Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 25.06.2019
by Daily end-of-shift report 25 Jun '19

25 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Montag 24-06-2019 18:00 − Dienstag 25-06-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic ∗∗∗ --------------------------------------------- Oracle WebLogic has recently disclosed and patched remote-code-execution (RCE) vulnerabilities in its software, many of which were due to insecure deserialization. Oracle addressed the most recent vulnerability, CVE-2019-2729, in an out-of-band security patch on June 18, 2019. CVE-2019-2729 was assigned a CVSS score of 9.8, making it a critical vulnerability. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fYmCaoi4AE8/ ∗∗∗ Thunderbird 60.7.2: Mozilla fixt potenziell gefährliche Lückenkombination ∗∗∗ --------------------------------------------- Das Mozilla Entwickler-Team hat vergangene Woche zwei Sicherheitslücken in Thunderbird behoben, die zuvor in Firefox aktiv ausgenutzt worden war. --------------------------------------------- https://heise.de/-4454671 ∗∗∗ Side-Channel Attacks: OpenSSH erhält Schutz vor Spectre, RAMBleed und Co. ∗∗∗ --------------------------------------------- Die temporäre Verschlüsselung im RAM soll mit OpenSSH genutzte Keys künftig vor Seitenkanalangriffen schützen. --------------------------------------------- https://heise.de/-4455055 ∗∗∗ Phishing-Versuch gegen free-Kund/innen der Advanzia Bank S.A. ∗∗∗ --------------------------------------------- Konsument/innen finden eine E-Mail in ihrem Posteingang, in der sie über die Notwendigkeit einer Datenbestätigung informiert werden, um die free-Kreditkarte weiter nutzen zu können. Die Nachricht erweckt den Eindruck, von der Advanzia Bank S.A. zu stammen, doch sie wird von Kriminellen verschickt. Dem Link darf nicht gefolgt werden, denn es handelt sich um einen Phishing-Versuch! --------------------------------------------- https://www.watchlist-internet.at/news/phishing-versuch-gegen-free-kundinne… ∗∗∗ New Mac malware abuses recently disclosed Gatekeeper zero-day ∗∗∗ --------------------------------------------- Researchers find new OSX/Linker malware abusing still-unpatched macOS Gatekeeper bypass. --------------------------------------------- https://www.zdnet.com/article/new-mac-malware-abuses-recently-disclosed-gat… ===================== = Vulnerabilities = ===================== ∗∗∗ TYPO3 9.5.8 and 8.7.27 security releases published ∗∗∗ --------------------------------------------- We are announcing the release of the following TYPO3 updates: TYPO3 9.5.8 LTS TYPO3 8.7.27 LTS All versions are security releases and contain important security fixes --------------------------------------------- https://typo3.org/article/typo3-958-and-8727-security-releases-published/ ∗∗∗ TYPO3-EXT-SA-2019-014: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin) ∗∗∗ --------------------------------------------- CVE: CVE-2019-11768 and CVE-2019-12616 * PMASA-2019-3: SQL injection in Designer feature * PMASA-2019-4: CSRF vulnerability in login form --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2019-014/ ∗∗∗ Kubernetes CVE-2019-11246 Incomplete Fix Arbitrary File Overwrite Vulnerability ∗∗∗ --------------------------------------------- Kubernetes is prone to a vulnerability that may allow attackers to overwrite arbitrary files. Successful exploits may allow an attacker to write arbitrary files in the context of the user running the affected application. Versions prior to kubernetes 1.12.9, 1.13.6, and 1.14.2 are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/108866/discuss ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (python), Debian (bzip2, libvirt, python2.7, python3.4, rdesktop, and thunderbird), Fedora (thunderbird and tomcat), openSUSE (aubio, docker, enigmail, GraphicsMagick, and python-Jinja2), SUSE (kernel, libvirt, postgresql96, and tomcat), and Ubuntu (ceph, firefox, imagemagick, libmysofa, linux, linux-hwe, neutron, and policykit-desktop-privileges). --------------------------------------------- https://lwn.net/Articles/792006/ ∗∗∗ Alpine Linux Docker image vulnerability CVE-2019-5021 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K25551452 ∗∗∗ QEMU: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0541 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.06.2019
by Daily end-of-shift report 24 Jun '19

24 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 21-06-2019 18:00 − Montag 24-06-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft: Were fighting Windows malware spread via Excel in email with bad macro ∗∗∗ --------------------------------------------- Earlier this month Microsoft warned that attackers were firing spam that exploited an Office flaw to install a trojan. The bug meant the attackers didn't require Windows users to enable macros. However, a new malware campaign that doesn't exploit a specific vulnerability in Microsoft software takes the opposite approach, using malicious macro functions in an Excel attachment to compromise fully patched Windows PCs. --------------------------------------------- https://www.zdnet.com/article/microsoft-were-fighting-windows-malware-sprea… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Schwachstelle in bzip2 - je nach Setup für RCE ausnutzbar ∗∗∗ --------------------------------------------- Kritische Schwachstelle in bzip2 - je nach Setup für RCE ausnutzbar 24. Juni 2019 Beschreibung In der Kompressions-Software bzip2 gibt es eine Lücke, durch die sich in manchen Konfigurationen beliebiger Code mit den Rechten des Benutzers ausführen lässt. CVSS3 Score: 9.8 (laut NIST NVD) CVE-Nummer: CVE-2019-12900 Auswirkungen Angreifer müssen es schaffen, entsprechend präparierte komprimierte Dateien zur Dekompression zu bringen. Dies kann zB durch Versand solcher --------------------------------------------- http://www.cert.at/warnings/all/20190624.html ∗∗∗ Tor Browser 8.5.3 Fixes a Sandbox Escape Vulnerability in Firefox ∗∗∗ --------------------------------------------- Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest version. --------------------------------------------- https://www.bleepingcomputer.com/news/software/tor-browser-853-fixes-a-sand… ∗∗∗ Sicherheitslücke: Outlook-App ermöglichte Auslesen von E-Mails ∗∗∗ --------------------------------------------- Eigentlich sollte in E-Mails eingebetteter Javascript-Code nicht ausgeführt werden. Mit der Android-Version von Microsofts Outlook war dies durch einen Trick möglich. Mit einer präparierten E-Mail konnte unter anderem das Mailkonto ausgelesen werden. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-outlook-app-ermoeglichte-ausles… ∗∗∗ Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer ∗∗∗ --------------------------------------------- If you use VLC media player on your computer and havent updated it recently, dont you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. Thats because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities... --------------------------------------------- https://thehackernews.com/2019/06/vlc-media-player-hacking.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jackson-databind, libvirt, pdns, and vim), Fedora (evince, firefox, gjs, libxslt, mozjs60, and poppler), openSUSE (dbus-1, firefox, ImageMagick, netpbm, openssh, and thunderbird), Oracle (libssh2, libvirt, and python), Scientific Linux (python), SUSE (compat-openssl098 , dbus-1 , evince , exempi , firefox , glib2 , gstreamer-0_10-plugins-base , gstreamer-plugins-base , java-1_8_0-ibm , libssh2_org , libvirt , netpbm , samba , SDL2 , sqlite3 , thunderbird, wireshark), Ubuntu (web2py) --------------------------------------------- https://lwn.net/Articles/791921/ ∗∗∗ cURL: Windows OpenSSL engine code injection ∗∗∗ --------------------------------------------- A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. This flaw exists in the official curl-for-windows binaries built and hosted by the curl project (all versions up to and including 7.65.1_1). It does not exist in the curl executable shipped by Microsoft, bundled with Windows 10. It possibly exists in other curl builds for Windows too that uses OpenSSL. --------------------------------------------- https://curl.haxx.se/docs/CVE-2019-5443.html ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Nagios XI ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0534 ∗∗∗ Mattermost security update 5.11.1 / 5.10.2 / 5.9.2 / 4.10.10 (ESR) released ∗∗∗ --------------------------------------------- We are releasing a recommended security update via Mattermost Team Edition 5.11.1, 5.10.2, 5.9.2 and 4.10.10 (ESR) and Mattermost Enterprise Edition 5.11.1, 5.10.2, 5.9.2 and 4.10.10 (ESR). This security update addresses a medium-level vulnerability discovered during a security research review by Zonduu. --------------------------------------------- https://mattermost.com/blog/mattermost-security-update-5-11-1-5-10-2-5-9-2-… ∗∗∗ Secure Hub accepts 10 digit worxpin when "PIN Length Requirement" Client Property is set to more than 10 ∗∗∗ --------------------------------------------- Secure Hub when enrolling would prompt for Worxpin post successful enrollment and you would observe that Worxpin requirement is met as soon as 10 Digit PIN is set while XM console has PIN Length Requirement set to more than 10. --------------------------------------------- https://support.citrix.com/article/CTX256810 ∗∗∗ IBM Security Bulletin: Vulnerability affects IBM Cloud Object Storage SDK Java (June 2019) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-affects… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Access Manager Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL affect QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-cu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.06.2019
by Daily end-of-shift report 21 Jun '19

21 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-06-2019 18:00 − Freitag 21-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Botnet Uses SSH and ADB to Create Android Cryptomining Army ∗∗∗ --------------------------------------------- Researchers discovered a cryptocurrency mining botnet that uses the Android Debug Bridge (ADB) Wi-Fi interface and SSH connections to hosts stored in the known_hosts list to spread to other devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-c… ===================== = Vulnerabilities = ===================== ∗∗∗ PHOENIX CONTACT Automation Worx Software Suite ∗∗∗ --------------------------------------------- This advisory includes mitigations for access of uninitialized pointer, out-of-bounds read, and use after free vulnerabilities reported in Phoenix Contacts Automation Worx Software Suite. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-171-01 ∗∗∗ Cisco schließt zwei kritische und zahlreiche weitere Schwachstellen ∗∗∗ --------------------------------------------- Updates für Ciscos SD-WAN-Lösung und DNA Center beseitigen kritische Sicherheitsprobleme. Aber auch zahlreiche weitere Produkte wurden frisch gepatcht. --------------------------------------------- https://heise.de/-4451734 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, gvfs, intel-microcode, and python-urllib3), Fedora (advancecomp, firefox, freeradius, kubernetes, pam-u2f, and rubygem-jquery-ui-rails), openSUSE (elfutils and sssd), Red Hat (chromium-browser), SUSE (doxygen and samba), and Ubuntu (evince, firefox, Gunicorn, libvirt, and sqlite3). --------------------------------------------- https://lwn.net/Articles/791572/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libvirt and python), Debian (intel-microcode, php-horde-form, and znc), Fedora (firefox), Mageia (firefox, flash-player-plugin, git, graphicsmagick, kernel, kernel-linus, kernel-tmb, phpmyadmin, and thunderbird), Oracle (libssh2, libvirt, and python), Red Hat (libvirt and python), Scientific Linux (libvirt), Slackware (bind and mozilla), SUSE (enigmail), and Ubuntu (bind9, intel-microcode, mosquitto, postgresql-10, postgresql-11, and thunderbird). --------------------------------------------- https://lwn.net/Articles/791669/ ∗∗∗ Synology-SA-19:28 Linux kernel ∗∗∗ --------------------------------------------- CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 allow remote attackers to conduct denial-of-service attacks via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_28 ∗∗∗ Multiple vulnerabilities in VAIO Update ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN13555032/ ∗∗∗ Intel-SA-00213: Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT vulnerabilities ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42117350 ∗∗∗ Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/ ∗∗∗ Security vulnerabilities fixed in Thunderbird 60.7.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/ ∗∗∗ AirPort Base Station Firmware Update 7.8.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT210091 ∗∗∗ CVE-2019-10072 Apache Tomcat HTTP/2 DoS ∗∗∗ --------------------------------------------- https://mail-archives.apache.org/mod_mbox/tomcat-announce/201906.mbox/brows… ∗∗∗ DSA-2019-084: Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Security Update for PC Doctor Vulnerability ∗∗∗ --------------------------------------------- https://www.dell.com/support/article/at/de/atdhs1/sln317291/dsa-2019-084-de… ∗∗∗ [webapps] WebERP 4.15 - SQL injection ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/47013 ∗∗∗ DoS Vulnerability in Huawei S Series Switch Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-… ∗∗∗ IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following jQuery vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-mess… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability in Node.js (CVE-2019-5737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-is-a… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js lodash module vulnerability (CVE-2018-16487) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-mess… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-5390 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.06.2019
by Daily end-of-shift report 19 Jun '19

19 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 18-06-2019 18:00 − Mittwoch 19-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Zombieload: Intel-Microcode für Windows v1809/v1803 verfügbar ∗∗∗ --------------------------------------------- Schutz gegen Microarchitectural Data Sampling wie Zombieload: Wer noch Windows 10 oder Windows Server in einer älteren Version auf einem Intel-Prozessor nutzt, erhält nun direkt über das Betriebssystem passenden Microcode, um das System gegen Seitenkanalangriffe zu härten. --------------------------------------------- https://www.golem.de/news/zombieload-intel-microcode-fuer-windows-v1809-v18… ∗∗∗ Pass the salt! Popular CMSs aren’t securing passwords properly ∗∗∗ --------------------------------------------- A group of researchers has discovered that many of the webs most popular content management systems are using obsolete algorithms to protect their users passwords. --------------------------------------------- https://nakedsecurity.sophos.com/2019/06/19/popular-content-platforms-putti… ∗∗∗ Quick Detect: Exim "Return of the Wizard" Attack, (Wed, Jun 19th) ∗∗∗ --------------------------------------------- Thanks to our reader Alex for sharing some of his mail logs with the latest attempts to exploit CVE-2019-10149 (aka "Return of the Wizard"). The vulnerability affects Exim and was patched about two weeks ago. There are likely still plenty of vulnerable servers, but it looks like attackers are branching out and are hitting servers not running Exim as well. --------------------------------------------- https://isc.sans.edu/diary/rss/25052 ∗∗∗ Evading Sysmon DNS Monitoring ∗∗∗ --------------------------------------------- In a recent update to Sysmon, a new feature was introduced allowing the ability to log DNS events. While this gives an excellent datapoint for defenders (shout out to the SysInternals team for continuing to provide and support these awesome tools for free), for us as attackers, this means that should our implant or payloads attempt to communicate via DNS, BlueTeam have a potential way to pick up on indicators which could lead to detection. --------------------------------------------- https://blog.xpnsec.com/ ∗∗∗ BSI veröffentlicht Empfehlungen zur sicheren Konfiguration von Microsoft-Office-Produkten ∗∗∗ --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat für den Einsatz auf dem Betriebssystem Microsoft Windows sieben Cyber-Sicherheitsempfehlungen für eine sichere Konfiguration von Microsoft Office 2013/2016/2019 erstellt. Diese behandeln zum einen übergreifende Richtlinien für Microsoft Office, zum anderen Richtlinien für sechs häufig genutzte Microsoft Office-Anwendungen (Access, Excel, Outlook, PowerPoint, Visio und Word). --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Empfehlunge… ∗∗∗ Achtung vor gefälschten News zu BitUp und Bitcoin Code ∗∗∗ --------------------------------------------- Internetnutzer/innen stoßen vermehrt auf erfundene Nachrichtenartikel, die die Angebote von Bitcoin Code oder BitUp bewerben. Berichtet wird vom „größten Deal der Geschichte“ bei den Fernsehsendungen „Die Höhle der Löwen“ oder „2 Minuten 2 Millionen“. Die Angebote auf bitcoincodesoftapps.com und bitupapp.com sind unseriös und Anleger/innen verlieren ihr Geld! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-gefaelschten-news-zu-bit… ===================== = Vulnerabilities = ===================== ∗∗∗ Zero Day: Mozilla schließt ausgenutzte Sicherheitslücke in Firefox ∗∗∗ --------------------------------------------- Firefox-Hersteller Mozilla hat eine kritische Sicherheitslücke in seinem Browser geschlossen, die wohl aktiv ausgenutzt wird. Updates stehen bereit und werden von Mozilla bereits verteilt. --------------------------------------------- https://www.golem.de/news/zero-day-mozilla-schliesst-ausgenutzte-sicherheit… ∗∗∗ Oracle Releases Security Advisory for WebLogic ∗∗∗ --------------------------------------------- Original release date: June 19, 2019 Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/06/19/Oracle-Releases-Se… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dbus, firefox, kernel, linux-lts, linux-zen, and python), CentOS (bind and kernel), Debian (firefox-esr, glib2.0, and vim), Fedora (dbus, kernel, kernel-headers, mingw-libxslt, poppler, and python-gnupg), openSUSE (gnome-shell, kernel, libcroco, php7, postgresql10, python, sssd, and thunderbird), Oracle (kernel and libvirt), Red Hat (go-toolset:rhel8, gvfs, java-11-openjdk, pki-deps:10.6, systemd, and WALinuxAgent), SUSE (docker, kernel, libvirt, [...] --------------------------------------------- https://lwn.net/Articles/791462/ ∗∗∗ PHOENIX CONTACT Multiple Vulnerabilities in Automation Worx Software Suite ∗∗∗ --------------------------------------------- Security Advisory for Automation Worx Software Suite version 1.86 and earlier --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-014 ∗∗∗ Vuln: Symantec DLP CVE-2019-9701 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108733 ∗∗∗ Samba: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0521 ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by sensitive information leakage in LoopBack (CVE-2019-4382) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4377) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Command Center (CVE-2019-2602) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM API Connect ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by sensitive information leak (CVE-2018-2013) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by software stack information leak (CVE-2018-2011) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: API Connect V5 is vulnerable to CSRF attacks (CVE-2018-1858) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-vul… ∗∗∗ FreeBSD SACK Slowness vulnerability CVE-2019-5599 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K75521003 ∗∗∗ Linux SACK Slowness vulnerability CVE-2019-11478 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26618426 ∗∗∗ Linux SACK Panic vulnerability CVE-2019-11477 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K78234183 ∗∗∗ Excess resource consumption due to low MSS values vulnerability CVE-2019-11479 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35421172 ∗∗∗ Intel CSME and SPS vulnerability CVE-2019-0093 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13710800 ∗∗∗ Intel Server Platform Services vulnerability CVE-2019-0089 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K47234311 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.06.2019
by Daily end-of-shift report 18 Jun '19

18 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Montag 17-06-2019 18:00 − Dienstag 18-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Security Alert: Booking.Com Fake Emails Infect Computers with Sodinokibi Ransomware ∗∗∗ --------------------------------------------- A new spam campaign pretending to be from Booking.com is now targeting users. The emails carry a document containing macro code. If someone clicks on the document, opens it, and allows the execution of the macro code, a loader will be spawned. This will download and run ransomware of the Sodinokibi class. --------------------------------------------- https://heimdalsecurity.com/blog/booking-com-fake-emails-sodinokibi-ransomw… ∗∗∗ Plurox: Modular backdoor ∗∗∗ --------------------------------------------- The analysis showed the Backdoor.Win32.Plurox to have a few quite unpleasant features. What’s more, the backdoor is modular, which means that its functionality can be expanded with the aid of plugins. --------------------------------------------- https://securelist.com/plurox-modular-backdoor/91213/ ∗∗∗ Malware sidesteps Google permissions policy with new 2FA bypass technique ∗∗∗ --------------------------------------------- When Google restricted the use of SMS and Call Log permissions in Android apps in March 2019, one of the positive effects was that credential-stealing apps lost the option to abuse these permissions for bypassing SMS-based two-factor authentication (2FA) mechanisms. We have now discovered malicious apps capable of accessing one-time passwords (OTPs) in SMS 2FA messages without using SMS permissions, circumventing Google’s recent restrictions. As a bonus, this technique also works to obtain OTPs from some email-based 2FA systems. --------------------------------------------- https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-by… ∗∗∗ Sharing the Secrets: Pwning an industrial IoT router ∗∗∗ --------------------------------------------- I get involved in a lot of IoT and ICS pen tests and found an interesting device on one of them. I didn’t have enough time on the job to go as deep as I wanted, so got PTP to buy a couple to play with. eBay FTW! It’s an Ewon Flexy IoT Router. --------------------------------------------- https://www.pentestpartners.com/security-blog/sharing-the-secrets-pwning-an… ∗∗∗ Bestellen Sie nicht bei lastore.net ∗∗∗ --------------------------------------------- Auch wenn die Preise bei lastore.net sehr verlockend sind, raten wir von einer Bestellung ab. Denn lastore.net ist ein Fake-Shop, der trotz Bezahlung keine Ware liefert! --------------------------------------------- https://www.watchlist-internet.at/news/bestellen-sie-nicht-bei-lastorenet/ ===================== = Vulnerabilities = ===================== ∗∗∗ TCP SACK PANIC: Linux- und FreeBSD-Kernel lassen sich aus der Ferne angreifen ∗∗∗ --------------------------------------------- Netflix hat einige Sicherheitsprobleme im Netzwerk-Stack von Linux- und FreeBSD-Kerneln entdeckt, die sich für Denial-of-Service-Attacken eignen. --------------------------------------------- https://heise.de/-4449183 ∗∗∗ Vulnerability Spotlight: Two bugs in KCodes NetUSB affect some NETGEAR routers ∗∗∗ --------------------------------------------- KCodes’ NetUSB kernel module contains two vulnerabilities that could allow an attacker to inappropriately access information on some NETGEAR wireless routers. Specific models of these routers utilize the kernel module from KCodes, a Taiwanese company. The module is custom-made for each device, but they all contain similar functions. --------------------------------------------- https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-two-bugs… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (linux-hardened), Debian (kdepim, kernel, linux-4.9, and phpmyadmin), Fedora (ansible and glib2), openSUSE (kernel and vim), Oracle (bind and kernel), Red Hat (kernel and kernel-rt), Scientific Linux (bind and kernel), SUSE (dbus-1, ImageMagick, kernel, netpbm, openssh, and sqlite3), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon and linux, --------------------------------------------- https://lwn.net/Articles/791370/ ∗∗∗ Critical Flaw Exposes TP-Link Wi-Fi Extenders to Remote Attacks ∗∗∗ --------------------------------------------- A critical remote code execution vulnerability discovered by an IBM X-Force researcher allows an unauthenticated attacker to take complete control of some TP-Link Wi-Fi extenders. Firmware updates that should patch the flaw have been made available by the vendor. --------------------------------------------- https://www.securityweek.com/critical-flaw-exposes-tp-link-wi-fi-extenders-… ∗∗∗ MISP: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- MISP ist eine Open-Source-Plattform für den Informationsaustausch über Bedrohungen. Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in MISP ausnutzen, um beliebigen Programmcode auszuführen. CVE Liste: CVE-2019-12868 --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0515 ∗∗∗ Improper Access Control Vulnerability in AppDNA ∗∗∗ --------------------------------------------- A vulnerability has been identified in AppDNA that could result in access controls not being enforced when accessing the web console potentially allowing privilege escalation and remote code execution. --------------------------------------------- https://support.citrix.com/article/CTX253828 ∗∗∗ IBM Security Bulletin: Password exposure via job log in IBM Spectrum Protect Plus (CVE-2019-4385) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-exposure-via… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to CSV Injection (CVE-2019-4364) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-4303) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Tivoli System Automation for Multiplatforms April 2019 CPU (CVE-2019-2684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5743 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: An Arbitrary Download Vulnerability Affects IBM Campaign (CVE-2019-4384) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-arbitrary-download… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability Affects IBM Marketing Platform (CVE-2017-1107) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.06.2019
by Daily end-of-shift report 17 Jun '19

17 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-06-2019 18:00 − Montag 17-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ U.S. Govt Achieves BlueKeep Remote Code Execution, Issues Alert ∗∗∗ --------------------------------------------- The Cybersecurity and Infrastructure Security Agency (CISA) published an alert for Windows users to patch the critical severity Remote Desktop Services (RDS) RCE security flaw dubbed BlueKeep. --------------------------------------------- https://www.bleepingcomputer.com/news/security/us-govt-achieves-bluekeep-re… ∗∗∗ Ermittler entschlüsselten neue Version der GandCrab-Ransomware ∗∗∗ --------------------------------------------- Wer Opfer der Ransomware wurde, kann die Schadsoftware mit dem neuen Tool kostenfrei entfernen. --------------------------------------------- https://futurezone.at/netzpolitik/ermittler-entschluesselten-neue-version-d… ∗∗∗ An infection from Rig exploit kit, (Mon, Jun 17th) ∗∗∗ --------------------------------------------- [...] Today's diary reviews a recent example of infection traffic caused by Rig EK. --------------------------------------------- https://isc.sans.edu/diary/rss/25040 ∗∗∗ Überteuertes Visum für Kanada auf kanadaeta.com und kanada-eta.de ∗∗∗ --------------------------------------------- Zahlreiche verärgerte Konsument/innen berichten uns von überteuerten ETA-Anträgen (Electronic Travel Authorization) – also Reisegenehmigungen – auf kanadaeta.com und kanada-eta.de. Statt etwa 5 Euro auf der offiziellen Website der kanadischen Regierung werden hier zwischen 50 und 80 Euro für ein Visum verrechnet. Die Watchlist Internet empfiehlt: Die offizielle Regierungswebsite nutzen! --------------------------------------------- https://www.watchlist-internet.at/news/ueberteuertes-visum-fuer-kanada-auf-… ∗∗∗ Security researcher finds critical XSS bug in Googles Invoice Submission Portal ∗∗∗ --------------------------------------------- Security bug would have allowed hackers access to one of Googles backend apps. --------------------------------------------- https://www.zdnet.com/article/security-researcher-finds-critical-xss-bug-in… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and thunderbird), Debian (php-horde-form, pyxdg, thunderbird, and znc), Fedora (containernetworking-plugins, mediawiki, and podman), openSUSE (chromium), Red Hat (bind, chromium-browser, and flash-plugin), SUSE (docker, glibc, gstreamer-0_10-plugins-base, gstreamer-plugins-base, postgresql10, sqlite3, and thunderbird), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/791277/ ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-pla… ∗∗∗ IBM Security Bulletin: Vulnerability in strongswan affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-stro… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL and strongswan affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-fabric-os-firmware-fo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.06.2019
by Daily end-of-shift report 14 Jun '19

14 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-06-2019 18:00 − Freitag 14-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs ∗∗∗ --------------------------------------------- Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations’ computing resources to use for malicious purposes and it remains a top security concern. In this blog post, we will detail an attack type where an API [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/T-m0jjHJA_o/ ∗∗∗ Security and Privacy, Two Sides of the Same Coin ∗∗∗ --------------------------------------------- ENISA Annual Privacy Forum 2019 --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/security-and-privacy-two-sides-… ∗∗∗ Phishing-Mails gaukeln Ende von WhatsApp-Abonnement vor ∗∗∗ --------------------------------------------- Eine aktuelle Phishing-Welle versucht, WhatsApp-Nutzer über ein angeblich auslaufendes Abonnement zur Preisgabe von Zahlungsdaten zu bewegen. --------------------------------------------- https://heise.de/-4447165 ∗∗∗ Linux servers under attack via latest Exim flaw ∗∗∗ --------------------------------------------- It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149). Active campaigns One security enthusiast detected exploitation attempts five days ago: [...] --------------------------------------------- https://www.helpnetsecurity.com/2019/06/14/exploiting-cve-2019-10149/ ∗∗∗ Adware and PUPs families add push notifications as an attack vector ∗∗∗ --------------------------------------------- Push notifications are being added to the arsenal of PUPs, adware, and even a Trojan browser extension that spams Facebook groups. --------------------------------------------- https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-p… ∗∗∗ Yubico Replacing YubiKey FIPS Devices Due to Security Issue ∗∗∗ --------------------------------------------- Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA signatures generated on these devices to have reduced strength. --------------------------------------------- https://www.securityweek.com/yubico-replacing-yubikey-fips-devices-due-secu… ∗∗∗ French Authorities Release Free Decryptor for PyLocky Ransomware ∗∗∗ --------------------------------------------- The French Ministry of Interior has released a free decryption tool for the PyLocky ransomware to help victims recover their data. --------------------------------------------- https://www.securityweek.com/french-authorities-release-free-decryptor-pylo… ∗∗∗ MISP 2.4.109 released (aka cool-attributes-to-object) ∗∗∗ --------------------------------------------- MISP 2.4.109 releasedA new version of MISP (2.4.109) has been released with a host of new features, improvements, bug fixes and a minor security fix. We strongly advise all users to update their MISP installations to this latest version. --------------------------------------------- https://www.misp-project.org/2019/06/14/MISP.2.4.109.released.html ===================== = Vulnerabilities = ===================== ∗∗∗ BD Alaris Gateway Workstation ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper access control and unrestricted upload of file with dangerous type vulnerabilities reported in BD’s Alaris Gateway Workstation. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01 ∗∗∗ Johnson Controls exacqVision Enterprise System Manager ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper authorization vulnerability reported in Johnson Controls exacqVision Enterprise System Manager. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-164-01 ∗∗∗ Xen Security Advisory XSA-295 - Unlimited Arm Atomics Operations ∗∗∗ --------------------------------------------- An attacker in a domU could perform a denial of service attack on Xen by accessing a memory region shared with the hypervisor, while Xen is performing an atomic operation on the same region. As a result Xen could end up looping boundlessly. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-295.txt ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (gvim, lib32-openssl, openssl, and vim), Debian (dbus), Fedora (dovecot, evince, js-jquery-jstree, libxslt, php-phpmyadmin-sql-parser, and phpMyAdmin), openSUSE (neovim and rubygem-rack), Oracle (docker-engine and python), Scientific Linux (python), Slackware (mozilla), and SUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, elfutils, libvirt, and python-requests). --------------------------------------------- https://lwn.net/Articles/791165/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact Remote Code Execution (CVE-2019-4103) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-netcool-im… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is affected by a XXE (XML External Entity) Injection vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Notes 9 and Domino 9 are affected by Open Source James Clark Expat Vulnerabilities (CVE-2013-0340, CVE-2013-0341) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-notes-9-and-domin… ∗∗∗ IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cognos-controller… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.06.2019
by Daily end-of-shift report 13 Jun '19

13 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-06-2019 18:00 − Donnerstag 13-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ What is "THAT" Address Doing on my Network, (Thu, Jun 13th) ∗∗∗ --------------------------------------------- Disclosure: ISC does not endorse any one particular vendor. That said, you may recognize what type of firewall I use :) --------------------------------------------- https://isc.sans.edu/diary/rss/25028 ∗∗∗ LDAP Swiss Army Knife ∗∗∗ --------------------------------------------- This paper presents the "LDAP Swiss Army Knife", an easy to use LDAP server implementation built for penetration oder software testing. Apart from general usage as a server or proxy it also shows some specific attacks against Java/JNDI based LDAP clients. --------------------------------------------- https://packetstormsecurity.com/files/153270/LDAP-Swiss-Army-Knife.html ∗∗∗ SandboxEscaper enthüllt fünften Win-Exploit, Microsoft patcht die übrigen ∗∗∗ --------------------------------------------- Pünktlich zum Patchday hat Microsoft auch die 0-Day-Lücken des Hackers "SandboxEscaper" geschlossen. Alle bis auf eine. --------------------------------------------- https://heise.de/-4445318 ∗∗∗ Vermeintliche E-Mail von A1 ignorieren ∗∗∗ --------------------------------------------- Eine E-Mail von A1, in der es heißt, dass Ihnen irrtümlicherweise 86,43 Euro in Rechnung gestellt wurde, können Sie ignorieren. Es handelt sich um einen Versuch, an Ihre Zugangs- und Bankdaten zu gelangen. --------------------------------------------- https://www.watchlist-internet.at/news/vermeintliche-e-mail-von-a1-ignorier… ∗∗∗ SEC security alert warns about misconfigured NAS, DBs, and cloud storage servers ∗∗∗ --------------------------------------------- SEC OCIE inspections finds that companies have failed to properly secure network-accessible storage systems. --------------------------------------------- https://www.zdnet.com/article/sec-security-alert-warns-about-misconfigured-… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ About the security content of iCloud for Windows 10.4 ∗∗∗ --------------------------------------------- This document describes the security content of iCloud for Windows 10.4. --------------------------------------------- https://support.apple.com/en-us/HT210212 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (firefox, kernel, kernel-headers, libreswan, python-urllib3, and vim), Red Hat (python), SUSE (sssd), and Ubuntu (dbus). --------------------------------------------- https://lwn.net/Articles/791052/ ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2019-4403) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-secur… ∗∗∗ IBM Security Bulletin: IBM i Clustering is affected by CVE-2019-4381 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-clustering-is-a… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud April 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in Python affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-py… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.06.2019
by Daily end-of-shift report 12 Jun '19

12 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-06-2019 18:00 − Mittwoch 12-06-2019 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft Releases June 2019 Office Updates With Security Fixes ∗∗∗ --------------------------------------------- Microsoft released the June 2019 Office Updates today, which consist of 13 security updates and 13 non-security updates. Given that some of the Microsoft Office security updates issued today also resolve critical vulnerabilities, it is strongly advised to install them as soon as possible. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-releases-june-2019… ∗∗∗ Bad Cert Vulnerability Can Bring Down Any Windows Server ∗∗∗ --------------------------------------------- A Google security expert today revealed that an unpatched issue in the main cryptographic library in Microsofts operating system can cause a denial-of-service (DoS) condition on Windows 8 servers and above. --------------------------------------------- https://www.bleepingcomputer.com/news/security/bad-cert-vulnerability-can-b… ∗∗∗ Ransomware identification for the judicious analyst ∗∗∗ --------------------------------------------- When facing a ransomware infection, it helps to be familiar with some tools as well as key points to identify ransomware correctly. --------------------------------------------- https://www.gdatasoftware.com/blog/2019/06/31666-ransomware-identification-… ∗∗∗ RAMBleed: Rowhammer kann auch Daten auslesen ∗∗∗ --------------------------------------------- Mit Angriffen durch RAM-Bitflips lassen sich unberechtigt Speicherinhalte auslesen. Als Demonstration zeigen Forscher, wie sie mit Nutzerrechten einen RSA-Key eines SSH-Daemons auslesen können. --------------------------------------------- https://www.golem.de/news/rambleed-rowhammer-kann-auch-daten-auslesen-1906-… ∗∗∗ DICOM Standard in Medical Devices ∗∗∗ --------------------------------------------- NCCIC is aware of a public report of a vulnerability in the DICOM (Digital Imaging and Communications in Medicine) standard with proof-of-concept (PoC) exploit code. The DICOM standard is the international standard to transmit, store, retrieve, print, process, and display medical imaging information. According to this report, the vulnerability is exploitable by embedding executable code into the 128 byte preamble. This report was released without coordination with NCCIC or any known vendor. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-19-162-01 ∗∗∗ AVML - Acquire Volatile Memory for Linux ∗∗∗ --------------------------------------------- AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary. AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori. No on-target compilation or fingerprinting is needed. --------------------------------------------- https://github.com/microsoft/avml ∗∗∗ Windows-Schwachstelle „Bluekeep“: Erneute Warnung vor wurmartigen Angriffen ∗∗∗ --------------------------------------------- Wurmartige Cyber-Angriffe mit den Schadprogrammen WannaCry und NotPetya haben im Jahr 2017 weltweit Millionenschäden verursacht und einzelne Unternehmen in Existenznöte gebracht. Ein vergleichbares Szenario ermöglicht die kritische Schwachstelle Bluekeep, die im Remote-Desktop-Protocol-Dienst (RDP) von Microsoft-Windows enthalten ist. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hatte bereits im Mai ebenso wie Microsoft vor dieser Schwachstelle gewarnt und --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Windows-Sch… ∗∗∗ Achtung vor angeblichen Microsoft-Anrufen ∗∗∗ --------------------------------------------- Eine neue Welle angeblicher Microsoft Anrufe rollt momentan über Österreich hinweg. Die Anrufer/innen behaupten, Probleme auf den Geräten der Betroffenen gefunden zu haben. Vorsicht: Es handelt sich um Betrüger/innen, die versuchen, Zugriff auf das System ihrer Opfer zu erhalten und Daten zu stehlen. Konsument/innen sollten derartige Anrufe umgehend beenden. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-angeblichen-microsoft-an… ===================== = Vulnerabilities = ===================== ∗∗∗ Intel Releases Security Updates, Mitigations for Multiple Products ∗∗∗ --------------------------------------------- Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Sec… ∗∗∗ Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series ∗∗∗ --------------------------------------------- The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities resulting from old software components embedded in the firmware. --------------------------------------------- https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-wago… ∗∗∗ Patchday: Gefährliche Lücke in Aufgabenplanung von Windows 10 gepatcht ∗∗∗ --------------------------------------------- Microsoft hat jede Menge Sicherheitsupdates für Windows, Office und weitere Software veröffentlicht. Viele Lücke gelten als kritisch. --------------------------------------------- https://heise.de/-4444614 ∗∗∗ Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine ∗∗∗ --------------------------------------------- The Preempt research team found two critical Microsoft vulnerabilities that consist of three logical flaws in NTLM, the company’s proprietary authentication protocol. These vulnerabilities allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS. The research shows that all Windows versions are vulnerable. --------------------------------------------- https://www.helpnetsecurity.com/2019/06/11/microsoft-ntlm-vulnerabilities/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libgd2, mediawiki, otrs2, vlc, and zookeeper), Fedora (containernetworking-plugins, kernel, kernel-headers, nodejs-tough-cookie, podman, python-django, and python-urllib3), openSUSE (virtualbox), SUSE (gnome-shell, libcroco, and php7), and Ubuntu (dbus, Neovim, and vim). --------------------------------------------- https://lwn.net/Articles/790976/ ∗∗∗ Flaw in Evernote Extension Allows Hackers to Steal Data ∗∗∗ --------------------------------------------- A vulnerability identified by researchers in a popular Evernote extension for Chrome can be exploited by hackers to steal sensitive information from the websites accessed by a user. read more --------------------------------------------- https://www.securityweek.com/flaw-evernote-extension-allows-hackers-steal-d… ∗∗∗ MISP: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- MISP ist eine Open-Source-Plattform für den Informationsaustausch über Bedrohungen. Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in MISP ausnutzen, um seine Privilegien zu erhöhen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0491 ∗∗∗ Security Advisory - DLL Hijacking Vulnerability on Huawei HiSuite ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190612-… ∗∗∗ IBM Security Bulletin: A security vulnerability has been idenfied in IBM SDK which affects IBM Db2 Query Management Facility for z/OS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.06.2019
by Daily end-of-shift report 11 Jun '19

11 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-06-2019 18:00 − Dienstag 11-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Paketmanagement: Java-Dependencies über unsichere HTTP-Downloads ∗∗∗ --------------------------------------------- In zahlreichen Java-Projekten werden Abhängigkeiten ungeprüft über HTTP ohne TLS heruntergeladen. Ein Netzwerkangreifer kann dadurch trivial die Downloads manipulieren und Schadcode ausführen. --------------------------------------------- https://www.golem.de/news/paketmanagement-java-dependencies-ueber-unsichere… ∗∗∗ Tip: Sysmon Will Log DNS Queries ∗∗∗ --------------------------------------------- [...] Mark announced a new version of Sysmon that will log DNS queries (and replies): [...] --------------------------------------------- https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/ ∗∗∗ Microsoft Office: Gefährliches RTF-Dokument bringt Backdoor-Trojaner mit ∗∗∗ --------------------------------------------- Derzeit nutzen Angreifer vermehrt eine zwei Jahre alte Office-Lücke aus, für die es bereits einen Patch gibt. Dabei stehen vor allem Ziele in Europa im Fokus. --------------------------------------------- https://heise.de/-4444187 ∗∗∗ China Telecom Routes European Traffic to Its Network for Two Hours ∗∗∗ --------------------------------------------- For two hours last week, a BGP route leak resulted in large portions of European Internet traffic being routed through China Telecom’s network. read more --------------------------------------------- https://www.securityweek.com/china-telecom-routes-european-traffic-its-netw… ∗∗∗ Bitcoin-Erpressungs-Mail mit erfundenen Webcam-Aufnahmen ∗∗∗ --------------------------------------------- Kriminelle versenden massenhaft E-Mails an Internet-Nutzer/innen, in denen sie behaupten, dass die Systeme der Empfänger/innen gehackt wurden. Sie geben an, dadurch Videos über die Webcam aufgenommen zu haben, die die Empfänger/innen beim Masturbieren zeigen sollen. Um eine Verbreitung der Aufnahmen zu verhindern, werden 2000 Euro in Bitcoins gefordert. Es besteht kein Grund zur Sorge, denn es handelt sich um einen Erpressungsversuch und die Videos existieren nicht. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressungs-mail-mit-erfunde… ∗∗∗ Major HSM vulnerabilities impact banks, cloud providers, governments ∗∗∗ --------------------------------------------- Researchers disclose major vulnerabilities in HSMs (Hardware Security Modules). --------------------------------------------- https://www.zdnet.com/article/major-hsm-vulnerabilities-impact-banks-cloud-… ∗∗∗ Das CERT, das Wolf rief ∗∗∗ --------------------------------------------- Die Fabel ist bekannt: dem Hirtenjungen war fad, er schlug Alarm ("Wolf!"), um die Eintönigkeit zu vertreiben, und als dann der Wolf wirklich da war, hörte keiner mehr auf seinen Hilferuf. Wir haben regelmäßig ein ähnliches Thema: Wir sollen möglichst früh vor kommenden Problemen warnen, aber wenn der vorhergesagte Notfall doch nicht eintritt, dann senkt das unsere Glaubwürdigkeit. --------------------------------------------- http://www.cert.at/services/blog/20190611093533-2484.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe ColdFusion (APSB19-27), Adobe Flash Player (APSB19-30) and Adobe Campaign (APSB19-28). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1760 ∗∗∗ SAP Security Patch Day – June 2019 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580 ∗∗∗ --------------------------------------------- There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, including denial of service and the disclosure of sensitive information. --------------------------------------------- https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-multiple… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and pam-u2f), Debian (cyrus-imapd), Fedora (curl, cyrus-imapd, kernel, kernel-headers, php, and vim), openSUSE (axis, bind, bubblewrap, evolution, firefox, gnome-shell, libpng16, and rmt-server), Oracle (edk2 and kernel), and SUSE (bind, cloud7, and libvirt). --------------------------------------------- https://lwn.net/Articles/790818/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind and thunderbird), Mageia (firefox, ghostscript, graphicsmagick, imagemagick, postgresql, and thunderbird), Oracle (kernel), Red Hat (Advanced Virtualization and rh-haproxy18-haproxy), SUSE (bind, gstreamer-0_10-plugins-base, thunderbird, and vim), and Ubuntu (elfutils, glib2.0, and libsndfile). --------------------------------------------- https://lwn.net/Articles/790875/ ∗∗∗ Synology-SA-19:26 Photo Station ∗∗∗ --------------------------------------------- These vulnerabilities allow remote attackers to obtain sensitive information or modify system settings via a susceptible version of Photo Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_26 ∗∗∗ IBM Security Bulletin: IBM MQ Advanced Cloud Pak may print out plain text credentials in logs. (CVE-2019-4239) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud… ∗∗∗ [20190603] - Core - ACL hardening of com_joomlaupdate ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_M8Ux7hoaTM/785-20190603-c… ∗∗∗ [20190602] - Core - XSS in subform field ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/pYcjfxwUS9o/784-20190602-c… ∗∗∗ [20190601] - Core - CSV injection in com_actionlogs ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/XjAgqEhAS7g/783-20190601-c… ∗∗∗ # SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt ∗∗∗ # SSA-557804: Mirror Port Isolation Vulnerability in SCALANCE X switches ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-557804.txt ∗∗∗ # SSA-480230: Denial-of-Service in Webserver of Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-480230.txt ∗∗∗ # SSA-307392: Denial-of-Service in OPC UA in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt ∗∗∗ # SSA-254686: Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt ∗∗∗ # SSA-181018: Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-181018.txt ∗∗∗ # SSA-816980: Multiple Web Vulnerabilities in SIMATIC Ident MV420 and MV440 families ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-816980.txt ∗∗∗ # SSA-774850: Vulnerabilities in SIEMENS LOGO!8 devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-774850.txt ∗∗∗ # SSA-646841: Recoverable Password from Configuration Storage in SCALANCE X Switches ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-646841.txt ∗∗∗ # SSA-212009: Vulnerabilities in Siveillance VMS ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-212009.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily