Daily

daily@lists.cert.at

1 participants
3088 discussions

Tageszusammenfassung - 18.02.2019
by Daily end-of-shift report 18 Feb '19

18 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-02-2019 18:00 − Montag 18-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Finding Property Values in Office Documents, (Sat, Feb 16th) ∗∗∗ --------------------------------------------- In diary entry "Maldoc Analysis of the Weekend", I use the strings method explained in diary entry "Quickie: String Analysis is Still Useful" to quickly locate the PowerShell command hidden in a malicious Word document. --------------------------------------------- https://isc.sans.edu/diary/rss/24652 ∗∗∗ Distributing Malware - one "Word" at a Time ∗∗∗ --------------------------------------------- Using Microsoft Word to distribute malware is a common tactic used by criminals. Given the popularity of Word, criminals can often "live off the land" and use mechanisms that are already in place to do their dirty work. --------------------------------------------- https://www.gdatasoftware.com/blog/2019/02/31429-distributing-malware-word ∗∗∗ A Deep Dive on the Recent Widespread DNS Hijacking Attacks ∗∗∗ --------------------------------------------- The U.S. government - along with a number of leading security companies - recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the [...] --------------------------------------------- https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dn… ∗∗∗ IT-Grundschutz-Kompendium Edition 2019 erschienen ∗∗∗ --------------------------------------------- Ab sofort steht das IT-Grundschutz-Kompendium in der neuen Edition 2019 zur Verfügung. In dieser Edition sind insgesamt 94 IT-Grundschutz-Bausteine enthalten, 14 Bausteine sind zu neuen Themen aufgenommen worden. Das IT-Grundschutz-Kompendium ist auf die Sicherheitsanforderungen in Unternehmen und Behörden zugeschnitten. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/IT-Grundschutz-Ko… ∗∗∗ Exploit Code Published for Recent Container Escape Vulnerability ∗∗∗ --------------------------------------------- Proof-of-concept (PoC) code is now publicly available for a recently disclosed container escape vulnerability impacting popular cloud platforms, including AWS, Google Cloud, and numerous Linux distributions. read more --------------------------------------------- https://www.securityweek.com/exploit-code-published-recent-container-escape… ∗∗∗ Sinking a ship and hiding the evidence ∗∗∗ --------------------------------------------- Our earlier work on Voyage Data Recorder manipulation got us thinking about how a malicious individual or organisation might bring about the demise of a ship and hide the evidence. There are plenty of ways to get malware on to a ship. Whether it’s via satcoms, phishing, USB, crew Wi-Fi, dodgy DVDs etc. Now the [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/sinking-a-ship-and-hiding-the… ∗∗∗ Different 'smart' lock, similar security issues ∗∗∗ --------------------------------------------- I was looking through Amazon and found this padlock at the cheaper end of the scale. For twenty of my well-earnt English pounds I could become the owner of a new and shiny SLOK lock. Image credit: Amazon It can be unlocked by BLE and can be shared to others, what could I do but [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/different-smart-lock-similar-… ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2019-0001 ∗∗∗ --------------------------------------------- VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0001.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (cairo, firefox, flatpak, hiawatha, and webkit2gtk), Debian (gsoap, mosquitto, php5, thunderbird, and tiff), Fedora (elfutils, ghostscript, gsi-openssh, kernel, kernel-headers, kernel-tools, kf5-kauth, mingw-podofo, mingw-poppler, mosquitto, podofo, and python-markdown2), Mageia (firefox, flash-player-plugin, lxc, and thunderbird), openSUSE (avahi, docker, libu2f-host, LibVNCServer, nginx, phpMyAdmin, and pspp, spread-sheet-widget), Red Hat [...] --------------------------------------------- https://lwn.net/Articles/780076/ ∗∗∗ Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019 ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Information Leakage Vulnerability on Some Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190218-… ∗∗∗ D-LINK Router DIR-823G: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0147 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.02.2019
by Daily end-of-shift report 15 Feb '19

15 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-02-2019 18:00 − Freitag 15-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cryptojacking Coinhive Miners Land on the Microsoft Store For the First Time ∗∗∗ --------------------------------------------- A batch of eight potentially unwanted applications (PUAs) were found on the Microsoft Store dropping malicious Monero (XMR) Coinhive cryptomining scripts, delivered with the help of Googles legitimate Google Tag Manager (GTM) library. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cryptojacking-coinhive-miner… ∗∗∗ Demystifying the crypter used in Emotet, Qbot, and Dridex ∗∗∗ --------------------------------------------- A crypter is software that can encrypt, obfuscate, and manipulate malware to make it harder to detect by security programs. The Zscaler ThreatLabZ research team recently spotted a common crypter being used in the recent Emotet, Qbot, and Dridex campaigns. This same crypter was observed in some of the Ursnif and BitPaymer campaigns as well. --------------------------------------------- https://www.zscaler.com/blogs/research/demystifying-crypter-used-emotet-qbo… ∗∗∗ Many ICS Vulnerability Advisories Contain Errors: Report ∗∗∗ --------------------------------------------- Roughly one-third of the ICS-specific vulnerability advisories published in 2018 contained basic factual errors, including when describing and rating the severity of a flaw, according to the 2018 Year in Review report published on Thursday by industrial cybersecurity firm Dragos. --------------------------------------------- https://www.securityweek.com/many-ics-vulnerability-advisories-contain-erro… ∗∗∗ Facebook Login Phishing Campaign ∗∗∗ --------------------------------------------- A falsely reported bug in the Myki Auto-Fill functionality led us to discover a phishing campaign that even the most vigilant users could fall for. --------------------------------------------- https://myki.com/blog/facebook-login-phishing-campaign/ ∗∗∗ Sicherheitsupdate schließt Angriffspunkte in Thunderbird ∗∗∗ --------------------------------------------- Schwachstellen in der Grafik-Bibliothek Skia gefährden Thunderbird. Die aktuelle Version ist abgesichert. --------------------------------------------- http://heise.de/-4310283 ∗∗∗ Dirty Sock: Canonical schließt Sicherheitslücke in Paketverwaltung Snap ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in Canonicals Paketverwaltung Snap ermöglichte normalen Benutzern Root-Rechte. Eine abgesicherte Version ist mittlerweile verfügbar. --------------------------------------------- http://heise.de/-4309424 ∗∗∗ Vulnerabilities Patched in WP Cost Estimation Plugin ∗∗∗ --------------------------------------------- At the end of January, Wordfence security analysts identified attackers exploiting vulnerabilities in outdated versions of the commercial plugin WP Cost Estimation & Payment Forms Builder, or WP Cost Estimation for short. These flaws were found and patched by the developer a few months ago, but no official public disclosure was made at the time. --------------------------------------------- https://www.wordfence.com/blog/2019/02/vulnerabilities-patched-in-wp-cost-e… ∗∗∗ Oracle MAF store bypass, a how-to ∗∗∗ --------------------------------------------- On a recent assignment I was asked to look at the security of a cloud-based solution for expenses, the Oracle® ExpensesCloud with Fusion applications. It was being used for employees to create/save/edit/submit claims to the employer. TL;DR Having default hardcoded credentials allows an attacker effortless compromise of the credentialed action. --------------------------------------------- https://www.pentestpartners.com/security-blog/oracle-maf-store-bypass-a-how… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr and unbound), Fedora (docker, libexif, and runc), openSUSE (mozilla-nss, python, rmt-server, and thunderbird), Slackware (mozilla), and SUSE (couchdb, dovecot23, kvm, nodejs6, php53, podofo, python-PyKMIP, rubygem-loofah, util-linux, and velum). --------------------------------------------- https://lwn.net/Articles/779933/ ∗∗∗ IBM Security Bulletin: Weaker than expected security in WebSphere Application Server with SP800-131 transition mode (CVE-2018-1996) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weaker-than-expected-… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Java vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities were identified in Node.js that affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Linux kernel vulnerability CVE-2018-15594 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26301924 ∗∗∗ Schwachstelle in gpsd und microjson erlaubt Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0144 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.02.2019
by Daily end-of-shift report 14 Feb '19

14 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-02-2019 18:00 − Donnerstag 14-02-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Shlayer Malware Disables macOS Gatekeeper to Run Unsigned Payloads ∗∗∗ --------------------------------------------- A new variant of the multi-stage Shlayer malware known to target macOS users has been observed in the wild, now being capable to escalate privileges using a two-year-old technique and to disable the Gatekeeper protection mechanism to run unsigned second stage payloads. --------------------------------------------- https://www.bleepingcomputer.com/news/security/shlayer-malware-disables-mac… ∗∗∗ Firefox, Firefox ESR und Tor Browser rüsten sich gegen Schadcode ∗∗∗ --------------------------------------------- Mozilla und die Entwickler des Tor Browsers haben in aktuellen Versionen mehrere mit dem Bedrohungsgrad "hoch" eingestufte Lücken geschlossen. --------------------------------------------- http://heise.de/-4308974 ∗∗∗ Kauf von Welpen und Tierbabys auf adiso.at nicht ratsam ∗∗∗ --------------------------------------------- Konsument/innen finden auf adiso.at Hundewelpen und Tierbabys unterschiedlichster Rassen. Die abgebildeten Tierfotos verlocken zwar zu einem Kauf, doch davon ist dringend abzuraten. Personen, die sich für einen Welpen entscheiden, müssen meist vorab Geld bezahlen ohne den Hund gesehen zu haben. Es kommt immer wieder zu weiteren Geldforderungen, bis die Opfer begreifen, dass es die Welpen gar nicht gibt. --------------------------------------------- https://www.watchlist-internet.at/news/kauf-von-welpen-und-tierbabys-auf-ad… ∗∗∗ Betrug auf insboote.eu und ltnagro.eu ∗∗∗ --------------------------------------------- Auf der Website insboote.eu können Konsument/innen Boote und auf der Website ltnagro.eu Bau- oder Landmaschinen kaufen. Die Bezahlung der Ware ist nur im Voraus möglich. Käufer/innen, die das Geld für die Maschinen bezahlen, verlieren es, denn es kommt zu keiner Übergabe --------------------------------------------- https://www.watchlist-internet.at/news/betrug-auf-insbooteeu-und-ltnagroeu/ ===================== = Vulnerabilities = ===================== ∗∗∗ Entity Registration - Critical - Multiple Vulnerabilities - SA-CONTRIB-2019-017 ∗∗∗ --------------------------------------------- Project: Entity RegistrationDate: 2019-February-13Security risk: Critical 18∕25 AC:Basic/A:None/CI:Some/II:Some/E:Exploit/TD:DefaultVulnerability: Multiple Vulnerabilities Description: This module enables you to take registrations for events, gathering information from registrants including email address and any other questions you wish to configure.In some cases, an anonymous user may view, edit, or delete other anonymous registrations by guessing the URL of that registration based on a [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2019-017 ∗∗∗ OAuth 2.0 Client Login (Single Sign-On) - Critical - Multiple Vulnerabilities - SA-CONTRIB-2019-016 ∗∗∗ --------------------------------------------- Project: OAuth 2.0 Client Login (Single Sign-On)Date: 2019-February-13Security risk: Critical 17∕25 AC:Basic/A:None/CI:Some/II:Some/E:Proof/TD:AllVulnerability: Multiple Vulnerabilities Description: This module enables you to allow login into the Drupal websites through an external provider over the OAuth 2.0 protocol.The module sets a Drupal variable used for redirection based on unsanitised user input, leading to an Open Redirect vulnerability. It also fails to sanitise user input [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2019-016 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python-gnupg), Mageia (avahi, dom4j, gvfs, kauth, libwmf, logback, mad, python, python-django, and radvd), openSUSE (curl, haproxy, lua53, python-slixmpp, runc, spice, and uriparser), Red Hat (flash-plugin), Slackware (mozilla), and SUSE (build and docker-runc). --------------------------------------------- https://lwn.net/Articles/779810/ ∗∗∗ Synology-SA-19:06 Docker ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary commands via a susceptible version of Docker. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_06 ∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0142 ∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager and IBM Enterprise Content Management Text Search security vulnerability in Apache PDFBox ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-filenet-content-m… ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerability Can Affect IBM Sterling Order Management (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-commons-fileup… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.02.2019
by Daily end-of-shift report 13 Feb '19

13 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-02-2019 18:00 − Mittwoch 13-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 13 Popular Wireless Hacking Tools [Updated for 2019] ∗∗∗ --------------------------------------------- Introduction to 13 Popular Wireless Hacking Tools Internet is now the basic need of our daily life. With the increasing use of smartphones, most of the things are now online. Every time we have to do something, we just use our smartphone or desktop. This is the reason wi-fi hotspots can be found everywhere. People also [...] --------------------------------------------- https://resources.infosecinstitute.com/13-popular-wireless-hacking-tools/ ∗∗∗ Siemens Warns of Critical Remote-Code Execution ICS Flaw ∗∗∗ --------------------------------------------- The affected SICAM 230 process control system is used as an integrated energy system for utility companies, and as a monitoring system for smart-grid applications. --------------------------------------------- https://threatpost.com/siemens-critical-remote-code-execution/141768/ ∗∗∗ Fake Updates campaign still active in 2019 ∗∗∗ --------------------------------------------- Last week on 2019-02-06, @baberpervez2 tweeted about a compromised website used by the Fake Updates campaign (link to tweet). The Fake Updates campaign uses compromised websites that generate traffic to a fake update page. The type of fake update page depends on your web browser. Victims would see a fake Flash update page when using Internet Explorer, a fake Chrome update page when using Google Chrome, or a fake Firefox update page when using Firefox. --------------------------------------------- https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+201… ∗∗∗ Patchday: Attacken gegen Internet Explorer ∗∗∗ --------------------------------------------- Microsoft hat wichtige Sicherheitsupdates für Office, Windows & Co. veröffentlicht. Mehre Schwachstellen gelten als kritisch. --------------------------------------------- http://heise.de/-4307548 ∗∗∗ Patchday: Adobe schützt ColdFusion und Reader vor Schadcode ∗∗∗ --------------------------------------------- Adobe Acrobat, ColdFusion und Reader sind über kritische Sicherheitslücken angreifbar. Updates schaffen Abhilfe. --------------------------------------------- http://heise.de/-4307619 ∗∗∗ Patchday: SAP stopft kritische Lücken im Software-Portfolio ∗∗∗ --------------------------------------------- Der deutsche Softwarehersteller SAP hat wichtige Sicherheitsupdates für zum Beispiel Commerce und BW/4HANA veröffentlicht. --------------------------------------------- http://heise.de/-4308113 ∗∗∗ Xiaomi-Scooter lässt sich über Bluetooth kapern ∗∗∗ --------------------------------------------- Unbefugte können den Xiaomi M365 stoppen oder beschleunigen, was für den Fahrer lebensgefährlich ist. Auch andere Marken könnten betroffen sein. --------------------------------------------- http://heise.de/-4307588 ∗∗∗ Phishing-Welle: Warnung vor falschen Microsoft-Mails und Telekom-Rechnungen ∗∗∗ --------------------------------------------- Gefälschte Microsoft-E-Mails, die den Trojaner Emotet verbreiten, sowie vermeintliche Telekom-Rechnungen sind im Umlauf. --------------------------------------------- http://heise.de/-4308122 ∗∗∗ Kein Geld an vermeintliche Airbnb-Agent/innen ins Ausland zahlen! ∗∗∗ --------------------------------------------- Wohnungssuchende stoßen bei Immobilienplattformen auf unglaublich günstige Inserate. Konsument/innen, die Kontakt aufnehmen, erhalten von Vermieter/innen schnell positive Rückmeldung. Da diese sich im Ausland befinden, soll Airbnb für Schlüsselübergabe und Besichtigungstermin als Treuhand fungieren. Konsument/innen dürfen nichts überweisen! Die Inserate sind gefälscht und das Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/kein-geld-an-vermeintliche-airbnb-ag… ===================== = Vulnerabilities = ===================== ∗∗∗ OSIsoft PI Vision ∗∗∗ --------------------------------------------- This advisory includes mitigations for a cross-site scripting vulnerability in OSIsofts PI Vision web page application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-043-01 ∗∗∗ Security Advisory for Malware on QTS ∗∗∗ --------------------------------------------- A recently reported malware is known to affect QNAP NAS devices. We are currently analyzing the malware and will provide the solution as soon as possible. --------------------------------------------- https://www.qnap.com/en/security-advisory/nas-201902-13 *** Security updates for Wednesday *** --------------------------------------------- Security updates have been issued by Arch Linux (aubio, curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-gnutls, libu2f-host, python-django, python2-django, rdesktop, and runc), Debian (flatpak), Fedora (flatpak, pdns-recursor, rdesktop, tomcat, and xerces-c27), Mageia (cinnamon, docker, dovecot, golang, java-1.8.0-openjdk, jruby, libarchive, libgd, libtiff, libvncserver, opencontainers-runc, openssh, python-marshmallow, thunderbird, and transfig), openSUSE (python-slixmpp), Oracle (kernel), Red Hat (redhat-virtualization-host), Slackware (lxc), SUSE (curl, firefox, LibVNCServer, nginx, php7, python-numpy, runc, SMS3.2, and thunderbird), and Ubuntu (gvfs, python-django, snapd, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/779719/ ∗∗∗ D-LINK Router: Schwachstelle ermöglicht Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0140 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – fluentd ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM Rational ClearCase GIT connector password exposure (CVE-2019-4059) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-rational-clearcas… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-enterprise-content-ma… ∗∗∗ IBM Security Bulletin: IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a GPFS vulnerability (CVE-2018-1783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in Ansible shipped with Data Science Experience Local ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: IBM Data Science Experience Local is affected by continuous traffic to a US Softlayer server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-data-science-expe… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.02.2019
by Daily end-of-shift report 12 Feb '19

12 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 11-02-2019 18:00 − Dienstag 12-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Offensive USB Cable Allows Remote Attacks over WiFi ∗∗∗ --------------------------------------------- Like a scene from a James Bond or Mission Impossible movie, a new offensive USB cable plugged into a computer could allow attackers to execute commands over WiFi as if they were using the computers keyboard. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-offensive-usb-cable-allo… ∗∗∗ Runc: Sicherheitslücke ermöglicht Übernahme von Container-Host ∗∗∗ --------------------------------------------- Eine Sicherheitslücke ermöglicht es, dass Software aus einem Container ausbricht. Die Ausführungsumgebung Runc, mit der Container gestartet werden, kann überschrieben und so der Host übernommen werden. Docker und viele andere Lösungen sind verwundbar. --------------------------------------------- https://www.golem.de/news/runc-sicherheitsluecke-ermoeglicht-uebernahme-von… ∗∗∗ Prozessor-Sicherheit: Intels sichere Software-Enklave SGX wurde geknackt ∗∗∗ --------------------------------------------- Die Forscher hinter Meltdown und Spectre können Intel Software Guard Extensions missbrauchen, um Schadcode vor dem Administrator des Systems zu verstecken. --------------------------------------------- http://heise.de/-4306965 ∗∗∗ Presseaussendung: Watchlist Internet warnt vor Identitätsdiebstahl mit Ausweiskopien ∗∗∗ --------------------------------------------- Die Watchlist Internet (www.watchlist-internet.at), Österreichs zentrale Informationsplattform zu Internet-Betrug und Online-Fallen, warnt vor vermehrtem Betrug mit Ausweiskopien. Kriminelle nutzen diesen Identitätsdiebstahl immer häufiger, um Straftaten in fremdem Namen zu begehen. Die Watchlist erklärt, wie Konsumenten dennoch Ausweiskopien bei seriösen Geschäften versenden können, ohne Betrügern in die Falle zu gehen. --------------------------------------------- https://www.watchlist-internet.at/presse/12022019-presseaussendung-watchlis… ∗∗∗ In eine Shopping-Falle getappt? Hier gibt’s nützliche Tipps! ∗∗∗ --------------------------------------------- Im Internet werben unzählige Shops, die angebliche Markenware zu sehr günstigen Preisen anbieten, um Kund/innen. Trotz .at- oder .de-Domains haben die Websites Ihren Sitz etwa in China. Die versendeten Waren sind gefälscht, qualitativ minderwertig und werden häufig vom Zoll beschlagnahmt. Zusätzlich gelangen Kriminelle an Kreditkartendaten ihrer Opfer. --------------------------------------------- https://www.watchlist-internet.at/news/in-eine-shopping-falle-getappt-hier-… ∗∗∗ WordPress plugin flaw lets you take over entire sites ∗∗∗ --------------------------------------------- Vulnerability found in social sharing plugin named "Simple Social Buttons," installed on more than 40,000 WordPress sites. --------------------------------------------- https://www.zdnet.com/article/wordpress-plugin-flaw-lets-you-take-over-enti… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB19-06), Adobe ColdFusion (APSB19-10), Adobe Acrobat and Reader (APSB19-07) and Adobe Creative Cloud Desktop Application (APSB19-11). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1705 ∗∗∗ Cisco Network Assurance Engine CLI Access with Default Password Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Joomla 3.9.3 Release ∗∗∗ --------------------------------------------- Joomla 3.9.3 is now available. This is a security fix release for the 3.x series of Joomla which addresses 6 security vulnerabilities and contains 30 bug fixes and improvements. --------------------------------------------- https://www.joomla.org/announcements/release-news/5756-joomla-3-9-3-release… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, dovecot, firefox, and spice), Debian (curl, php5, rssh, and wordpress), Fedora (curl, ghostscript, mingw-libconfuse, and radvd), openSUSE (java-11-openjdk and python-urllib3), Red Hat (chromium-browser and kernel), and SUSE (etcd and kernel). --------------------------------------------- https://lwn.net/Articles/779543/ ∗∗∗ SAP Security Patch Day 2019 ∗∗∗ --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 ∗∗∗ ZDI-19-178: Cisco WebEx Recorder and Player asplayback Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-178/ ∗∗∗ Linux kernel vulnerability CVE-2018-17972 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K27673650 ∗∗∗ Siemens Security Advisories ∗∗∗ --------------------------------------------- https://new.siemens.com/global/en/products/services/cert.html#SecurityPubli… https://cert-portal.siemens.com/productcert/txt/ssa-505225.txt https://cert-portal.siemens.com/productcert/txt/ssa-760124.txt https://cert-portal.siemens.com/productcert/txt/ssa-104088.txt https://cert-portal.siemens.com/productcert/txt/ssa-275839.txt https://cert-portal.siemens.com/productcert/txt/ssa-284673.txt https://cert-portal.siemens.com/productcert/txt/ssa-346262.txt https://cert-portal.siemens.com/productcert/txt/ssa-179516.txt https://cert-portal.siemens.com/productcert/txt/ssa-168644.txt https://cert-portal.siemens.com/productcert/txt/ssa-268644.txt https://cert-portal.siemens.com/productcert/txt/ssa-347726.txt https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt https://cert-portal.siemens.com/productcert/txt/ssa-377318.txt https://cert-portal.siemens.com/productcert/txt/ssa-579309.txt https://cert-portal.siemens.com/productcert/txt/ssa-635129.txt https://cert-portal.siemens.com/productcert/txt/ssa-845879.txt https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Cloud Foundry (CVE-2018-15761) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities(CVE-2016-10009, CVE-2016-6515, CVE-2016-6210, CVE-2017-6464, CVE-2017-6463) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileg… ∗∗∗ IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple IBM WebSphere Application Server vulnerabilities(CVE-2017-1137, CVE-2018-1567, CVE-2017-1194) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileg… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.02.2019
by Daily end-of-shift report 11 Feb '19

11 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 08-02-2019 18:00 − Montag 11-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ First CryptoCurrency Clipboard Hijacker Found on Google Play Store ∗∗∗ --------------------------------------------- Researchers last week found the first Android app on the Google Play store that monitors a devices clipboard for Bitcoin and Ethereum addresses and swaps them for addresses under the attackers control. This allows the attackers to steal any payments you make without your knowledge that you sent it to the wrong address. --------------------------------------------- https://www.bleepingcomputer.com/news/security/first-cryptocurrency-clipboa… ∗∗∗ Vernetzte Kühlschränke lassen sich mit Passwort 1234 abschalten ∗∗∗ --------------------------------------------- Ein Hersteller von Systemen zur Temperaturkontrolle hat einen schweren Fehler begangen. --------------------------------------------- https://futurezone.at/digital-life/vernetzte-kuehlschraenke-lassen-sich-mit… ∗∗∗ Security: Qnap-NAS-Systeme von unbekannter Malware betroffen ∗∗∗ --------------------------------------------- Besitzer von TS-251+-NAS-Geräten berichten von merkwürdigen Einträgen in der Hosts-Datei durch Malware, die das Aktualisieren und Installieren von Antivirensoftware verhindern. Erst auf Nachfrage stellt Qnap einen Fix bereit. Nutzer wundern sich über dessen Trägheit in der Sache. --------------------------------------------- https://www.golem.de/news/security-qnap-nas-systeme-von-unbekannter-malware… ∗∗∗ Windows App Runs on Mac, Downloads Info Stealer and Adware ∗∗∗ --------------------------------------------- We found an EXE application that specifically runs on Mac to download an adware and info stealer, sidestepping built-in protection systems on the platform such as Gatekeeper. We suspect the cybercriminals developing this routine as an evasion technique for damaging infections and attacks in the future as our telemetry showed the highest numbers to be in the UK, Australia, Armenia, Luxembourg, South Africa and the US. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/windows-app-run… ∗∗∗ Netzwerkhelferlein von Cisco: Mittels Standard-Kennwort zum Neustart ∗∗∗ --------------------------------------------- Cisco hat wichtige Sicherheitsupdates für verschiedene Produkte veröffentlicht. Keine Lücke gilt als kritisch. --------------------------------------------- http://heise.de/-4303894 ∗∗∗ The Race to the Bottom of Credential Stuffing Lists; Collections #2 Through #5 (and More) ∗∗∗ --------------------------------------------- A race to the bottom is a market condition in which there is a surplus of a commodity relative to the demand for it. Often the term is used to describe labour conditions (workers versus jobs), and in simple supply and demand terms, once theres so much of something all [...] --------------------------------------------- https://www.troyhunt.com/the-race-to-the-bottom-of-credential-stuffing-list… ∗∗∗ Sorry, Adobe Reader, Were Not Letting You Phone Home Without Users Consent (0day) ∗∗∗ --------------------------------------------- by Mitja Kolsek, the 0patch TeamToday well look at a fairly simple vulnerability in Adobe Reader DC that allows a PDF document automatically send an SMB request to attackers server as soon as the document is opened. The vulnerability was published by Alex Inführ along with a proof-of-concept in a detailed report on Alexs blog and hasnt been patched at the time of this writing. --------------------------------------------- https://blog.0patch.com/2019/02/sorry-adobe-reader-were-not-letting-you.html ∗∗∗ installateur-mg.at ist nicht vertrauenswürdig! ∗∗∗ --------------------------------------------- Konsument/innen, die auf der Suche nach einem Installateursunternehmen sind, stoßen womöglich auf installeur-mg.at. Dort bewerben Kriminelle ein schnelles und kostengünstiges 24h-Notservice. Konsument/innen sollten die Dienste nicht in Anspruch nehmen! Es entstehen extrem hohe Kosten, die entgegen Behauptungen auf der Website sofort in bar bezahlt werden müssen. Die vorgenommenen Arbeiten sind teils mangelhaft. --------------------------------------------- https://www.watchlist-internet.at/news/installateur-mgat-ist-nicht-vertraue… ∗∗∗ New TLS encryption-busting attack also impacts the newer TLS 1.3 ∗∗∗ --------------------------------------------- Researchers discover yet another Bleichenbacher attack variation (yawn!). --------------------------------------------- https://www.zdnet.com/article/new-tls-encryption-busting-attack-also-impact… ===================== = Vulnerabilities = ===================== ∗∗∗ Django security releases issued: 2.1.6, 2.0.11 and 1.11.19 ∗∗∗ --------------------------------------------- In accordance with our security release policy, the Django team is issuing Django 1.11.19, Django 2.1.6, and Django 2.0.11. These releases addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. --------------------------------------------- https://www.djangoproject.com/weblog/2019/feb/11/security-releases/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript, spice, spice-server, and thunderbird), Debian (coturn, freerdp, ghostscript, libreoffice, libu2f-host, mosquitto, and openssh), Fedora (buildbot, java-1.8.0-openjdk, java-11-openjdk, phpMyAdmin, slurm, and spice), openSUSE (python3 and rsyslog), Red Hat (docker and runc), SUSE (avahi, fuse, and LibVNCServer), and Ubuntu (poppler). --------------------------------------------- https://lwn.net/Articles/779467/ ∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001 ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2019-6212 Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before2.22.4. Credit to an anonymous researcher. Processing maliciously crafted web content may lead to arbitrary code execution. --------------------------------------------- https://webkitgtk.org/security/WSA-2019-0001.html ∗∗∗ IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by an Apache Derby open source library vulnerability (CVE-2015-1832) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-change… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is affected by a Reflected XSS (Cross-Site Scripting) vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-govern… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 – July 2018 & October 2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Java SDK affect IBM b-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Java SDK affect IBM b-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ Advanced Cloud Paks are vulnerable to multiple issues with in the Systemd package (CVE-2018-16866 CVE-2018-16864 CVE-2018-16865) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is potentially vulnerable to XML External Entity Injection (XXE) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.02.2019
by Daily end-of-shift report 08 Feb '19

08 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-02-2019 18:00 − Freitag 08-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ The Anatomy of Website Malware: An Introduction ∗∗∗ --------------------------------------------- We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose of this blog post series is to provide an overview of the most common infection categories and types of website malware. Are you interested in how backdoors, injectors, hacktools, .. --------------------------------------------- https://blog.sucuri.net/2019/02/the-anatomy-of-website-malware-an-introduct… ∗∗∗ Remote Code Execution via Path Traversal in the Device Metadata Authoring Wizard ∗∗∗ --------------------------------------------- Attackers can use the .devicemanifest-ms and .devicemetadata-ms file extensions for remote code execution in phishing scenarios when the Windows Driver Kit is installed on a victim’s machine. This is possible because the Windows Driver Kit installer installs .. --------------------------------------------- https://posts.specterops.io/remote-code-execution-via-path-traversal-in-the… ∗∗∗ LifeSize: Videokonferenzsysteme erlauben Zugriff per Default-Account ∗∗∗ --------------------------------------------- Vier Videokonferenz-Produkte von LifeSize bringen neben Firmware-Schwachstellen auch einen Support-Account mit Default-Login mit. Nutzer sollten zügig handeln. --------------------------------------------- http://heise.de/-4301951 ∗∗∗ First clipper malware discovered on Google Play ∗∗∗ --------------------------------------------- Cryptocurrency stealers that replace a wallet address in the clipboard are no .. --------------------------------------------- http://feedproxy.google.com/~r/eset/blog/~3/hENbeA5W9fg/ ∗∗∗ Super-systemic IoT flaws ∗∗∗ --------------------------------------------- IoT security flaws were always systemic: by that I mean that if I find a flaw in my smart thermostat, it affects ALL of those thermostats. A security problem with one connected .. --------------------------------------------- https://www.pentestpartners.com/security-blog/super-systemic-iot-flaws/ ∗∗∗ Threat Brief: Understanding Domain Generation Algorithms (DGA) ∗∗∗ --------------------------------------------- Intro One of the most important “innovations” in malware in the past decade is what’s called a Domain Generation Algorithm (“DGA”)”. DGA is an automation technique that attackers use to make it harder for defenders to protect against attacks. While DGA has .. --------------------------------------------- https://unit42.paloaltonetworks.com/threat-brief-understanding-domain-gener… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot and libarchive), Fedora (gvfs and poppler), openSUSE (openssl-1_1 and subversion), Oracle (kernel), Slackware (php), SUSE (avahi, docker, libunwind, LibVNCServer, and spice), and Ubuntu (linux-azure and openssh). --------------------------------------------- https://lwn.net/Articles/779299/ ∗∗∗ Siemens SICAM A8000 RTU Series ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-038-01 ∗∗∗ Siemens EN100 Ethernet Module ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-038-02 ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/02/07/Apple-Releases-Mul… ∗∗∗ IBM Security Bulletin: IBM i2 Intelligent Analyis Platform is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i2-intelligent-an… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.02.2019
by Daily end-of-shift report 07 Feb '19

07 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-02-2019 18:00 − Donnerstag 07-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Researcher reveals huge Mac password flaw to protest Apple bug bounty ∗∗∗ --------------------------------------------- Apples operating systems have recently had more than their fair share of serious security issues, and the latest problem will be enough to rattle millions of Mac users. Previously credible researcher Linuz Henze has revealed an exploit that in one button press can reveal the passwords in a Mac’s keychain. --------------------------------------------- https://venturebeat.com/2019/02/06/researcher-reveals-huge-mac-password-fla… ∗∗∗ Weiterer Workaround von Microsoft für verwundbare Exchange-Server ∗∗∗ --------------------------------------------- Bis ein Patch für Microsoft Exchange verfügbar ist, soll ein Notbehelf die Ausnutzung der in allen Versionen bestehenden Sicherheitslücke verhindern. --------------------------------------------- http://heise.de/-4300374 ∗∗∗ Gefälschte autoscout24.at-SMS stiehlt Daten ∗∗∗ --------------------------------------------- Kriminelle senden eine gefälschte autoscout24.at-SMS an Nutzer/innen der Plattform. Darin behaupten sie fälschlicherweise, dass Inserent/innen ihr Verkaufsangebot zweimal mit unterschiedlichen Preisen veröffentlicht haben. Aus diesem Grund sollen sie ihre Angaben auf einer fremden Website überprüfen. Das führt zu einem Datendiebstahl durch die Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-autoscout24at-sms-stiehl… ∗∗∗ Identitätsdiebstahl durch Umfrage auf prophylactus.com ∗∗∗ --------------------------------------------- prophylactus.com gibt vor, ein Marktforschungsinstitut zu sein. Konsument/innen sollen sich registrieren, um von zu Hause aus bis zu 50 Euro pro Stunde verdienen zu können. Achtung: Internetnutzer/innen dürfen sich nicht anmelden und an keinen Umfragen teilnehmen. Es handelt sich um versuchten Identitätsdiebstahl, der schwere Folgen für Betroffene haben kann. --------------------------------------------- https://www.watchlist-internet.at/news/identitaetsdiebstahl-durch-umfrage-a… ∗∗∗ Bitcoin-Erpressungsmail mit Nacktbildern ∗∗∗ --------------------------------------------- Aktuell häufen sich betrügerische E-Mails von einem "anonymen Hacker". Der Sender hat angeblich intimes Videomaterial von Ihnen, das er an Freund/innen, Bekannte und Familie weiterleitet, sollte kein Schweigegeld in Form von Bitcoins überweisen werden. Im Anhang finden Sie veröffentlichte Nacktbilder von bisherigen Opfern, die der Forderung nicht nachgekommen sind. Ignorieren Sie E-Mails dieser Art! Das besagte Video existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressungsmail-mit-nacktbil… ∗∗∗ Hacker group uses Google Translate to hide phishing sites ∗∗∗ --------------------------------------------- New phishing technique looks silly on desktops but may have a fighting chance on mobile devices. --------------------------------------------- https://www.zdnet.com/article/hacker-group-uses-google-translate-to-hide-ph… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, golang, libthrift-java, mumble, netmask, python3.4, and rssh), openSUSE (python-python-gnupg), Oracle (kernel), Scientific Linux (thunderbird), Slackware (curl), SUSE (firefox, python, and rmt-server), and Ubuntu (curl, libarchive, and libreoffice). --------------------------------------------- https://lwn.net/Articles/779192/ ∗∗∗ BlackBerry powered by Android Security Bulletin – February 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ HPESBUX03908 rev.1 - HP-UX Web Server Suite running Apache on HP-UX 11iv3, Multiple Remote Vulnerabilities. ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBUX03909 rev.1 - HP-UX Web Server Suite running Apache on HP-UX 11iv3, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ IBM Security Bulletin: IBM i2 Enterprise Insight Analysis. CVE-2018-12539 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i2-enterprise-ins… ∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used… ∗∗∗ IBM Security Bulletin: MaaS360 has identified a vulnerability in the MaaS360 iOS Application. (CVE-2018-1960) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-maas360-has-identifie… ∗∗∗ IBM Security Bulletin: OpenJPA as used in IBM QRadar SIEM is vulnerable to remote code execution. (CVE-2013-1768) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openjpa-as-used-in-ib… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM uses outdated hash algorithms. (CVE-2017-1695) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-uses-… ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x affected by vulnerability CVE-2017-1231 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-5-x… ∗∗∗ IBM Security Bulletin: BigFix Compliance (TEMA SUAv1 SCA SCM) affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-compliance-tem… ∗∗∗ Java SE vulnerability CVE-2018-3139 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65481741 ∗∗∗ Java SE vulnerability CVE-2018-3136 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16940442 ∗∗∗ Java SE vulnerability CVE-2018-3211 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04224795 ∗∗∗ Java SE vulnerability CVE-2018-3214 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K86075480 ∗∗∗ TLS in Mozilla NSS vulnerability CVE-2018-12404 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10281096 ∗∗∗ Java SE vulnerabilities CVE-2018-3149, CVE-2018-3169, and CVE-2018-3209 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K50394032 ∗∗∗ Java SE vulnerability CVE-2018-3180 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30503705 ∗∗∗ Oracle Java SE vulnerability CVE-2018-11212 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K63404203 ∗∗∗ BIG-IP SNMP vulnerability CVE-2018-15328 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42027747 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.02.2019
by Daily end-of-shift report 06 Feb '19

06 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-02-2019 18:00 − Mittwoch 06-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Nicht auf apfel-deals.com bestellen! ∗∗∗ --------------------------------------------- apfel-deals.com wirbt aktuell aktiv um Kundschaft. Im Angebot hat der Shop den Großteil des Apple-Produktsortiments, wie zum Beispiel iPhones, MacBooks, iPads und die Apple Watch. Achtung: Die Preise sind zwar verlockend, doch es handelt sich um einen Fake-Shop, der keine Waren liefert. Konsument/innen zahlen per Vorkasse und verlieren dadurch ihr Geld an Kriminelle! --------------------------------------------- https://www.watchlist-internet.at/news/nicht-auf-apfel-dealscom-bestellen/ ∗∗∗ SuperBoost Wifi hält nicht, was es verspricht! ∗∗∗ --------------------------------------------- Auf superboostwifi.com bewirbt die Firma Strong Current Enterprises Limited ein Gerät, das in der Lage sein soll, die Geschwindigkeitsbegrenzung von Internet-Verbindungen auszuhebeln. Tatsächlich handelt es sich beim SuperBoost Wifi Booster lediglich um einen vergleichsweise teuren WLAN-Repeater. Die Internet-Geschwindigkeit bleibt ein und dieselbe, nur die Reichweite wird verbessert. --------------------------------------------- https://www.watchlist-internet.at/news/superboost-wifi-haelt-nicht-was-es-v… ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA InduSoft Web Studio and InTouch Edge HMI ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for Missing Authentication for Critical Function and Resource Injection vulnerabilities reported in the AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) applications. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01 ∗∗∗ Rockwell Automation EtherNet/IP Web Server Modules ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability reported in the Rockwell Automation EtherNet/IP Web Server Modules. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-02 ∗∗∗ WECON LeviStudioU ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow, heap-based buffer overflow, and memory corruption vulnerabilities reported in WECONs LeviStudioU. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 ∗∗∗ Siemens SIMATIC S7-1500 CPU ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for uncontrolled resource consumption vulnerabilities reported in Siemens SIMATIC SV-1500 CPU. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-04 ∗∗∗ Kunbus PR100088 Modbus Gateway ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for improper authentication, missing authentication for critical function, and improper input validation vulnerabilities reported in the Kunbus PR100088 Modbus gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot and libav), openSUSE (kernel and krb5), Scientific Linux (thunderbird), SUSE (curl, lua53, python3, and spice), and Ubuntu (dovecot). --------------------------------------------- https://lwn.net/Articles/779098/ ∗∗∗ ZDI: (0day) Hewlett Packard Enterprise Intelligent Management Vulnerabilities ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-162/ http://www.zerodayinitiative.com/advisories/ZDI-19-172/ http://www.zerodayinitiative.com/advisories/ZDI-19-171/ http://www.zerodayinitiative.com/advisories/ZDI-19-170/ http://www.zerodayinitiative.com/advisories/ZDI-19-169/ http://www.zerodayinitiative.com/advisories/ZDI-19-168/ http://www.zerodayinitiative.com/advisories/ZDI-19-167/ http://www.zerodayinitiative.com/advisories/ZDI-19-166/ http://www.zerodayinitiative.com/advisories/ZDI-19-165/ http://www.zerodayinitiative.com/advisories/ZDI-19-164/ http://www.zerodayinitiative.com/advisories/ZDI-19-163/ ∗∗∗ Cisco Aironet Active Sensor Static Credentials Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Decryption Policy Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Business Suite Content Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Management Suite Simple Object Access Protocol Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Meeting Server SIP Processing Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Meeting Server Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Potential denial of service in WebSphere Application Server (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSL ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM SPSS Statistics is affected by CVE-2018-3139 and CVE-2018-3180 vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spss-statistics-i… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a vulnerability in Node.js (CVE-2018-12123) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY Reflected XSS in WebSphereSamISP ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1723) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a message injection vulnerability (CVE-2018-1666) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY WebSphere XSS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.02.2019
by Daily end-of-shift report 05 Feb '19

05 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 04-02-2019 18:00 − Dienstag 05-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Reverse RDP Attack: Code Execution on RDP Clients ∗∗∗ --------------------------------------------- Check Point Research recently discovered multiple critical vulnerabilities in the commonly used Remote Desktop Protocol (RDP) that would allow a malicious actor to reverse the usual direction of communication and infect the IT professional or security research’s computer. --------------------------------------------- https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-cl… ∗∗∗ Crooks Continue to Exploit GoDaddy Hole ∗∗∗ --------------------------------------------- Godaddy.com, the worlds largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddys fix hasnt gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal. --------------------------------------------- https://krebsonsecurity.com/2019/02/crooks-continue-to-exploit-godaddy-hole/ ∗∗∗ Vorsicht bei (zu) günstiger Markenware im Internet! ∗∗∗ --------------------------------------------- Auf der Suche nach dem großen Schnäppchen stoßen Konsument/innen häufig auf betrügerische Online-Shops, die Markenware zu schier unglaublichen Preisen anbieten. Hinter den Websites stecken oftmals Kriminelle, die gefälschte Produkte liefern oder es nur auf die Daten ihrer Opfer abgesehen haben. Hier erhalten Internetuser/innen nützliche Tipps, zum Einkauf im Internet, um Ärgernisse zu vermeiden! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-zu-guenstiger-markenwar… ∗∗∗ Warnung vor Nutresin - Herbapure Ear ∗∗∗ --------------------------------------------- Im Internet bewirbt der Molekularbiologe Prof. Karl Auer seine „makro-molekulare Formel" Nutresin - Herbapure Ear als Wundermittel gegen Hörverlust. Konsument/innen können Nutresin auf der Website yourmarket24.com bestellen. Die medizinische Wirkung der Ohrentropfen ist unklar. Aus diesem Grund ist von einer Bestellung des Mittels Nutresin dringend abzuraten. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-nutresin-herbapure-ear/ ===================== = Vulnerabilities = ===================== ∗∗∗ Kryptographische Schwachstellen in deutscher eGovernment Softwarekomponente ∗∗∗ --------------------------------------------- Die OSCI-Transport Bibliothek ist eine Softwarekomponente, welche von vielen deutschen Behörden eingesetzt wird, um Daten gemäß dem OSCI-Transport Protokoll sicher zu übertragen. Diese Java-Bibliothek war gegen zwei potentielle Angriffe anfällig, welche es einem Angreifer ermöglichten, einige Sicherheitsmaßnahmen zu umgehen. --------------------------------------------- https://www.sec-consult.com/blog/2019/02/kryptographische-schwachstellen-in… ∗∗∗ Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702) ∗∗∗ --------------------------------------------- The Qkr! with MasterPass iOS application (version 5.0.6 and below), does not validate the SSL certificate it receives when connecting to the application login server. --------------------------------------------- https://www.info-sec.ca/advisories/Qkr-MasterCard.html ∗∗∗ Android Security Bulletin - February 2019 ∗∗∗ --------------------------------------------- [...] The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-02-01.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libgd2), Fedora (java-11-openjdk, kernel, and kernel-headers), openSUSE (firefox, mysql-community-server, and pdns-recursor), Oracle (thunderbird), Red Hat (rh-haproxy18-haproxy, systemd, and thunderbird), SUSE (haproxy, spice, and uriparser), and Ubuntu (dovecot, kernel, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2, [...] --------------------------------------------- https://lwn.net/Articles/778507/ ∗∗∗ IBM Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by the use of Local Read Only Cache (LROC) which may result in directory corruption and undetected data corruption in regular files. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-scale-fo… ∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2018-11784, CVE-2018-8034) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-websphere-cast-ir… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by CKEditor (Preview Plugin) vulnerability (CVE-2014-5191) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by Apache POI vulnerability (CVE-2017-12626) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ HPESBHF03904 rev.1 - HPE Service Pack for ProLiant (SPP) Bundled Software, Local Access Restriction Bypass ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03907 rev.1 - HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers, Remote Cross-Site Scripting in HPE iLO 5 Web User Interface ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily