bitcoin bezahlt wird. Wir gehen von leeren Drohungen aus, raten aber dennoch zu einer Anzeige wegen Erpressung. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressungsversuch-gegen-unt… ∗∗∗ Emissary Panda Attacks Middle East Government Sharepoint Servers ∗∗∗ --------------------------------------------- Our latest research shows attacks against Middle East government Sharepoint servers using a newly patched vulnerability. --------------------------------------------- https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-gove… ===================== = Vulnerabilities = ===================== ∗∗∗ SAP UI5 1.0.0 is vulnerable to Content Spoofing in multiples parameters ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2019050283 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox and thunderbird), Debian (sox and vcftools), Fedora (safelease and sharpziplib), openSUSE (chromium, evolution, graphviz, nmap, systemd, transfig, and ucode-intel), Red Hat (pacemaker), SUSE (curl, libvirt, openssl, php7, php72, and systemd), and Ubuntu (gnome-desktop3, keepalived, and samba). --------------------------------------------- https://lwn.net/Articles/789595/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.05.2019
by Daily end-of-shift report 27 May '19

27 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-05-2019 18:00 − Montag 27-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Joomla and WordPress Found Harboring Malicious Redirect Code ∗∗∗ --------------------------------------------- New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites. --------------------------------------------- https://threatpost.com/joomla-and-wordpress-malicious-redirect-code/145068/ ∗∗∗ Serious Security: Don’t let your SQL server attack you with ransomware ∗∗∗ --------------------------------------------- Tales from the honeypot: this time a MySQL-based attack. Old tricks still work, because were still making old mistakes - heres what to do. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/25/serious-security-dont-let-your-… ∗∗∗ Alles Fake: sendlein.net, reipel.net, kleimer.net und lieberg24.com ∗∗∗ --------------------------------------------- Die verlockenden Technik-Angebote bei sendlein.net, reipel.net, kleimer.net oder lieberg24.com sind leider zu schön, um wahr zu sein! Es handelt sich um betrügerische Shops, die nicht liefern. Sie verlieren Ihr Geld und geben Kreditkartendaten preis, die für Online-Einkäufe verwendet werden könnten! --------------------------------------------- https://www.watchlist-internet.at/news/alles-fake-sendleinnet-reipelnet-kle… ∗∗∗ Intense scanning activity detected for BlueKeep RDP flaw ∗∗∗ --------------------------------------------- A threat actor hidden behind Tor nodes is scanning for Windows systems vulnerable to BlueKeep flaw. --------------------------------------------- https://www.zdnet.com/article/intense-scanning-activity-detected-for-blueke… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin - May 2019 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. ... This advisory is in response to the Android Security Bulletin (May) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ New unpatched macOS Gatekeeper Bypass Published Online ∗∗∗ --------------------------------------------- Details have been released for an unpatched vulnerability in macOS 10.14.5 (Mojave) and below that allows a hacker to execute arbitrary code without user interaction. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-unpatched-macos-gatekeep… ∗∗∗ Fortinet schließt mehrere Sicherheitslücken in FortiOS und Co. ∗∗∗ --------------------------------------------- Das SSL-VPN-Webportal von FortiOS war über mehrere Wege angreifbar – aus der Ferne und teils ohne Authentifizierung. Der Hersteller rät zum Update. --------------------------------------------- https://heise.de/-4432813 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, jackson-databind, minissdpd, php5, thunderbird, wireshark, and wpa), Fedora (curl, drupal7, firefox, kernel, libmediainfo, mediaconch, mediainfo, mod_http2, mupdf, rust, and singularity), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork), Oracle (firefox and libvirt), Scientific Linux (firefox and libvirt), and SUSE (bluez, curl, gnutls, java-1_7_1-ibm, libu2f-host, libvirt, python3, screen, and xen). --------------------------------------------- https://lwn.net/Articles/789523/ ∗∗∗ SSA-932041: Vulnerability in Radiography and Mobile X-ray Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-932041.txt ∗∗∗ SSA-832947: Vulnerability in Laboratory Diagnostics Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-832947.txt ∗∗∗ SSA-433987: Vulnerability in Radiation Oncology Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-433987.txt ∗∗∗ SSA-406175: Vulnerability in Siemens Healthineers Software Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-406175.txt ∗∗∗ SSA-166360: Vulnerability in Advanced Therapy Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-166360.txt ∗∗∗ SSA-616199: Vulnerability in Point of Care Diagnostics Products from Siemens Healthineers - Blood Gas ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-616199.txt ∗∗∗ IBM Security Bulletin: IBM QRadar WinCollect Agent Does Not Verify TLS Syslog Certificate (CVE-2019-4264) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-wincollect… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder shipped with Jazz Reporting Service (CVE-2019-4184) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ GNU Binutils vulnerability CVE-2019-9070 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13534168 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.05.2019
by Daily end-of-shift report 24 May '19

24 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-05-2019 18:00 − Freitag 24-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Hacker veröffentlicht vier Windows-0-Day-Lücken innerhalb weniger Tage ∗∗∗ --------------------------------------------- Als "SandboxEscaper" und "Polar Bear" hat ein Hacker insgesamt vier bislang ungepatchte Windows-Lücken veröffentlicht. Grund zur Panik besteht aber nicht. --------------------------------------------- https://heise.de/-4430811 ∗∗∗ CEO Fraud goes WhatsApp ∗∗∗ --------------------------------------------- Uns wurde in den letzten Tagen von zwei Firmen berichtet, dass sie Ziel von CEO Fraud Versuchen waren, wobei der Kontakt per WhatsApp Nachricht erfolgte. Wir kannten das Schema bisher eigentlich nur per Email: Der "Geschäftsführer" verlangt per Mail die Hilfe bei einer wichtigen, aber vertraulichen Überweisung. Details siehe Wikipedia. Daher: bitte hier nicht nur an Email denken. --------------------------------------------- http://www.cert.at/services/blog/20190524171920-2476.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (zookeeper), Fedora (kernel, singularity, and thunderbird), openSUSE (java-1_8_0-openjdk), Oracle (curl), Red Hat (firefox, libvirt, and virt:rhel), SUSE (php5, python-Jinja2, python-Pillow, and sysstat), and Ubuntu (MariaDB). --------------------------------------------- https://lwn.net/Articles/789353/ ∗∗∗ Vuln: Atlassian Bitbucket Server CVE-2019-3397 Directory Traversal Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108447 ∗∗∗ IBM Security Bulletin: A security vulnerability has been addressed in IBM Cognos Analytics (CVE-2019-4139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Cross-site scripting and failure to enforce HTTP Strict Transport Security vulnerabilities in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4137, CVE-2019-4138) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-2426, CVE-2018-12547, CVE-2018-1890) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-guardium-stealthbits-… ∗∗∗ IBM Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability… ∗∗∗ IBM Security Bulletin: security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Potential Spoofing vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1902) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-spoofing-vu… ∗∗∗ Binutils vulnerability CVE-2019-9075 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42059040 ∗∗∗ Binutils vulnerability CVE-2019-9074 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K09092524 ∗∗∗ GNU Binutils vulnerability CVE-2019-9077 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00056379 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.05.2019
by Daily end-of-shift report 23 May '19

23 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-05-2019 18:00 − Donnerstag 23-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day ∗∗∗ --------------------------------------------- SandboxEscaper held true to that promise, on Thursday releasing on GitHub the proof-of-concepts (PoCs) for another three Windows LPE flaws, and a sandbox-escape zero-day vulnerability impacting Internet Explorer 11. One of them however turns out to already be patched. ... Though SandboxEscaper released PoC demos for these last three flaws, researchers have not yet confirmed their validity. --------------------------------------------- https://threatpost.com/sandboxescaper-more-exploits-ie-zero-day/145010/ ∗∗∗ IT threat evolution Q1 2019 ∗∗∗ --------------------------------------------- Zebrocy and GreyEnergy, four zero-day vulnerabilities in Windows, attacks on cryptocurrency exchanges, a very old bug in WinRAR, attacks on smart devices and other events of the first quarter of 2019. --------------------------------------------- https://securelist.com/it-threat-evolution-q1-2019/90978/ ∗∗∗ Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903 ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1903 (a.k.a., “19H1”), and for Windows Server version 1903. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2019/05/23/security-baseline-f… ∗∗∗ New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices ∗∗∗ --------------------------------------------- We discovered a new variant of Mirai that uses a total of 13 different exploits, almost all of which have been used in previous Mirai-related attacks. Typical of Mirai variants, it has backdoor and distributed denial-of-service (DDoS) capabilities. However, this case stands out as the first to have used all 13 exploits together in a single campaign --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-varia… ∗∗∗ Jeder dritte RDP-Server Österreichs auf „BlueKeep“ anfällig ∗∗∗ --------------------------------------------- In einem überraschenden Schritt hat Microsoft vergangene Woche eine kritische Schwachstelle in den eigentlich nicht mehr unterstützten Betriebssystemen Windows XP und Server 2003 behoben. Die Remote Code Execution „BlueKeep“ (CVE-2019-0708) in der Fernwartungsfunktion Remote Desktop Service (RDP) ist für entfernte Angreifer direkt ausnutzbar und wird als kritisch eingestuft. --------------------------------------------- https://www.offensity.com/de/blog/jeder-dritte-rdp-server-oesterreichs-auf-… ∗∗∗ GetCrypt Ransomware Brute Forces Credentials, Decryptor Released ∗∗∗ --------------------------------------------- A new ransomware called GetCrypt is being installed through malvertising campaigns that redirect victims to the RIG exploit kit. ... If you were infected with the GetCrypt Ransomware, it is possible to get your files back for free. All you need is a original unencrypted copy of a file that has been encrypted. --------------------------------------------- https://www.bleepingcomputer.com/news/security/getcrypt-ransomware-brute-fo… ∗∗∗ iX 6/2019: Follow-Up zu den Sicherheitsproblemen in Office 365 ∗∗∗ --------------------------------------------- Auf die von der iX aufgedeckten Sicherheitsproblemen in Office 365 reagierte Microsoft nun – zufriedenstellen konnten die Antworten aber nicht. --------------------------------------------- https://heise.de/-4429020 ∗∗∗ Apple behebt Firmwareproblem bei T2-Sicherheitschip ∗∗∗ --------------------------------------------- Der Konzern hat ein Zusatzupdate für macOS 10.14.5 freigegeben, das bestimmte MacBook-Pro-Modelle betrifft. Details sind noch rar. --------------------------------------------- https://heise.de/-4429365 ∗∗∗ Undurchsichtige Angebote auf retinollift.com und hyaluronicone.com ∗∗∗ --------------------------------------------- Auf retinollift.com und hyaluronicone.com werden diverse Beautyprodukte angeboten und auch ein besonderes Tagesangebot als „Today’s Special“ beworben. Dieses Spezialangebot enthält eine vermeintlich kostenlose Probe, lediglich der Versand muss per Kreditkarte bezahlt werden. Kurz darauf kommt es aber zu weiteren Abbuchungen, denen die verärgerten Konsument/innen nie bewusst zugestimmt haben. --------------------------------------------- https://www.watchlist-internet.at/news/undurchsichtige-angebote-auf-retinol… ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress plugin "WP Open Graph" vulnerable to cross-site request forgery ∗∗∗ --------------------------------------------- Description: WordPress plugin "WP Open Graph" provided by Custom4Web contains a cross-site request forgery vulnerability (CWE-352). Impact: If a user views a malicious page while logged in, unintended operations may be performed. --------------------------------------------- https://jvn.jp/en/jp/JVN33652328/ ∗∗∗ Vuln: Apache Camel CVE-2019-0188 XML External Entity Injection Vulnerability ∗∗∗ --------------------------------------------- Apache Camel is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks. --------------------------------------------- http://www.securityfocus.com/bid/108422 ∗∗∗ Vuln: QEMU CVE-2019-12247 Integer Overflow Vulnerability ∗∗∗ --------------------------------------------- Attackers can exploit this issue to crash the QEMU instance, resulting in a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. --------------------------------------------- http://www.securityfocus.com/bid/108434 ∗∗∗ WD My Cloud RCE ∗∗∗ --------------------------------------------- In this post I’ll explain how I discoverd several vulnerabilities in Western Digital NAS devices and used them together to execute code remotely, as root. To take control of the NAS an attacker needs to be in the same network and know its IP address. --------------------------------------------- https://bnbdr.github.io/posts/wd/ ∗∗∗ DoS Vulnerability in RTSP Module of Huawei Smart Phones ∗∗∗ --------------------------------------------- There is a DoS vulnerability in RTSP module of some Huawei smart phones. Remote attacker could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. ... CVE-2019-5284. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190523-… ∗∗∗ Tcl code injection security exposure ∗∗∗ --------------------------------------------- Certain coding practices may allow an attacker to inject arbitrary Tool Command Language (Tcl) commands, which could be executed in the security context of the target Tcl script. --------------------------------------------- https://support.f5.com/csp/article/K15650046 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ffmpeg and firefox-esr), openSUSE (bzip2, chromium, and GraphicsMagick), Slackware (curl), SUSE (ucode-intel), and Ubuntu (curl and intel-microcode). --------------------------------------------- https://lwn.net/Articles/789224/ ∗∗∗ Synology-SA-19:25 Virtual Machine Manager ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to bypass security constraints via a susceptible version of Virtual Machine Manager. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_25 ∗∗∗ cURL: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0444 ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is potentially impacted by a weak cipher (CVE-2019-4256) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache ActiveMQ Affects IBM Control Center (CVE-2019-0222) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.05.2019
by Daily end-of-shift report 22 May '19

22 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-05-2019 18:00 − Mittwoch 22-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Zero-Day Exploit [Local Privilege Escalation, Anm.] for Bug in Windows 10 Task Scheduler ∗∗∗ --------------------------------------------- Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsofts monthly cycle of security updates. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-bug… ∗∗∗ Forthcoming OpenSSL Releases ∗∗∗ --------------------------------------------- These releases will be made available on 28th May 2019 between approximately 1200-1600 UTC. OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not address any CVEs. OpenSSL 1.1.1c is a bug-fix release (and contains the equivalent security hardening fixes as for 1.1.0k and 1.0.2s where relevant). --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2019-May/000150.html ∗∗∗ Sophisticated Spear Phishing Campaigns using Homograph Attacks ∗∗∗ --------------------------------------------- Over the last few months we did some research on how to create phishing emails which are good enough to fool even security professionals. Therefore, we were looking into quite an old topic: Punycode domains and IDN homograph attacks. --------------------------------------------- https://www.offensity.com/en/newsroom/sophisticated-spear-phishing-campaign… ∗∗∗ Gefälschte Gewinn-SMS im Namen der Post führt in Abo-Falle ∗∗∗ --------------------------------------------- Konsument/innen erhalten eine gefälschte SMS-Nachricht im Namen der Post AG aufgrund einer angeblichen Gewinnspielteilnahme zugesandt. Wer dem Link folgt, an einer kurzen Umfrage teilnimmt und einen Gewinn auswählt, tappt in eine Abo-Falle. Es bleibt nämlich nicht bei der einmaligen Zahlung von 2 Euro für Adidas Schuhe, die nie geliefert werden, sondern es folgen laufend weitere Abbuchungen durch die ILS Company ApS. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-gewinn-sms-im-namen-der-… ===================== = Vulnerabilities = ===================== ∗∗∗ Mozilla Firefox und Thunderbird: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Es bestehen mehrere Schwachstellen in Mozilla Thunderbird, Mozilla Firefox und Mozilla Firefox ESR. Ein Angreifer kann dies ausnutzen, um den Browser zum Absturz zu bringen, um Daten zu manipulieren, um Sicherheitsmechanismen zu umgehen, um vertrauliche Daten einzusehen oder schädlichen Programmcode auszuführen. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/05/warn… ∗∗∗ DoS Vulnerability in Huawei S Series Switch Products ∗∗∗ --------------------------------------------- Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. ... CVE-2019-5285. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ruby and wget), Debian (proftpd-dfsg), Fedora (firefox, mupdf, nss, and wavpack), openSUSE (evolution, GraphicsMagick, graphviz, libxslt, openssl-1_0_0, ovmf, and sqlite3), Red Hat (dotnet, python27-python and python27-python-jinja2, and rh-mariadb102-mariadb and rh-mariadb102-galera), Slackware (mozilla), SUSE (gnutls, java-1_7_1-ibm, and java-1_8_0-ibm), and Ubuntu (curl, firefox, php5, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/789132/ ∗∗∗ Computrols CBAS Web ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-141-01 ∗∗∗ Mitsubishi Electric MELSEC-Q Series Ethernet Module ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-141-02 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM License Key Server Administration and Reporting Tool and Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack due to incorrect permissions on MQ directories. (CVE-2019-4078) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-… ∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a denial of service attack within the error logging function (CVE-2019-4039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.05.2019
by Daily end-of-shift report 21 May '19

21 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 20-05-2019 18:00 − Dienstag 21-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ DDoS attacks in Q1 2019 ∗∗∗ --------------------------------------------- Q1 2019 held no particular surprises, save for countries such as Saudi Arabia, the Netherlands, and Romania maintaining a high level of DDoS activity. --------------------------------------------- https://securelist.com/ddos-report-q1-2019/90792/ ∗∗∗ Jetzt patchen! Exploit-Code für RDP-Lücke BlueKeep in Windows gesichtet ∗∗∗ --------------------------------------------- Wer ältere Windows-Versionen als 10 und 8.1 nutzt, sollte aufgrund von möglichen Angriffen spätestens jetzt die aktuellen Sicherheitsupdates installieren. --------------------------------------------- https://heise.de/-4427183 ∗∗∗ Zweite Ausgabe des Deutsch-Französischen IT-Sicherheitslagebilds erschienen ∗∗∗ --------------------------------------------- Darin tragen das Bundesamt für Sicherheit in der Informationstechnik (BSI) und die französische Agence nationale de la sécurité des systèmes d'information (ANSSI) nationale Erkenntnisse und Erfahrungen zu zwei aktuellen Themen vergleichend zusammen und bereiten diese für die allgemeine Öffentlichkeit auf. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/D-F-IT-Sich… ∗∗∗ So schützen Sie sich vor Abo-Fallen im Internet ∗∗∗ --------------------------------------------- Gleich vorweg sei gesagt: Auch im Internet hat niemand etwas zu verschenken! Seien Sie daher skeptisch bei schier unglaublichen Gratisangeboten oder Gewinnversprechen in E-Mails und SMS, auf Social Media, auf Websites oder in Online-Werbung. Kriminelle nutzen diese häufig, um Konsument/innen in eine Abo-Falle zu locken. --------------------------------------------- https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-abo-fallen… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: systemd CVE-2018-20839 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- systemd is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. systemd 242 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/108389 ∗∗∗ Linux Privilege Escalation via LXD & Hijacked UNIX Socket Credentials ∗∗∗ --------------------------------------------- Linux systems running LXD are vulnerable to privilege escalation via multiple attack paths, two of which are published in my “lxd_root” GitHub repository. This blog will go into the details of what I think is a very interesting path - abusing relayed UNIX socket credentials to speak directly to systemd’s private interface. --------------------------------------------- https://shenaniganslabs.io/2019/05/21/LXD-LPE.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7 and jackson-databind), Fedora (checkstyle and gradle), openSUSE (qemu and xen), SUSE (ffmpeg, kvm, and ucode-intel), and Ubuntu (libraw and python-urllib3). --------------------------------------------- https://lwn.net/Articles/789017/ ∗∗∗ IBM Addresses Reported Intel Security Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-addresses-reported-intel-security-vulne… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Web Experience Factory ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.05.2019
by Daily end-of-shift report 20 May '19

20 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-05-2019 18:00 − Montag 20-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Linksys-Router leaken offenbar alle verbundenen Geräte ∗∗∗ --------------------------------------------- Linksys will die Sicherheitslücke bereits 2014 geschlossen haben, doch laut dem Sicherheitsforscher Troy Mursch leaken die Router weiterhin die Daten aller jemals verbundenen Geräte. (Router-Lücke, Netzwerk) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-linksys-router-leaken-offenbar-… ∗∗∗ ENISA is setting the ground for Industry 4.0 Cybersecurity ∗∗∗ --------------------------------------------- The EU Agency for Cybersecurity ENISA is stepping up its efforts to foster cybersecurity for Industry 4.0 by publishing a new paper on ‘Challenges and Recommendations for Industry 4.0 Cybersecurity’ . --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-is-setting-the-ground-for… ∗∗∗ Security researchers discover Linux version of Winnti malware ∗∗∗ --------------------------------------------- Winnti Linux variant used in 2015 in the hack of a Vietnamese gaming company. --------------------------------------------- https://www.zdnet.com/article/security-researchers-discover-linux-version-o… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cups-filters, dhcpcd5, faad2, ghostscript, graphicsmagick, jruby, lemonldap-ng, and libspring-security-2.0-java), Fedora (gnome-desktop3, java-1.8.0-openjdk-aarch32, libu2f-host, samba, sqlite, webkit2gtk3, xen, and ytnef), Mageia (docker, flash-player-plugin, freeradius, libsndfile, libxslt, mariadb, netpbm, python-jinja2, tomcat-native, and virtualbox), openSUSE (kernel and ucode-intel), and SUSE (kernel, kvm, libvirt, nmap, and transfig). --------------------------------------------- https://lwn.net/Articles/788911/ ∗∗∗ MIELE Multiple Vulnerabilities in XGW 3000 ZigBee Gateway ∗∗∗ --------------------------------------------- Miele XGW 3000 is prone to mutiple vulerabilities in version <= 2.3.4 (1.4.6) --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-010 ∗∗∗ IBM Security Bulletin: Vulnerabiliies in ghostscript affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-gho… ∗∗∗ IBM Security Bulletin: A vulnerability in OpenSSL affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-op… ∗∗∗ IBM Security Bulletin: A vulnerability in Corosync affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-co… ∗∗∗ IBM Security Bulletin: A vulnerability in Docker affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-do… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by a security degradation vulnerability in Kubernetes (CVE-2019-9946) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V5 is impacted by information disclosure (CVE-2018-1991) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-imp… ∗∗∗ HPESBST03928 rev.1 - Command View Advanced Edition (CVAE) Products using JDK, Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03917 rev.1 - HPE Integrated Lights-Out 4 (iLO 4) for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.05.2019
by Daily end-of-shift report 17 May '19

17 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-05-2019 18:00 − Freitag 17-05-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cyber Security Challenge 2019 ∗∗∗ --------------------------------------------- Auch heuer veranstaltet der Verein Cyber Security Austria gemeinsam mit dem Abwehramt die Austria Cyber Security Challenge, quasi das Äquivalent zu den Mathe/Chemie/Latein/... - Olympiaden für Cyber Security.Über das Jahr hinweg werden einerseits die Staatsmeister ermittelt, aber auch das österreichische Team für den Europäischen Wettbewerb ausgesucht. --------------------------------------------- http://www.cert.at/services/blog/20190517101951-2471.html ∗∗∗ Google recalls Titan Bluetooth keys after finding security flaw ∗∗∗ --------------------------------------------- Google had egg on its face this week after it had to recall some of its Titan hardware security keys for being insecure. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/17/google-recalls-titan-bluetooth-… ∗∗∗ A Large Chunk of Ethereum Clients Remain Unpatched ∗∗∗ --------------------------------------------- In a report shared with ZDNet today, security researchers from SRLabs revealed that a large chunk of the Ethereum client software that runs on Ethereum nodes has yet to receive a patch for a critical security flaw the company discovered earlier this year. --------------------------------------------- https://it.slashdot.org/story/19/05/17/151222/a-large-chunk-of-ethereum-cli… ∗∗∗ Intel fixt teils kritische Lücken in UEFI-BIOS, ME und Linux-Grafiktreiber ∗∗∗ --------------------------------------------- In den vergangenen Tagen beschäftigten Intel neben ZombieLoad noch weitere Lücken. Die sind zum Glück nicht aus der Ferne ausnutzbar. --------------------------------------------- https://heise.de/-4423912 ∗∗∗ Dateidiebstahl und mehr: Problematische Lücken in Apples AirDrop-Technik ∗∗∗ --------------------------------------------- Mit dem AWDL-Verfahren können iPhones, Macs und Co. direkt Daten austauschen. Forscher aus Darmstadt zeigten nun neue Missbrauchsmöglichkeiten. --------------------------------------------- https://heise.de/-4424245 ===================== = Vulnerabilities = ===================== ∗∗∗ DNS-Software BIND: Neue Version schließt mehrere Schwachstellen ∗∗∗ --------------------------------------------- Die BIND-Versionen 9.11.7, 9.14.2 und aktualisierte BIND-Packages für Linux sind gegen zwei potzenzielle Denial-of-Service-Angriffspunkte abgesichert. --------------------------------------------- https://heise.de/-4424425 ∗∗∗ Security Advisory - MITM Vulnerability on Huawei Share ∗∗∗ --------------------------------------------- There is a man-in-the-middle(MITM) vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190517-… ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Wacom Update Helper ∗∗∗ --------------------------------------------- There are two privilege escalation vulnerabilities in the Wacom update helper. The update helper is a utility installed alongside the macOS application for Wacom tablets. The application interacts with the tablet and allows the user to manage it. These vulnerabilities could allow an attacker with local access to raise their privileges to root. --------------------------------------------- https://blog.talosintelligence.com/2019/05/wacom-update-helper-vuln-spotlig… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jquery), Fedora (kernel-headers, php-typo3-phar-stream-wrapper, and python3), openSUSE (qemu, ucode-intel, and xen), Red Hat (chromium-browser, java-1.8.0-ibm, and rh-python35-python-jinja2), SUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, evolution, graphviz, kernel, qemu, and systemd), and Ubuntu (libmediainfo, libvirt, and Wireshark). --------------------------------------------- https://lwn.net/Articles/788773/ ∗∗∗ Drupal: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Drupal [genauer: externen Modulen, Anm.] ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0433 ∗∗∗ Symantec Messaging Gateway: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer aus dem angrenzenden Netzwerk kann eine Schwachstelle in Symantec Messaging Gateway ausnutzen, um Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0432 ∗∗∗ F-Secure Produkte: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/05/warn… ∗∗∗ Vuln: Fuji Electric Alpha7 PC Loader Out-of-Bounds Read Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108359 ∗∗∗ Potential Impact on Processors in the POWER Family ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ ∗∗∗ IBM Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2019-4293) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-vulnera… ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-5-x… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ SSB-501863 (Last Update: 2019-05-16): Customer Information on Microsoft Windows RDP Vulnerability for Siemens Healthineers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssb-501863.pdf ∗∗∗ Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52370164 ∗∗∗ Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K97035296 ∗∗∗ Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K80159635 ∗∗∗ Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K34303485 ∗∗∗ INTEL-SA-00233 Microarchitectural Data Sampling Advisory ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41283800 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.05.2019
by Daily end-of-shift report 16 May '19

16 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-05-2019 18:00 − Donnerstag 16-05-2019 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Announcing the all new Attack Surface Analyzer 2.0 ∗∗∗ --------------------------------------------- Attack Surface Analyzer 2.0 can help you identify security risks introduced when installing software on Windows, Linux, or macOS by analyzing changes to the file system, registry, network ports, .. --------------------------------------------- https://www.microsoft.com/security/blog/2019/05/15/announcing-new-attack-su… ∗∗∗ Sicherheitsupdate: WordPress-Plugin WP Live Chat Support für Attacken anfällig ∗∗∗ --------------------------------------------- Aufgrund eines Fehlers könnten Angreifer Schadcode auf WordPress-Websites mit dem Zusatzmodul WP Live Chat Support verankern. --------------------------------------------- https://heise.de/-4423479 ∗∗∗ Kritische Schwachstelle in Microsoft Remote Desktop Services - Updates verfügbar ∗∗∗ --------------------------------------------- Microsoft hat als Teil des "Patch Tuesday" ein Update für eine Schwachstelle in "Remote Desktop Services" veröffentlicht. Diese Schwachstelle ermöglicht es einem Angreifer, durch eine speziell .. --------------------------------------------- http://www.cert.at/warnings/all/20190516.html ∗∗∗ An MDS reading list ∗∗∗ --------------------------------------------- We contemplated putting together an LWN article on the "microarchitecturaldata sampling" (MDS) vulnerabilities, as weve done for pastspeculative-execution issues. But the truth of the matter is that its .. --------------------------------------------- https://lwn.net/Articles/788522/ ∗∗∗ IT-Security - Zombieload und Co.: Softwarehersteller geben zunehmend gegen Prozessorlücken auf ∗∗∗ --------------------------------------------- Apple hat aktuelle Patches wegen massiven Performanceverlusten nur teilweise aktiviert, Googles v8-Team sieht Aufwand nicht gerechtfertigt --------------------------------------------- https://derstandard.at/2000103251668/Zombieload-und-Co-Softwarehersteller-g… ∗∗∗ $100 million GozNym cybercrime network dismantled as suspects charged ∗∗∗ --------------------------------------------- The sophisticated conspiracy saw tens of thousands of victims’ computers infected with the GozNym malware in order to steal online banking passwords, and raid .. --------------------------------------------- https://hotforsecurity.bitdefender.com/blog/100-million-goznym-cybercrime-n… ∗∗∗ Threat Actor Profile: TA542, From Banker to Malware Distribution Service ∗∗∗ --------------------------------------------- Proofpoint researchers began tracking a prolific actor (referred to as TA542) in 2014 when reports first emerged about the appearance of the group’s signature payload, Emotet (aka Geodo). TA542 consistently uses the latest version of this malware, launching widespread email campaigns .. --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta54… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Unified Intelligence Center Remote File Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow a remote attacker to gain the ability to .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/05/15/Cisco-Releases-Mul… ∗∗∗ Drupal core - Moderately critical - Third-party libraries - SA-CORE-2019-007 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2019-007 ∗∗∗ Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys ∗∗∗ --------------------------------------------- https://security.googleblog.com/2019/05/titan-keys-update.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.05.2019
by Daily end-of-shift report 15 May '19

15 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-05-2019 18:00 − Mittwoch 15-05-2019 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücken: Adobe patcht PDF-Werkzeuge und den Flash Player ∗∗∗ --------------------------------------------- Adobe hat turnusmäßig neue Sicherheitsupdates veröffentlicht. Im Mai 2019 sollten vor allem der Adobe Reader und Adobe Acrobat abgesichert werden. Auch für den Flash Player gibt es eine Warnung .. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-adobe-patcht-pdf-werkzeuge-und… ∗∗∗ Best of the Web: Trust-Siegel verteilt Keylogger ∗∗∗ --------------------------------------------- Eigentlich soll das Best-of-the-Web-Siegel die Sicherheit von Webseiten zertifizieren, stattdessen wurden über ein gehacktes Script Keylogger .. --------------------------------------------- https://www.golem.de/news/best-of-the-web-trust-siegel-verteilt-keylogger-1… ∗∗∗ May 2019 Security Update Release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2019/05/14/may-2019-security-updat… ∗∗∗ Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) ∗∗∗ --------------------------------------------- Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updat… ∗∗∗ Three New Masque Attacks against iOS: Demolishing, Breaking and Hijacking ∗∗∗ --------------------------------------------- In the recent release of iOS 8.4, Apple fixed several vulnerabilities including vulnerabilities that allow attackers to deploy two new kinds of Masque Attack (CVE-2015-3722/3725, and CVE-2015-3725). We call these exploits Manifest Masque and Extension Masque, which can be used to demolish apps, including system apps (e.g., Apple Watch, .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2015/06/three_new_masqueatt.html ∗∗∗ array_diff_ukey Usage in Malware Obfuscation ∗∗∗ --------------------------------------------- We discovered a PHP backdoor on a WordPress installation that contained some interesting obfuscation .. --------------------------------------------- http://labs.sucuri.net/?note=2019-05-14 ∗∗∗ IT-Security - Grazer Forscher entdeckten neue Lücken bei Intel-Prozessoren ∗∗∗ --------------------------------------------- Prozessoren der Jahre 2012 bis 2018 betroffen – Neue Updates werden notwendig --------------------------------------------- https://derstandard.at/2000103122472/Grazer-Forscher-entdeckten-neue-Sicher… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: SAP BusinessObjects Business Intelligence CVE-2019-0289 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- SAP BusinessObjects Business Intelligence CVE-2019-0289 Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/108311 ∗∗∗ Synology-SA-19:23 Samba AD DC ∗∗∗ --------------------------------------------- CVE-2018-16860 allows man-in-the-middle attackers to bypass security constraints via a susceptible version of Directory Server for Windows Domain. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_23 ∗∗∗ DSA-4443 samba - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2019/dsa-4443 ∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/05/13/Cisco-Releases-Sec… ∗∗∗ Authorization Bypass Vulnerability in RSA NetWitness (CVE-2019-3724) ∗∗∗ --------------------------------------------- https://sec-consult.com/en/blog/advisories/authorization-bypass-vulnerabili… ∗∗∗ VMSA-2019-0007 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0007.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily