Daily

daily@lists.cert.at

1 participants
3249 discussions

Tageszusammenfassung - 05.12.2019
by Daily end-of-shift report 05 Dec '19

05 Dec '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 04-12-2019 18:00 − Donnerstag 05-12-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Security prenotification for Adobe Acrobat and Reader | APSB19-55 ∗∗∗ --------------------------------------------- Adobe is planning to release security updates for Adobe Acrobat and Reader for Windows and macOS on Tuesday, December 10, 2019. --------------------------------------------- https://helpx.adobe.com/security/products/acrobat/apsb19-55.html ∗∗∗ Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter ∗∗∗ --------------------------------------------- Twitter security celeb SwiftOnSecurity on Tuesday inadvertently disclosed a zero-day vulnerability affecting enterprise software biz Atlassian, a flaw that may be echoed in IBM's Aspera software. --------------------------------------------- https://go.theregister.co.uk/feed/www.theregister.co.uk/2019/12/05/atlassia… ∗∗∗ NTLMRecon ∗∗∗ --------------------------------------------- A fast NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains. --------------------------------------------- https://github.com/sachinkamath/ntlmrecon ∗∗∗ xHunt Actor’s Cheat Sheet ∗∗∗ --------------------------------------------- Unit 42 found evidence that the developers who created the Sakabota tool had carried out two sets of testing activities on Sakabota in an attempt to evade detection. Within one sample created during this testing process, we uncovered a cheat sheet meant to assist operators of the tool to carry out activities on the compromised system and network, which weve never seen before. --------------------------------------------- https://unit42.paloaltonetworks.com/xhunt-actors-cheat-sheet/ ===================== = Vulnerabilities = ===================== ∗∗∗ Authentication vulnerabilities in OpenBSD ∗∗∗ --------------------------------------------- We discovered an authentication-bypass vulnerability in OpenBSDs authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms. (CVE-2019-19521) --------------------------------------------- https://www.openwall.com/lists/oss-security/2019/12/04/5 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox), Fedora (cyrus-imapd, freeipa, haproxy, ImageMagick, python-pillow, rubygem-rmagick, sqlite, squid, and tnef), openSUSE (haproxy), Oracle (microcode_ctl), and Ubuntu (squid, squid3). --------------------------------------------- https://lwn.net/Articles/806384/ ∗∗∗ Weidmueller multiple vulnerabilities in various Industrial Ethernet managed switches ∗∗∗ --------------------------------------------- CVE-2019-16670: The Authentication mechanism has no brute-force prevention. CVE-2019-16671: Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption. CVE-2019-16672: Sensitive Credentials data is transmitted in cleartext. ... CVSS-Scores: bis 9.8 --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-018 ∗∗∗ Mozilla Thunderbird: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Mozilla Thunderbird ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, vertrauliche Daten einzusehen oder einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-1040 ∗∗∗ Wireshark: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Wireshark ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-1039 ∗∗∗ Security Bulletin: IBM ToolsCenter Dynamic System Analysis (DSA) Preboot is affected by multiple vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-toolscenter-dynamic-s… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Intel MCE vulnerability CVE-2018-12207 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K17269881 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.12.2019
by Daily end-of-shift report 04 Dec '19

04 Dec '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 03-12-2019 18:00 − Mittwoch 04-12-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ RSA-240: Faktorisierungserfolg gefährdet RSA nicht ∗∗∗ --------------------------------------------- Forscher haben auf einem Rechencluster eine 795 Bit große Zahl faktorisiert. Das RSA-Verschlüsselungs- und Signaturverfahren basiert darauf, dass Faktorisierung schwierig ist. Für die praktische Sicherheit von RSA mit modernen Schlüssellängen hat dieser Durchbruch heute aber wenig Bedeutung. --------------------------------------------- https://www.golem.de/news/rsa-240-faktorisierungserfolg-gefaehrdet-rsa-nich… ∗∗∗ APT review: what the world’s threat actors got up to in 2019 ∗∗∗ --------------------------------------------- What were the most interesting developments in terms of APT activity during the year and what can we learn from them? --------------------------------------------- https://securelist.com/ksb-2019-review-of-the-year/95394/ ∗∗∗ SEC Xtractor: Extrahieren von Daten aus elektronischen Geräten ∗∗∗ --------------------------------------------- Das SEC Consult Hardware Lab hat ein spezielles Hardware-Analyse-Tool entwickelt, mit dem Security Consultants auf einfache Weise Firmware aus Speicherchips auslesen können. Der sogenannte „SEC Xtractor“ wurde nun als Open-Source-Version veröffentlicht. --------------------------------------------- https://www.sec-consult.com/blog/2019/12/sec-xtractor-extrahieren-von-daten… ∗∗∗ Introducing Password Cracking Manager: CrackQ ∗∗∗ --------------------------------------------- Today we are releasing CrackQ, a queuing system to manage password cracking that Ive been working on for about a year. It is primarily for offensive security teams during red teaming and pentesting engagements. Its an intuitive interface for Hashcat served by a REST API and a JavaScript front-end web application for ease of use. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/introducing… ∗∗∗ How to Respond to Emotet Infection (FAQ) ∗∗∗ --------------------------------------------- The purpose of this entry is to provide instructions on how to check if you are infected with Emotet and what you can do in case of infection (based on the information available as of December 2019). --------------------------------------------- https://blogs.jpcert.or.jp/en/2019/12/emotetfaq.html ∗∗∗ Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774) ∗∗∗ --------------------------------------------- As established, the patches for CVE-2017-11774 can be effectively “disabled” by modifying registry keys on an endpoint with no special privileges. The following registry keys and values should be configured via Group Policy to reinforce the recommended configurations in the event that an attacker attempts to reverse the intended security configuration on an endpoint to allow for Outlook home page persistence for malicious purposes. --------------------------------------------- https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tou… ∗∗∗ Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business ∗∗∗ --------------------------------------------- ... WHfB keys are tied to a user and a device that has been added to Azure AD, and if the device is removed, the corresponding WHfB key is considered orphaned. However, these orphaned keys are not deleted even when the device it was created on is no longer present. Any authentication to Azure AD using such an orphaned WHfB key will be rejected. However, some of these orphaned keys could lead to the following security issue in Active Directory 2016 or 2019, in either hybrid or on-premises --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190026 ∗∗∗ Betrug mit begehrten Champions League Tickets auf Facebook ∗∗∗ --------------------------------------------- Die Lieblings-Band einmal live zu erleben oder den favorisierten Fußballklub in der UEFA Champions League live im Stadion anzufeuern, ist ein einmaliges Erlebnis. In Facebook-Gruppen ausverkaufter Events versuchen verzweifelte Fans, die letzten Tickets zu ergattern. In Privatnachrichten werden ihnen diese Karten auf Facebook gegen Überweisung oder PayPal-Zahlung versprochen. Vorsicht: Dahinter können Kriminelle stecken! --------------------------------------------- https://www.watchlist-internet.at/news/betrug-mit-begehrten-champions-leagu… ∗∗∗ Two malicious Python libraries removed from PyPI ∗∗∗ --------------------------------------------- One library was available for only two days, but the second was live for nearly a year. --------------------------------------------- https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-p… ===================== = Vulnerabilities = ===================== ∗∗∗ Reliable Controls LicenseManager ∗∗∗ --------------------------------------------- This advisory contains mitigations for an unquoted search path or element vulnerability in the Reliable Controls LicenseManager. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-337-01 ∗∗∗ Moxa AWK-3121 ∗∗∗ --------------------------------------------- This advisory contains mitigations for multiple vulnerabilities in Moxa’s AWK-3121 wireless access point/bridge/client. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-337-02 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (389-ds-base, ghostscript, kernel, and tcpdump), Debian (libonig), Fedora (clamav, firefox, and oniguruma), openSUSE (calamares, cloud-init, haproxy, libarchive, libidn2, libxml2, and ucode-intel), Scientific Linux (SDL and tcpdump), Slackware (mozilla), and Ubuntu (haproxy, intel-microcode, and postgresql-common). --------------------------------------------- https://lwn.net/Articles/806296/ ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-… ∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Fastjson ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-… ∗∗∗ Security Advisory - Out-of-bounds Read Vulnerability in Advanced Packages of Gauss100 OLTP Database ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-… ∗∗∗ Security Advisory - Denial of Service Vulnerability in some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-… ∗∗∗ Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-… ∗∗∗ Security Advisory - Insufficient Verification of Data Authenticity Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-… ∗∗∗ Security Advisory - Path Traversal Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-… ∗∗∗ Security Bulletin: : Netcool Operations Insight – Cloud Native Event Analytics is affected by a FasterXML jackson-databind vulnerability (CVE-2019-12814) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insigh… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Cloud Pak System (CVE-2019-1552) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: Security Vulnerabilities have been identified in IBM Java Runtime as shipped with Tivoli Federated Identity Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in Red Hat® Enterprise Linux (RHEL) Server shipped with PurePower Integrated Manager (PPIM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Netcool Operations Insight – Cloud Native Event Analytics is affected by an Apache Kafka vulnerability (CVE-2018-17196) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insigh… ∗∗∗ Security Bulletin: A security vulnerability has been identified in Red Hat® Enterprise Linux (RHEL) Server shipped with PurePower Integrated Manager (PPIM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Netcool Operations Insight – Cloud Native Event Analytics is affected by an Apache Zookeeper vulnerability (CVE-2019-0201) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insigh… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2019-2602) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.12.2019
by Daily end-of-shift report 03 Dec '19

03 Dec '19

===================== = End-of-Day report = ===================== Timeframe: Montag 02-12-2019 18:00 − Dienstag 03-12-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Strandhogg: Sicherheitslücke in Android wird aktiv ausgenutzt ∗∗∗ --------------------------------------------- Unter Android können sich Schad-Apps als legitime Apps tarnen und weitere Berechtigungen anfordern. Die Strandhogg genannte Sicherheitslücke wird bereits aktiv ausgenutzt und eignet sich beispielsweise für Banking-Trojaner. Einen Patch gibt es nicht. ... Die Sicherheitsfirma Lookout konnte bereits 36 Apps ausfindig machen, die die Sicherheitslücke ausnutzen. Die betroffenen Apps nennt die Sicherheitsfirma allerdings nicht. Diese seien zum Teil auch im Google Play Store zu finden gewesen, allerdings hätten sie die Schadsoftware nicht enthalten, sondern diese erst nach der Installation nachgeladen - sogenannte Dropper-Apps. Google hat die betroffenen Apps nach einem Hinweis aus dem Play Store gelöscht. --------------------------------------------- https://www.golem.de/news/strandhogg-sicherheitsluecke-in-android-wird-akti… ∗∗∗ Network traffic analysis for Incident Response (IR): TLS decryption ∗∗∗ --------------------------------------------- e post Network traffic analysis for Incident Response (IR): TLS decryption appeared first on Infosec Resources.Network traffic analysis Over the years, the use of TLS has grown dramatically, with over half of websites using HTTPS by default. However, situations exist where it is useful to be able to decrypt this traffic. For example, many organizations perform deep packet inspection (DPI) in order to detect and block potentially malicious traffic. --------------------------------------------- https://resources.infosecinstitute.com/network-traffic-analysis-for-inciden… ∗∗∗ Another Fake Google Domain: fonts[.]googlesapi[.]com ∗∗∗ --------------------------------------------- Our Remediation team lead Ben Martin recently found a fake Google domain that is pretty convincing to the naked eye. The malicious domain was abusing the URL shortener service is.gd: shortened URLs were being injected into the posts table of the client’s WordPress database. Whenever the infected WordPress page loads, the actual content is obscured behind the is.gd shortener, which obtains content from the fake Google domain: fonts[.]googlesapi[.]com --------------------------------------------- https://blog.sucuri.net/2019/12/another-fake-google-domain-fonts-googlesapi… ∗∗∗ Ursnif infection with Dridex ∗∗∗ --------------------------------------------- Todays diary reviews an Ursnif infection from this campaign that I generated in my lab environment on Monday, December 2nd. --------------------------------------------- https://isc.sans.edu/diary/rss/25566 ∗∗∗ Anruf von Microsoft? – Legen Sie sofort auf! ∗∗∗ --------------------------------------------- Kriminelle geben sich als Microsoft-MitarbeiterInnen aus und erklären besorgten NutzerInnen, ihr Computer sei von einem Trojaner befallen. Mit diesem Vorwand versuchen Kriminelle sich Zugriff auf den Computer zu verschaffen und anschließend sensible Zugangsdaten zu stehlen oder wertvolle Daten zu löschen. Es handelt sich um eine Betrugsmasche, Microsoft würde niemals persönlich anrufen! --------------------------------------------- https://www.watchlist-internet.at/news/anruf-von-microsoft-legen-sie-sofort… ∗∗∗ A decade of malware: Top botnets of the 2010s ∗∗∗ --------------------------------------------- ZDNet goes over the list of biggest malware botnets of the past decade, from Necurs to Mirai. --------------------------------------------- https://www.zdnet.com/article/a-decade-of-malware-top-botnets-of-the-2010s/ ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple MOTEX products vulnerable to privilege escalation ∗∗∗ --------------------------------------------- LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. An user who can login to the PC where the vulnerable product is installed may obtain unauthorized privileges and execute arbitrary code. --------------------------------------------- https://jvn.jp/en/jp/JVN49068796/ ∗∗∗ Patchday: Google serviert Sicherheitspatches für Android und seine Pixel-Serie ∗∗∗ --------------------------------------------- Verschiedene Android-Versionen sind über kritische Sicherheitslücken attackierbar. Nun gibt es Sicherheitsupdates. --------------------------------------------- https://heise.de/-4602506 ∗∗∗ Multiple vulnerabilites in Fronius Solar Inverter Series (CVE-2019-19229, CVE-2019-19228) ∗∗∗ --------------------------------------------- The vendor automatically performed a fleet update of the solar inverters in the field in order to patch them. Nevertheless, as not all devices could be reached through such an update, all remaining users are advised to install the patches provided by the vendor immediately. (CVE-2019-19229, CVE-2019-19228) --------------------------------------------- https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-froni… ∗∗∗ Vulnerability Spotlight: Two vulnerabilities in EmbedThis GoAhead ∗∗∗ --------------------------------------------- EmbedThis’ GoAhead Web Server contains two vulnerabilities that both arise when the software attempts to process a multi-part/form-data HTTP request. An attacker could exploit these vulnerabilities to remotely execute code on the victim machine, or cause a denial-of-service condition. --------------------------------------------- https://blog.talosintelligence.com/2019/12/vulnerability-spotlight-EmbedThi… ∗∗∗ Vulnerability Spotlight: Accusoft ImageGear PNG IHDR width code execution vulnerability ∗∗∗ --------------------------------------------- Accusoft ImageGear contains two remote code execution vulnerabilities. ImageGear is a document and imaging library from Accusoft that developers can use to build their applications. The library contains the entire document imaging lifecycle. This vulnerability is present in the Accusoft ImageGear library, which is a document-imaging developer toolkit. --------------------------------------------- https://blog.talosintelligence.com/2019/12/vulnerability-spotlight-accusoft… ∗∗∗ Vulnerability Spotlight: SQL injection vulnerabilities in Forma Learning Management System ∗∗∗ --------------------------------------------- Cisco Talos recently discovered three SQL injection vulnerabilities in the authenticated portion of the Formal Learning Management System. LMS is a set of software that allows companies to build and host different training courses for their employees. The software operates with an open-source licensing model and now operates under the Forma organization. --------------------------------------------- https://blog.talosintelligence.com/2019/12/vulnerability-spotlight-sql-inje… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (intel-ucode and libtiff), Debian (exiv2), Oracle (SDL), Red Hat (kernel, patch, and python-jinja2), and Ubuntu (graphicsmagick, linux, linux-aws, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp...) --------------------------------------------- https://lwn.net/Articles/806202/ ∗∗∗ Kaspersky Internet Security: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann eine Schwachstelle in Kaspersky Internet Security und Kaspersky Total Security ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-1035 ∗∗∗ Trend Micro Internet Security: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Trend Micro Internet Security und Trend Micro AntiVirus ausnutzen, um seine Privilegien zu erhöhen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-1034 ∗∗∗ Security Bulletin: IBM Cloud Pak System is vulnerable to Intel Microarchitectural Data Sampling (MDS) Vulnerabilites ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-system-is-v… ∗∗∗ Security Bulletin: Vulnerability in Google Guava affects IBM Cloud Pak System (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-google-g… ∗∗∗ Security Bulletin: Vulnerability from Apache HttpComponents affects IBM Cloud Pak System (CVE-2011-1498, CVE-2015-5262) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-from-apache… ∗∗∗ Security Bulletin: Multiple cross-site scripting vulnerabilities in Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-cross-site-scrip… ∗∗∗ Security Bulletin: Cross-site scripting vulnerability in IBM Cloud Pak System (CVE-2019-4098) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ BIND vulnerability CVE-2019-6477 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15840535?utm_source=f5support&utm_mediu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.12.2019
by Daily end-of-shift report 02 Dec '19

02 Dec '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 29-11-2019 18:00 − Montag 02-12-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cybercrime-Bericht 2018: Kriminalität im Netz bleibt große Herausforderung ∗∗∗ --------------------------------------------- Auch im Jahr 2018 verzeichnete das Cybercrime Competence Center (C4) des Bundeskriminalamtes eine Zunahme von Cybercrime Delikten. Im Vergleich zum Vorjahr wurde ein Anstieg von 16,8 Prozent registriert, vorwiegend im Bereich Internetbetrug. --------------------------------------------- http://www.bmi.gv.at/news.aspx?id=6D4D326A543767595673593D ∗∗∗ Analysis of Malicious ElectrumX Servers Source Code ∗∗∗ --------------------------------------------- Recently I have found some malicious ElectrumX nodes in the Electrum network that are still being connected by the Electrum software. In this post I share some information about these nodes and the ElectrumX patched code that they execute. --------------------------------------------- http://www.peppermalware.com/2019/12/analysis-of-malicious-electrumx-server… ∗∗∗ Polizei warnt vor professionellen Fake-Shops im Internet ∗∗∗ --------------------------------------------- In der Weihnachtszeit wird kräftig online eingekauft. Das machen sich auch Betrüger zunutze. Experten der Polizei warnen gerade jetzt vor deren Maschen. --------------------------------------------- https://heise.de/-4600046 ∗∗∗ Insight into NIS Directive sectoral incident response capabilities ∗∗∗ --------------------------------------------- The report provides a deeper insight into NISD sectoral Incident Response capabilities, procedures, processes and tools to identify the trends and possible gaps and overlaps. --------------------------------------------- https://www.helpnetsecurity.com/2019/12/02/nis-directive-incident-response/ ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Critical Vulnerabilities in SALTO ProAccess SPACE ∗∗∗ --------------------------------------------- In the software SALTO ProAccess Space ... multiple typical web application vulnerabilities got identified. An authenticated attacker was able to exploit a path traversal vulnerability to backup arbitrary files into the web root. This allowed an attacker to export the database into the web root and download it. Furthermore, it was possible to combine another export feature with the path traversal vulnerability to write arbitrary contents to arbitrary locations on the backend Windows server. --------------------------------------------- https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilitie… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (389-ds-base, asterisk, file, nss, proftpd-dfsg, ssvnc, and tnef), Fedora (chromium, djvulibre, freeradius, ImageMagick, jhead, kernel, phpMyAdmin, python-pillow, and rubygem-rmagick), Mageia (bzip2, chromium-browser-stable, curl, dbus, djvulibre, glib2.0, glibc, gnupg2, httpie, libreoffice, libssh2, mosquitto, nginx, python-sqlalchemy, unbound, and zipios++), openSUSE (bluez, clamav, cpio, freerdp, openafs, phpMyAdmin, strongswan, and webkit2gtk3), --------------------------------------------- https://lwn.net/Articles/806079/ ∗∗∗ Multiple Cisco Analog Telephone Adapters Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Teams and Cisco Webex Meetings Client DLL Hijacking Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.11.2019
by Daily end-of-shift report 29 Nov '19

29 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-11-2019 18:00 − Freitag 29-11-2019 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Sicherheitslücken: So einfach lassen sich SMS mitlesen ∗∗∗ --------------------------------------------- Mit dem SMS-Nachfolger RCS werden SMS und Telefonanrufe über das Internet abgewickelt - mit einem vorgegebenen Passwort. Mit diesem können auch klassische SMS unbemerkt mitgelesen werden. Eine entsprechende Konfigurationsdatei lässt sich von jeder App empfangen. (Joyn, Datenschutz) --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-so-einfach-lassen-sich-sms-mit… ∗∗∗ Smartwatch exposes locations and other data on thousands of children ∗∗∗ --------------------------------------------- A device that is supposed to help parents keep track of their children and give them a peace of mind can be turned into a surveillance device for bad actors The post Smartwatch exposes locations and other data on thousands of children appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2019/11/29/smartwatch-exposes-location-data-… ===================== = Vulnerabilities = ===================== ∗∗∗ Y2K-Bug-Variante trifft Splunk-Produkte – Lösungen verfügbar ∗∗∗ --------------------------------------------- Splunk-Admins sollten sich vor dem Jahreswechsel dringend mit einem "Jahr-2020-Problem" in der Software auseinandersetzen. Updates stehen bereit. --------------------------------------------- https://heise.de/-4599420 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libvpx and vino), Fedora (grub2 and nss), and SUSE (cloud-init, libarchive, libtomcrypt, ncurses, and ucode-intel). --------------------------------------------- https://lwn.net/Articles/805811/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.11.2019
by Daily end-of-shift report 28 Nov '19

28 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-11-2019 18:00 − Donnerstag 28-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Video: Abo-Falle Streaming-Plattformen ∗∗∗ --------------------------------------------- Streaming-Plattformen werben mit einer kostenlosen Registrierung. Nach fünf Tagen verlangen sie von BenutzerInnen für einen Premium-Status 358,80 Euro, 359,88 Euro bzw. 395,88 Euro. Für die Bezahlung der Rechnung gibt es keinen Grund. --------------------------------------------- https://www.watchlist-internet.at/news/video-abo-falle-streaming-plattforme… ∗∗∗ Adobe discloses security breach impacting Magento Marketplace users ∗∗∗ --------------------------------------------- Security breach was detected last week and traced back to a vulnerability in the Magento Marketplace website. --------------------------------------------- https://www.zdnet.com/article/adobe-discloses-security-breach-impacting-mag… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin - November 2019 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ DSA-4577 haproxy - security update ∗∗∗ --------------------------------------------- Tim Düsterhus discovered that haproxy, a TCP/HTTP reverse proxy, didnot properly sanitize HTTP headers when converting from HTTP/2 toHTTP/1. This would allow a remote user to perform CRLF injections. --------------------------------------------- https://www.debian.org/security/2019/dsa-4577 ∗∗∗ QNAP NAS: Hersteller fixt unter anderem kritische Schwachstelle in Photo Station ∗∗∗ --------------------------------------------- QTS-Updates beseitigen zahlreiche Angriffsmöglichkeiten aus der Ferne. --------------------------------------------- https://heise.de/-4598238 ∗∗∗ Security updates for (US) Thanksgiving ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (haproxy and libvorbis), Fedora (mod_auth_mellon and xen), Oracle (389-ds-base, kernel, and tcpdump), SUSE (bsdtar, java-11-openjdk, java-1_7_0-openjdk, and libxml2), and Ubuntu (nss and python-psutil). --------------------------------------------- https://lwn.net/Articles/805777/ ∗∗∗ WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN26838191/ ∗∗∗ Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-packe… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.11.2019
by Daily end-of-shift report 27 Nov '19

27 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 26-11-2019 18:00 − Mittwoch 27-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Almost 60% Of Malicious Ads Come from Three Ad Providers ∗∗∗ --------------------------------------------- In Confiants "Demand Quality Report for Q3 2019", the ad fraud and security company analyzed 120 billion ad impressions between January 1st and September 20th that flowed through their systems in order to provide a breakdown of different malicious ad campaigns. --------------------------------------------- https://www.bleepingcomputer.com/news/security/almost-60-percent-of-malicio… ∗∗∗ Top 25 Most Dangerous Vulnerabilities Refreshed After 8 Years ∗∗∗ --------------------------------------------- For the first time in eight years, the list with the most dangerous 25 software vulnerabilities received an update that promises to be relevant for current times. --------------------------------------------- https://www.bleepingcomputer.com/news/security/top-25-most-dangerous-vulner… ∗∗∗ MITRE ATT&CK vulnerability spotlight: Credentials in registry ∗∗∗ --------------------------------------------- One of the attack stages as described in the MITRE ATT&CK tool is credential access, where a hacker tries to steal user credential information to gain access to new accounts or elevate privileges on a compromised system. One of the means by which an attacker can perform this stage of an attack is by extracting credentials from where they are stored in the Windows registry. --------------------------------------------- https://resources.infosecinstitute.com/mitre-attck-vulnerability-spotlight-… ∗∗∗ Insights from one year of tracking a polymorphic threat ∗∗∗ --------------------------------------------- We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general. --------------------------------------------- https://www.microsoft.com/security/blog/2019/11/26/insights-from-one-year-o… ∗∗∗ Exposed Firebase Database ∗∗∗ --------------------------------------------- An issue can arise in firebase when developers fail to enable authentication. This vulnerability is very similar to every other database misconfiguration, theres no authentication. Leaving a database exposed to the world unauthenticated is an open invite for malicious hackers. --------------------------------------------- http://ghostlulz.com/google-exposed-firebase-database/ ∗∗∗ Vorsicht vor Ping-Anrufen! ∗∗∗ --------------------------------------------- KonsumentInnen erhalten immer wieder sogenannte Ping-Calls. Sie werden dabei von unbekannten Nummern angerufen. Die Anrufe werden meist nach dem ersten oder zweiten Läuten wieder beendet. Wer aus Höflichkeit oder Neugierde zurückruft, tappt in die Kostenfalle. Bei unbekannten, verdächtigen Nummern gilt: Nicht abheben und nicht zurückrufen! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-ping-anrufen/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bsdiff, libvpx, tiff, and xmlrpc-epi), Fedora (freeimage, imapfilter, kernel, mingw-freeimage, and thunderbird), openSUSE (cups and djvulibre), Oracle (SDL), SUSE (ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud, freerdp, mailman, slurm) and Ubuntu (ruby2.3, ruby2.5). --------------------------------------------- https://lwn.net/Articles/805720/ ∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei Smart Speaker Myna ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Huawei Atlas Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-… ∗∗∗ Security Advisory - Information Disclosure Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-… ∗∗∗ Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qr… ∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2019-1547, CVE-2019-1563) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openss… ∗∗∗ Security Bulletin: Vulnerability CVE-2019-10218 in Samba affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-10… ∗∗∗ Security Bulletin: Python as used by IBM QRadar Network Packet Capture is vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers (CVE-2019-9947, CVE-2019-9948) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-python-as-used-by-ibm-qra… ∗∗∗ Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to a timing side channel attack (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qr… ∗∗∗ TMM vulnerability CVE-2019-6669 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11447758 ∗∗∗ BIG-IP AAM vulnerability CVE-2019-6666 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K92411323 ∗∗∗ BIG-IP FIX profile security advisory vulnerability CVE-2019-6667 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K82781208 ∗∗∗ BIG-IP TMM vulnerability CVE-2019-6671 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K39225055 ∗∗∗ BIG-IP AFM vulnerability CVE-2019-6672 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K14703097 ∗∗∗ BIG-IP ASM Bot Detection DNS cache does not expire security exposure ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K79240502 ∗∗∗ The BIG-IP system may fail to properly parse HTTP headers that are prepended by whitespace (non RFC2616 compliant) ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K39794285 ∗∗∗ BIG-IP ASM and BIG-IQ/Enterprise Manager/F5 iWorkflow device authentication and trust vulnerability CVE-2019-6665 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26462555 ∗∗∗ BIG-IP HTTP/2 vulnerability CVE-2019-6673 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K81557381 ∗∗∗ F5 SSL Orchestrator vulnerability CVE-2019-6674 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21135478 ∗∗∗ BIG-IP Edge Client for macOS vulnerability CVE-2019-6668 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K49827114 ∗∗∗ BIG-IP APM ignores the Restrict to Single Client IP option for Native RDP resources ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24241590 ∗∗∗ vCMP vulnerability CVE-2019-6670 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K05765031 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.11.2019
by Daily end-of-shift report 26 Nov '19

26 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Montag 25-11-2019 18:00 − Dienstag 26-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Unsichere Tracking-Smartwatch: Angreifer könnten Tausende Kinder stalken ∗∗∗ --------------------------------------------- Billige Tracker-Uhren aus China sind recht häufig Gegenstand von Sicherheitswarnungen. Das aktuelle Kindermodell SMA-WATCH-M2 setzt den (Abhör-)Alptraum fort. --------------------------------------------- https://heise.de/-4596410 ∗∗∗ Vorsicht beim Black-Friday-Shopping ∗∗∗ --------------------------------------------- Zahlreiche Online-HändlerInnen locken im Zuge des Black Fridays mit sagenhaften Angeboten. Am Freitag können Sie Kleidung, Elektronik, Haushaltswaren und viel mehr deutlich günstiger erwerben. Seien Sie jedoch bei den unglaublichsten Schnäppchen doppelt vorsichtig, denn nicht jedes Angebot ist seriös. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-beim-black-friday-shopping/ ∗∗∗ A hacking group is hijacking Docker systems with exposed API endpoints ∗∗∗ --------------------------------------------- Its almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet. --------------------------------------------- https://www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-w… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-19-996: Dell EMC Storage Monitoring and Reporting Java RMI Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dell EMC Storage Monitoring and Reporting. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-996/ ∗∗∗ Xen Security Advisory XSA-306 - Device quarantine for alternate pci assignment methods ∗∗∗ --------------------------------------------- An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-306.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libxdmcp, nss, php-imagick, and ruby2.1), openSUSE (java-11-openjdk), Red Hat (389-ds-base, kernel, kernel-rt, python-jinja2, qemu-kvm-ma, and tcpdump), SUSE (bluez, clamav, cpio, cups, gcc9, libpng16, libssh2_org, mailman, sqlite3, squid, strongswan, tiff, and webkit2gtk3), and Ubuntu (redmine). --------------------------------------------- https://lwn.net/Articles/805650/ ∗∗∗ Paessler PRTG: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- PRTG Network Monitor ist eine Netzwerk Monitoring Werkzeug der Paessler AG. Ein Angreifer kann mehrere Schwachstellen in Paessler PRTG ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen oder beliebigen Programmcode mit Rechten des Dienstes auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-1019 ∗∗∗ Kaspersky Produkte: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Kaspersky Anti-Virus, Kaspersky Internet Security und Kaspersky Total Security ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service zu verursachen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-1018 ∗∗∗ Security Bulletin: Multiple IBM MQ Security Vulnerabilities Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-mq-security-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server on AIX (CVE-2019-4473, CVE-2019-11771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to Apache Commons Beanutils (CVE-2019-10086) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: SQL Injection Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4387) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerabili… ∗∗∗ Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2019-4057, CVE-2019-4101, CVE-2019-4154, CVE-2019-4386, CVE-2019-4322) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-vulnerabilit… ∗∗∗ BIG-IP Engineering Hotfix authentication bypass vulnerability CVE-2019-6675 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55655944 ∗∗∗ NodeJS vulnerability CVE-2018-7160 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K63025104 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.11.2019
by Daily end-of-shift report 25 Nov '19

25 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-11-2019 18:00 − Montag 25-11-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ A Short History of Juice Jacking ∗∗∗ --------------------------------------------- The days are now shorter, and the holiday season is upon us. Many of us have travel booked to bring our family together and will soon be uncomfortably sitting in the halls of airline terminals, desperate to escape the monotony of an international waiting room we will sit transfixed to our mobile devices. Breaking our mobile-mindfulness-zen like state, an alert graces the screen: 15% battery life remaining. --------------------------------------------- https://www.secjuice.com/history-of-juice-jacking/ ∗∗∗ Local Malware Analysis with Malice, (Sat, Nov 23rd) ∗∗∗ --------------------------------------------- This project (Malice) provides the ability to have your own locally managed multi-engine malware scanning system. The framework allows the owner to analyze files for known malware. It can be used both as a command tool to analyze samples and review the results via a Kibana web interface. The Command-Line Interface (CLI) is used to scan a file or directory or can be setup to watch and scan new files when copied into a write only directory. --------------------------------------------- https://isc.sans.edu/diary/rss/25544 ∗∗∗ Introducing Merlin - A cross-platform post-exploitation HTTP/2 Command & Control Tool ∗∗∗ --------------------------------------------- Merlin is a cross-platform post-exploitation framework that leverages HTTP/2 communications to evade inspection. HTTP/2 is a relatively new protocol that requests Perfect Forward Secrecy (PFS) encryption cipher suites are used. ... Additionally, many security technologies are not equipped with HTTP/2 protocol dissectors and are therefore not able to evaluate traffic even if keying material is provided. --------------------------------------------- https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a ∗∗∗ Trickbot Updates Password Grabber Module ∗∗∗ --------------------------------------------- Trickbot is a modular malware, and one of its modules is a password grabber. In November 2019, we started seeing indicators of Trickbot's password grabber targeting data from OpenSSH and OpenVPN applications. --------------------------------------------- https://unit42.paloaltonetworks.com/trickbot-updates-password-grabber-modul… ∗∗∗ PC-Fernwartung: Sicherheitsforscher warnen vor angreifbarer VNC-Software ∗∗∗ --------------------------------------------- Angreifer könnten Clients und Server mit verschiedener VNC-Software attackieren und unter bestimmten Voraussetzungen Malware platzieren. --------------------------------------------- https://heise.de/-4595718 ∗∗∗ Kauf von Konzertkarten auf eventtickets24.com birgt Gefahren ∗∗∗ --------------------------------------------- Die Smartfox Media b.v. aus den Niederlanden bietet auf eventtickets24.com Konzert- und Veranstaltungskarten an. Zahlreiche KundInnen berichten von groben Problemen nach dem Ticketkauf. So kommt es u.U. zu Schwierigkeiten bei der Beschaffung und Lieferung oder ausbleibenden Rückerstattungen nach Nichtlieferung. Wir raten zu großer Vorsicht bei diesem Angebot. --------------------------------------------- https://www.watchlist-internet.at/news/kauf-von-konzertkarten-auf-eventtick… ===================== = Vulnerabilities = ===================== ∗∗∗ Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps ∗∗∗ --------------------------------------------- CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the underlying problem lies in the library called libpl_droidsonroids_gif.so, which is part of the android-gif-drawable package. While this flaw has also been patched, many [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/sBAf9Ks1I8Y/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, enigmail, isc-dhcp, libice, libofx, and pam-python), Fedora (chromium, ghostscript, mingw-cfitsio, mingw-gdal, mingw-libidn2, and rsyslog), Gentoo (adobe-flash, chromium, expat, and firefox), openSUSE (apache2-mod_perl, haproxy, java-11-openjdk, and ncurses), Oracle (ghostscript, kernel, php:7.2, php:7.3, and sudo), Red Hat (chromium-browser, python27-python, and SDL), and Ubuntu (dpdk and libvpx). --------------------------------------------- https://lwn.net/Articles/805527/ ∗∗∗ Weak encryption cipher and hardcoded cryptographic keys in Fortinet products ∗∗∗ --------------------------------------------- https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardc… ∗∗∗ Security Bulletin: Incorrect permissions on CIT files in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-2025) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-permissions-on-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Enterprise Resource Planning on AIX (CVE-2019-4473, CVE-2019-11771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Denial of Service vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnera… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot on AIX (CVE-2019-4473, CVE-2019-11771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: SMB signing not required in IBM Spectrum Protect Plus (CVE-2016-2115) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-smb-signing-not-required-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.11.2019
by Daily end-of-shift report 22 Nov '19

22 Nov '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-11-2019 18:00 − Freitag 22-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Securing Portable Electronic Devices During Travel ∗∗∗ --------------------------------------------- Holiday travelers often use portable electronic devices (PEDs) because they offer a range of conveniences, for example, enabling the traveler to order gifts on-the-go, access to online banking, or download boarding passes. However, these devices are vulnerable to cyberattack or theft, resulting in exposure of personal information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/11/22/securing-portable-… ∗∗∗ Abusing Web Filters Misconfiguration for Reconnaissance ∗∗∗ --------------------------------------------- Yesterday, an interesting incident was detected while working at a customer SOC. They use a “next-generation” firewall that implements a web filter based on categories. This is common in many organizations today: Users web traffic is allowed/denied based on an URL categorization database (like “adult content”, “hacking”, “gambling”, …). How was it detected? --------------------------------------------- https://isc.sans.edu/diary/rss/25538 ∗∗∗ ENISA: How to implement security by design for IoT ∗∗∗ --------------------------------------------- ENISA, the European Union Agency for Cybersecurity releases ‘Good Practices for Security of IoT’, a significant report to promote security by design for IoT. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/how-to-implement-security-by-de… ∗∗∗ A guidebook to open-source OT reconnaissance ∗∗∗ --------------------------------------------- An attacker targeting OT needs to perform reconnaissance on the targeted system and learn how it is connected to the IT network. This often involves old-fashioned or digital espionage, but a lot of such information is actually available out there in the open. ... how open source intelligence (OSINT) can be used to learn crucial details of the inner workings of many a system. An important lesson from Daniels paper and talk is that security by obscurity is dead and ... --------------------------------------------- https://www.virusbulletin.com/blog/2019/11/vb2019-paper-fantastic-informati… ∗∗∗ Introducing Flan Scan: Cloudflare’s Lightweight Network Vulnerability Scanner ∗∗∗ --------------------------------------------- Today, we’re excited to open source Flan Scan, Cloudflare’s in-house lightweight network vulnerability scanner. Flan Scan is a thin wrapper around Nmap that converts this popular open source tool into a vulnerability scanner with the added benefit of easy deployment. --------------------------------------------- https://blog.cloudflare.com/introducing-flan-scan/ ∗∗∗ Ransomware: A free tool can decrypt this malware variant that puts a ransom note on you desktop wallpaper ∗∗∗ --------------------------------------------- Emsisoft, which has build the decryption tool, said that the Hakbit ransomware has hit home users and businesses in the US and Europe, demanding $300 in bitcoin from victims, while warning them how many files they stand to lose. --------------------------------------------- https://www.zdnet.com/article/ransomware-a-free-tool-can-decrypt-this-malwa… ===================== = Vulnerabilities = ===================== ∗∗∗ ClamAV: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in ClamAV ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/11/warn… ∗∗∗ Nodequeue - Critical - Cross Site Scripting - SA-CONTRIB-2019-085 ∗∗∗ --------------------------------------------- Nodequeues JavaScript can be leveraged to insert HTML from attacker-controlled JSON data. This is exploitable if user-submitted "Filtered HTML" content is displayed on a page where nodequeue.js is loaded. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "manipulate queues". --------------------------------------------- https://www.drupal.org/sa-contrib-2019-085 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (dpdk, mingw-djvulibre, mingw-hunspell, mingw-ilmbase, mingw-OpenEXR, php-symfony, php-symfony3, and rsyslog), openSUSE (chromium and squid), SUSE (aspell, cups, djvulibre, and dpdk), and Ubuntu (djvulibre). --------------------------------------------- https://lwn.net/Articles/805367/ ∗∗∗ Asterisk: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Asterisk ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder einen Denial of Service Zustand herbeizuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-1011 ∗∗∗ New bypass disclosed in Microsoft PatchGuard (KPP) ∗∗∗ --------------------------------------------- After GhostHook and InfinityHook, we now have ByePg. No patch out yet. --------------------------------------------- https://www.zdnet.com/article/new-bypass-disclosed-in-microsoft-patchguard-… ∗∗∗ Security Bulletin: Information disclosure vulnerability in IBM Tivoli Netcool Impact (CVE-2019-4570) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: Log Analysis is vulnerable to a client side scripting attack due to missing HTTPOnly and Secure attribute in the cookie ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-log-analysis-is-vulnerabl… ∗∗∗ Security Bulletin: Stored cross site scripting vulnerability in IBM Tivoli Netcool Impact (CVE-2019-4569) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-stored-cross-site-scripti… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily