Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 09.05.2019
by Daily end-of-shift report 09 May '19

09 May '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-05-2019 18:00 − Donnerstag 09-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Samsung: Forscher konnte auf Entwicklungsumgebung zugreifen ∗∗∗ --------------------------------------------- Zugangsdaten, Zertifikate, Tokens, Schlüssel und Quellcode: Ein Sicherheitsforscher fand eine öffentlich zugängliche Gitlab-Installation von Samsung - und hätte selbst den Softwarecode ändern können. --------------------------------------------- https://www.golem.de/news/samsung-forscher-konnte-auf-entwicklungsumgebung-… ∗∗∗ Eggheads confirm: Rampant Android bloatware a privacy and security hellscape ∗∗∗ --------------------------------------------- Bundled software not just an annoyance, its also a risk The apps bundled with many Android phones are presenting threats to security and privacy greater than most users think. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/05/09/android_blo… ∗∗∗ Ongoing Credit Card Data Leak ∗∗∗ --------------------------------------------- Our DNSMon flagged an abnormal domain name magento-analytics[.]com, through continuous tracking, and correlation with various data, we found out that the domain name has been used to inject malicious JS script to various online shopping sites to steal the credit card owner / card number / expiration time / CVV information. --------------------------------------------- https://blog.netlab.360.com/ongoing-credit-card-data-leak/ ∗∗∗ Kritische Lücke: Docker-Images von Alpine Linux mit Root-Zugang ohne Passwort ∗∗∗ --------------------------------------------- Einige Versionen der offiziellen Docker-Images von Alpine Linux erlaubten das Einloggen als root mit leerem Passwortfeld. Jetzt ist das Problem behoben. --------------------------------------------- https://heise.de/-4418636 ∗∗∗ Vulnerabilities in financial mobile apps put consumers and businesses at risk ∗∗∗ --------------------------------------------- It’s good to know that your bank’s website boasts that little green padlock, promotes secure communication, and follows a two-factor authentication (2FA) scheme. But are their mobile apps equally secure? --------------------------------------------- https://blog.malwarebytes.com/101/2019/05/vulnerabilities-in-financial-mobi… ∗∗∗ Vulnerability Spotlight: Remote code execution bug in SQLite ∗∗∗ --------------------------------------------- SQLite contains an exploitable use-after-free vulnerability that could allow an attacker to gain the ability to remotely execute code on the victim machine. --------------------------------------------- https://blog.talosintelligence.com/2019/05/vulnerability-spotlight-remote-c… ∗∗∗ Finger weg von elektriker-mg.at ∗∗∗ --------------------------------------------- Beauftragen Sie elektriker-mg.at besser nicht bei Problemen, denn dieses Unternehmen ist betrügerisch. elektriker-mg.at wirbt auf seiner Website damit, 24 Stunden am Tag und 365 Tage im Jahr verfügbar und innerhalb kürzester Zeit bei Ihnen zu sein. Das freundliche Lächeln des Elektrikers trügt: Sie werden um viel Geld betrogen und Ihr Schaden wird nicht behoben! --------------------------------------------- https://www.watchlist-internet.at/news/finger-weg-von-elektriker-mgat/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (drupal7, exiv2, filezilla, and libfilezilla), openSUSE (gnutls, GraphicsMagick, hostinfo, supportutils, and ovmf), Scientific Linux (flatpak and ghostscript), SUSE (mutt and samba), and Ubuntu (Monit). --------------------------------------------- https://lwn.net/Articles/787943/ ∗∗∗ Phar Vulnerabilities Patched in Drupal, TYPO3 ∗∗∗ --------------------------------------------- Updates released this week for the Drupal and TYPO3 open source content management systems (CMSs) patch vulnerabilities related to how Phar archives are handled. The Phar (PHP Archive) package format enables developers to place all the files of a PHP application inside a single archive. --------------------------------------------- https://www.securityweek.com/phar-vulnerabilities-patched-drupal-typo3 ∗∗∗ Kaspersky Anti-Virus: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0387 ∗∗∗ IBM Security Bulletin: Cross-site scripting in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4204) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a message spoofing vulnerability (CVE-2019-6110) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Cloud App Management V2018 could allow an attacker to obtain sensitive configuration information ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Tomcat could affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site request forgery vulnerability (CVE-2018-1790) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.05.2019
by Daily end-of-shift report 08 May '19

08 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-05-2019 18:00 − Mittwoch 08-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hacker gesucht: "Auch Zehnjährige verstehen, was ein sicheres Passwort ist" ∗∗∗ --------------------------------------------- Ab sofort werden im Rahmen der Cyber Security Challenge wieder die besten Hacker Österreichs gesucht. --------------------------------------------- https://futurezone.at/digital-life/hacker-gesucht-auch-zehnjaehrige-versteh… ∗∗∗ Biometric Authentication Overview, Advantages & Disadvantages [Updated 2019] ∗∗∗ --------------------------------------------- What is biometric authentication? Biometric authentication is simply the process of verifying your identity using your measurements or other unique characteristics of your body, then logging you in a service, an app, a device and so on. What’s complicated is the technology behind it, so let’s see how it works. --------------------------------------------- https://heimdalsecurity.com/blog/biometric-authentication/ ∗∗∗ Researchers’ Evil Clippy cloaks malicious Office macros ∗∗∗ --------------------------------------------- A team of security researchers has exploited Microsoft’s patchy macro documentation to hide malicious code inside innocent-looking macros. --------------------------------------------- https://nakedsecurity.sophos.com/2019/05/08/researchers-cloak-malicious-off… ∗∗∗ Unternehmen aufgepasst: Bewerbungen mit Schadsoftware in Umlauf ∗∗∗ --------------------------------------------- Generisch gehaltene Mails mit dem Betreff „Bewerbung für Ihre Stellenausschreibung“ werden momentan von Kriminellen verbreitet. Die Nachrichten enthalten ein passwortgeschütztes und somit verschlüsseltes Word-Dokument. Das dazugehörige Passwort ist in der Mail zu finden. Empfänger/innen dürfen den Anhang nicht öffnen. Er enthält Schadsoftware! --------------------------------------------- https://www.watchlist-internet.at/news/unternehmen-aufgepasst-bewerbungen-m… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API.The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dovecot, kernel, linux-zen, munin, nautilus, perl-email-address, and tcpreplay), Debian (atftp), Fedora (perl-YAML and teeworlds), Mageia (java-1.8.0-openjdk, ldb, libsolv, and putty/filezilla/wxgtk), openSUSE (freeradius-server, libjpeg-turbo, pacemaker, rubygem-actionpack-5_1, wpa_supplicant, and yubico-piv-tool), Red Hat (chromium-browser, container-tools:rhel8, edk2, firefox, flatpak, ghostscript, httpd:2.4, mod_auth_mellon, openwsman, [...] --------------------------------------------- https://lwn.net/Articles/787842/ ∗∗∗ [20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/vyaXtvewK3I/781-20190502-c… ∗∗∗ [20190501] - Core - XSS in com_users ACL debug views ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/xio2qb8Db2U/780-20190501-c… ∗∗∗ TYPO3-PSA-2019-008: By-passing protection of Phar Stream Wrapper Interceptor ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-008/ ∗∗∗ TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-007/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Session Management vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4072) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-session-management-vu… ∗∗∗ IBM Security Bulletin: Potential CSV injection threat affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4071) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-csv-injecti… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Potential denial of service in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: IBM MQ Advanced Cloud Pak is vulnerable to a buffer overflow in the curl command (CVE-2018-16842) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planning ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.05.2019
by Daily end-of-shift report 07 May '19

07 May '19

===================== = End-of-Day report = ===================== Timeframe: Montag 06-05-2019 18:00 − Dienstag 07-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Confluence Servers Hacked to Install Miners and Rootkits ∗∗∗ --------------------------------------------- After getting pounded with ransomware and malware for deploying distributed denial-of-service (DDoS) attacks, unpatched Confluence servers are now compromised to mine for cryptocurrency. --------------------------------------------- https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to… ∗∗∗ "7 Tips For Planning ICS Plant Visits" ∗∗∗ --------------------------------------------- As you plan the next visit to your ICS plant(s) with your security team, consider these seven tips. They will maximize time on-site for accurate asset identification, effective cybersecurity awareness that will foster IT and OT relationships for smooth ICS incident response, and highlight new ways to ethically hack your digital and physical security perimeter. --------------------------------------------- http://ics.sans.org/blog/2019/05/06/7-tips-for-planning-ics-plant-visits ∗∗∗ Entschlüsselungstool für Erpressungstrojaner MegaLocker/NamPoHyu verfügbar ∗∗∗ --------------------------------------------- Sicherheitsforscher haben ein Gratis-Entschlüsselungstool für eine aktuelle Ransomware veröffentlicht. Der Malware-Entwickler findet das gar nicht witzig. --------------------------------------------- https://heise.de/-4415835 ∗∗∗ Turla LightNeuron: An email too far ∗∗∗ --------------------------------------------- ESET research uncovers Microsoft Exchange malware remotely controlled via steganographic PDF and JPG email attachments --------------------------------------------- https://www.welivesecurity.com/2019/05/07/turla-lightneuron-email-too-far/ ∗∗∗ WordPress GraphQL plugin exploit ∗∗∗ --------------------------------------------- Third-party plugins are often the security Achilles heel of Content Management Systems (CMS). It seems like not a month goes by without one security researcher or another uncovers a vulnerability in a plugin, undermining the security of the whole platform. --------------------------------------------- https://www.pentestpartners.com/security-blog/wordpress-graphql-plugin-expl… ∗∗∗ Surge of MegaCortex ransomware attacks detected ∗∗∗ --------------------------------------------- New MegaCortex ransomware strain detected targeting the enterprise sector. --------------------------------------------- https://www.zdnet.com/article/sudden-surge-of-megacortex-ransomware-infecti… ∗∗∗ WordPress finally gets the security features a third of the Internet deserves ∗∗∗ --------------------------------------------- WordPress 5.2 released with support for cryptographically-signed updates, a modern cryptographic library. --------------------------------------------- https://www.zdnet.com/article/wordpress-finally-gets-the-security-features-… ===================== = Vulnerabilities = ===================== ∗∗∗ [20190501] - Core - XSS in com_users ACL debug views ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 1.7.0 through 3.9.5 Exploit type: XSS Reported Date: 2019-April-29 Fixed Date: 2019-May-07 CVE Number: CVE-2019-11809 Description The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. Affected Installs Joomla! CMS versions 1.7.0 through 3.9.5 Solution Upgrade to version 3.9.6 Contact The JSST at the Joomla! Security Centre. Reported By: Jose Antonio --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/xio2qb8Db2U/780-20190501-c… ∗∗∗ Android Security Bulletin - May 2019 ∗∗∗ --------------------------------------------- [...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-05-01.html ∗∗∗ USN-3969-1: wpa_supplicant and hostapd vulnerability ∗∗∗ --------------------------------------------- wpa vulnerabilityA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 19.04Ubuntu 18.10Ubuntu 18.04 LTSUbuntu 16.04 LTSSummarywpa_supplicant and hostapd could be made to crash if they receivedspecially crafted network traffic. --------------------------------------------- https://usn.ubuntu.com/3969-1/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (389-ds-base, firefox-esr, and symfony), Fedora (poppler), SUSE (audit, ovmf, and webkit2gtk3), and Ubuntu (aria2, FFmpeg, gnome-shell, and sudo). --------------------------------------------- https://lwn.net/Articles/787732/ ∗∗∗ Security Bulletins for TYPO3 CMS ∗∗∗ --------------------------------------------- https://typo3.org/help/security-advisories/typo3-cms/ ∗∗∗ Security Bulletins for TYPO3 Extensions ∗∗∗ --------------------------------------------- https://typo3.org/help/security-advisories/typo3-extensions/ ∗∗∗ Public Services Announcements for TYPO3 ∗∗∗ --------------------------------------------- https://typo3.org/help/security-advisories/public-service-announcements/ ∗∗∗ IBM Security Bulletin: Multiple Java Vulnerabilities Impact IBM Control Center (CVE-2018-3180, CVE-2018-1890) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-java-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.05.2019
by Daily end-of-shift report 06 May '19

06 May '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 03-05-2019 18:00 − Montag 06-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Cronjob Backdoors ∗∗∗ --------------------------------------------- Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level of their backdoors. A good example of this is the shell_exec function which allows plain shell commands to be run directly through the web application, providing attackers with an increased level of control over the environment. --------------------------------------------- https://blog.sucuri.net/2019/05/cronjob-backdoors.html ∗∗∗ WLAN-Presenter-Systeme mit kritischen Sicherheitslücken ∗∗∗ --------------------------------------------- WLAN-Gateways, die in vielen Meeting-Räumen das kabellose Anzeigen von Folien ermöglichen, lassen sich kapern und mit Schadcode verseuchen. --------------------------------------------- https://heise.de/-4413258 ∗∗∗ Erpressungswelle zielt auf öffentliche Git-Repositorys ∗∗∗ --------------------------------------------- Seit einigen Tagen haben Erpresser zahlreiche Repositorys bei GitHub, GitLab und BitBucket gelöscht und fordern Bitcoins für die Wiederherstellung. --------------------------------------------- https://heise.de/-4413576 ∗∗∗ Betrügerische Job-Angebote verführen zur Geldwäsche ∗∗∗ --------------------------------------------- Auf der Suche nach dem neuen Job stoßen Konsument/innen häufig auf betrügerische Angebote, bei denen die Aufgabe aus der Weiterleitung von Geldbeträgen besteht. Nicht immer ist dies bereits in der entsprechenden Jobausschreibung erkennbar. So geschehen auch auf der von Kriminellen übernommenen Website bulldozer-sprachschule.at, wo Bewerber/innen zur Geldwäsche aufgefordert wurden. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-job-angebote-verfuehr… ===================== = Vulnerabilities = ===================== ∗∗∗ High-Severity PrinterLogic Flaws Enable Remote Code Execution ∗∗∗ --------------------------------------------- The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers. --------------------------------------------- https://threatpost.com/printerlogic-remote-code-execution/144383/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jquery, librecad, and phpbb3), Fedora (bubblewrap, java-11-openjdk, libvirt, openssh, and pacemaker), Mageia (virtualbox), openSUSE (chromium, ImageMagick, and java-11-openjdk), and SUSE (openssl-1_1). --------------------------------------------- https://lwn.net/Articles/787599/ ∗∗∗ HPESBHF03769 rev.2 - HPE Integrated Lights-out 4 (iLO 4), and Moonshot Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ IBM Security Bulletin: IBM TRIRIGA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data (CVE-2019-4208) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-is-vulner… ∗∗∗ IBM Security Bulletin: IBM TRIRIGA Application Platform may disclose sensitive information (CVE-2019-4207) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-applicati… ∗∗∗ IBM Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM TRIRIGA Application Platform (CVE-2018-15786) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-pivo… ∗∗∗ IBM Security Bulletin: IBM TRIRIGA Application Platform could disclose sensitive information (CVE-2018-2008) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-applicati… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains a cross-site request forgery vulnerability in the REST API (CVE-2018-2001) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-prog… ∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2018-1890, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-af… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Runtime Environment Java™ Version affect IBM Cloud Manager with OpenStack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gn… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.05.2019
by Daily end-of-shift report 03 May '19

03 May '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-05-2019 18:00 − Freitag 03-05-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Decryptor for MegaLocker and NamPoHyu Virus Ransomware Released ∗∗∗ --------------------------------------------- Emsisoft has released a decryptor for the MegaLocker and NamPoHyu Virus ransomware that has been targeting exposed Samba servers. Victims can now use this decryptor to recover their files for free. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/decryptor-for-megalocker-and… ∗∗∗ Informal Expert Group on EU Member States Incident Response Development ∗∗∗ --------------------------------------------- ENISA launches this Call for Participation to invite experts to participate in its expert group. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/informal-e-xpert-group-on-eu-ms… ∗∗∗ 2019: The Return of Retefe ∗∗∗ --------------------------------------------- Retefe is a banking Trojan that historically has routed online banking traffic intended for targeted banks through a proxy instead of the web injects more typical of other bankers. [...] Although Retefe only appeared infrequently in 2018, the banker returned to more regular attacks on Swiss and German victims in April of 2019 with both a Windows and macOS version. Retefes return to the landscape was marked by several noteworthy changes: [...] --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/2019-return-retefe ∗∗∗ Abus Funkalarmanlage: Sicherheitslücke erlaubt Klonen von RFID-Schlüsseln ∗∗∗ --------------------------------------------- Erst vergangene Woche enthüllten Sicherheitsforscher drei Sicherheitslücken in Abus Secvest Alarmanlagen. Nun folgt eine weitere. --------------------------------------------- https://heise.de/-4412282 ∗∗∗ D-Link schützt DNS-320 und weitere NAS mit Updates gegen Cr1ptTor-Ransomware ∗∗∗ --------------------------------------------- Die Netzwerkspeicher DNS-320L, DNS-325 und DNS-327L waren anfällig für Angriffe durch den Verschlüsselungstrojaner Cr1ptor. Firmware-Updates sollen das ändern. --------------------------------------------- https://heise.de/-4412656 ∗∗∗ Vulnerabilities Found in Over 100 Jenkins Plugins ∗∗∗ --------------------------------------------- A researcher has discovered vulnerabilities in more than 100 plugins designed for the Jenkins open source software development automation server and many of them have yet to be patched. read more --------------------------------------------- https://www.securityweek.com/vulnerabilities-found-over-100-jenkins-plugins ===================== = Vulnerabilities = ===================== ∗∗∗ Orpak SiteOmat ∗∗∗ --------------------------------------------- This advisory includes mitigations for use of hard-coded credentials, cross-site scripting, SQL injection, missing encryption of sensitive data, code injection, and stack-based buffer overflow vulnerabilities reported in Orpak’s SiteOmat, software for fuel station management. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01 ∗∗∗ GE Communicator ∗∗∗ --------------------------------------------- This advisory includes mitigations for uncontrolled search path, use of hard-coded credentials, and improper access control vulnerabilities reported in GEs Communicator software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02 ∗∗∗ Sierra Wireless AirLink ALEOS ∗∗∗ --------------------------------------------- This advisory includes mitigations for OS command injection, use of hard-coded credentials, unrestricted upload of file with dangerous type, cross-site scripting, cross-site request forgery, information exposure, and missing encryption of sensitive data vulnerabilities reported in the Sierra Wireless AirLink ALEOS products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (linux-4.9 and otrs2), Fedora (gradle, java-1.8.0-openjdk, jetty, kernel, ruby, and runc), openSUSE (dovecot23, jasper, libsoup, ntfs-3g_ntfsprogs, and webkit2gtk3), SUSE (openssl), and Ubuntu (python-gnupg). --------------------------------------------- https://lwn.net/Articles/787413/ ∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Releases 1801-w and 1801-y ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-s… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.05.2019
by Daily end-of-shift report 02 May '19

02 May '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 30-04-2019 18:00 − Donnerstag 02-05-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Phishing-Mail hat es auf Ihr Willhaben-Konto abgesehen ∗∗∗ --------------------------------------------- Erneut sind Phishing-Mails Krimineller im Umlauf. Die Mails erwecken den Anschein, von der Kleinanzeigenplattform Willhaben zu stammen und informieren über die Veröffentlichung einer Verkaufsanzeige für eine Samsung Waschmaschine. Empfänger/innen dürfen den Links in der Nachricht nicht folgen und keine Daten eingeben, ansonsten verlieren sie ihr Willhaben-Konto. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-mail-hat-es-auf-ihr-willhab… ∗∗∗ JavaScript card sniffing attacks spread to other e-commerce platforms ∗∗∗ --------------------------------------------- OpenCart, OSCommerce, WooCommerce, Shopify are also being targeted. --------------------------------------------- https://www.zdnet.com/article/javascript-card-sniffer-attacks-spread-to-oth… ∗∗∗ 50,000 enterprise firms running SAP software vulnerable to attack ∗∗∗ --------------------------------------------- 9 out of 10 SAP production systems are believed to be vulnerable to new exploits. --------------------------------------------- https://www.zdnet.com/article/50000-enterprise-firms-running-sap-software-v… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Treiberinstallation auf Dell-Laptops angreifbar ∗∗∗ --------------------------------------------- Eine auf Dell-Laptops vorinstallierte Windows-Software zur Installation von Treibern öffnet einen lokalen HTTP-Server. Ein Netzwerkangreifer kann das missbrauchen, um Schadsoftware zu installieren. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-treiberinstallation-auf-dell-la… ∗∗∗ Rockwell Automation CompactLogix 5370 ∗∗∗ --------------------------------------------- This advisory includes mitigations for uncontrolled resource consumption and stack-based buffer overflow vulnerabilities reported in Rockwell Automation’s CompactLogix 5370 controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01 ∗∗∗ Citrix SD-WAN Security Update ∗∗∗ --------------------------------------------- An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic. --------------------------------------------- https://support.citrix.com/article/CTX247735 ∗∗∗ Jetzt patchen: Cisco schließt Lücken in zahlreichen Produkten ∗∗∗ --------------------------------------------- Es ist mal wieder so weit: Netzwerkausrüster Cisco hat zahlreiche Aktualisierungen veröffentlicht. Eine der gepatchten Lücken gilt als kritisch. --------------------------------------------- https://heise.de/-4411599 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (libmediainfo, php-horde-horde, and php-horde-turba), SUSE (hostinfo, supportutils, libjpeg-turbo, and openssl), and Ubuntu (dovecot, libpng1.6, and memcached). --------------------------------------------- https://lwn.net/Articles/787232/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (proftpd-dfsg and signing-party), Fedora (php-horde-horde and php-horde-turba), and Ubuntu (php5). --------------------------------------------- https://lwn.net/Articles/787299/ ∗∗∗ Many Vulnerabilities Found in Wireless Presentation Devices ∗∗∗ --------------------------------------------- Researchers at Tenable have discovered a total of 15 vulnerabilities across eight wireless presentation systems, including flaws that can be exploited to remotely hack devices. read more --------------------------------------------- https://www.securityweek.com/many-vulnerabilities-found-wireless-presentati… ∗∗∗ Vuln: Microsoft Visual Studio asm Remote Memory Corruption Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108122 ∗∗∗ Vuln: Apache Archiva CVE-2019-0214 Arbitrary File Write Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108124 ∗∗∗ IBM Security Advisories ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Appliance mode vulnerability CVE-2019-6614 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K46524395 ∗∗∗ CGNAT/PPTP vulnerability CVE-2019-6611 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K47527163 ∗∗∗ DNS vulnerability CVE-2019-6612 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24401914 ∗∗∗ Appliance mode tmsh vulnerability CVE-2019-6615 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K87659521 ∗∗∗ Appliance mode tmsh vulnerability CVE-2019-6616 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K82814400 ∗∗∗ SNMP vulnerability CVE-2019-6613 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K27400151 ∗∗∗ BIG-IP Resource Administrator vulnerability CVE-2019-6618 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K07702240 ∗∗∗ BIG-IP Resource Administrator vulnerability CVE-2019-6617 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K38941195 ∗∗∗ HTTP/2 ALPN vulnerability CVE-2019-6619 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K94563344 ∗∗∗ NodeJS vulnerability CVE-2018-12120 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37111863 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.04.2019
by Daily end-of-shift report 30 Apr '19

30 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Montag 29-04-2019 18:00 − Dienstag 30-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ APT trends report Q1 2019 ∗∗∗ --------------------------------------------- This is our latest summary of APT activity, based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. It aims to highlight the significant events and findings that we feel people should be aware of. --------------------------------------------- https://securelist.com/apt-trends-report-q1-2019/90643/ ∗∗∗ Vorsicht vor Bestellungen auf cragoo.at und cragoo.de ∗∗∗ --------------------------------------------- Bei cragoo.de bzw. cragoo.at handelt es sich um einen Online-Shop der Firma TA Retail UG mit sehr breitem Sortiment. Es werden unter anderem Haushaltsgeräte, Technik, Autozubehör, Bauutensilien, Fahrräder, Möbel und Spielzeug angeboten. Doch Vorsicht: Uns erreichen laufend Meldungen verärgerter Konsument/innen, die einen Einkauf per Vorkasse bezahlt, aber keine Lieferung erhalten haben. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-bestellungen-auf-cragoo… ∗∗∗ Oracle Weblogic 0day ∗∗∗ --------------------------------------------- Several days ago, information about new Oracle Weblogic Server 0day vulnerability was published [... CVE-2019-2725]. ... One of the SISSDEN goals is to track such a vulnerabilities and answer following questions: How big was the volume of scanning/exploitation? Who is responsible for scanning/exploitation? How was the exploitation executed? --------------------------------------------- https://sissden.eu/blog/oracle-weblogic-0day ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: ImageMagick Multiple Heap Buffer Overflow Vulnerabilities ∗∗∗ --------------------------------------------- ImageMagick is prone to multiple heap-based buffer-overflow vulnerabilities. An attacker can exploit this issue to cause denial-of-service condition and obtain sensitive information. --------------------------------------------- http://www.securityfocus.com/bid/108102 ∗∗∗ Insufficient Privilege Validation in WooCommerce Checkout Manager ∗∗∗ --------------------------------------------- Due to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting over 60,000 sites. If you are using this plugin, we recommend that you update it to version 4.3 immediately. --------------------------------------------- https://blog.sucuri.net/2019/04/insufficient-privilege-validation-in-woocom… ∗∗∗ Schwachstelle in Revive Adserver kann Schadcode-Auslieferung ermöglichen ∗∗∗ --------------------------------------------- Der Werbeanzeigen-Server Revive Adserver ist über zwei Schwachstellen angreifbar; eine davon gilt als kritisch. Version 4.2.0 ist abgesichert. --------------------------------------------- https://heise.de/-4410423 ∗∗∗ Forscher finden Schwachstellen in E-Mail-Signaturprüfung ∗∗∗ --------------------------------------------- Sicherheitsforscher der Fachhochschule Münster und der Ruhr-Universität Bochum haben Schwachstellen in den Implementierungen der weitverbreiteten E-Mail-Verschlüsselungsstandards S/MIME und OpenPGP gefunden --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Signaturfae… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel, openwsman, and ovmf), Debian (gst-plugins-base1.0 and libvirt), Fedora (libX11, poppler, python-urllib3, samba, and wpewebkit), openSUSE (GraphicsMagick), SUSE (atftp, glibc, libssh2_org, and wpa_supplicant), and Ubuntu (wavpack). --------------------------------------------- https://lwn.net/Articles/787158/ ∗∗∗ Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im Foxit Reader und der Foxit Phantom PDF Suite ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0359 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2018-1902) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: A vulnerability affects the IBM FlashSystem 840 and 900 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-affec… ∗∗∗ IBM Security Bulletin: Security vulnerability affects Rational Engineering Lifecycle Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics (CVE-2018-3180, CVE-2013-1624, CVE-2018-1933, CVE-2015-1832, CVE-2018-15494) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ HPESBHF03929 rev.1 - HPE Superdome Flex Server, Local Denial of Service, Disclosure of Information, and Escalation of Privilege ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.04.2019
by Daily end-of-shift report 29 Apr '19

29 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 26-04-2019 18:00 − Montag 29-04-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores ∗∗∗ --------------------------------------------- Malicious actors compromised the Magento installations of a few hundred e-commerce websites and injected them with Magecart skimmer scripts hosted on GitHub. --------------------------------------------- https://www.bleepingcomputer.com/news/security/github-hosted-magecart-card-… ∗∗∗ Old Vulnerabilities Are Still Good Tricks for Todays Attacks ∗∗∗ --------------------------------------------- The value of a security vulnerability drops significantly the moment it gets patched but the bad guys will keep exploiting it for as long as they can find victims that are worth the effort. --------------------------------------------- https://www.bleepingcomputer.com/news/security/old-vulnerabilities-are-stil… ∗∗∗ Typo 3 Spam Infection ∗∗∗ --------------------------------------------- Here at Sucuri most of the malware that we deal with is on CMS platforms like: WordPress, Joomla, Drupal, Magento, and others. But every now and then we come across something a little different. Blackhat SEO Infection in Typo3 Just recently, I discovered a website using the Typo3 CMS that had been infected with a blackhat SEO spam infection: [...] --------------------------------------------- https://blog.sucuri.net/2019/04/typo-3-spam-infection.html ∗∗∗ Schwachstellen in P2P-Komponente: Zwei Millionen IoT-Geräte angreifbar ∗∗∗ --------------------------------------------- Angreifer könnten sich Fernzugriff auf IP-Kameras, smarte Türklingeln und Co. verschaffen. Ein Forscher rät zum Wegwerfen, nennt aber auch einen Workaround. --------------------------------------------- https://heise.de/-4409298 ∗∗∗ A Crash-Course in Card Shops ∗∗∗ --------------------------------------------- The notorious Joker's Stash is perhaps the best-known of many illicit shops in the deep & dark web (DDW) that specialize in, and serve as a primary means through which cybercriminals obtain, stolen payment card data. Commonly referred to as card shops, these shops can also be invaluable resources for those seeking to better understand and combat fraud and cybercrime. read more --------------------------------------------- https://www.securityweek.com/crash-course-card-shops ∗∗∗ So schützen Sie sich vor Phishing-Versuchen ∗∗∗ --------------------------------------------- Beim Phishing versuchen Kriminelle mittels gefälschter E-Mails, Websites und Chat-Nachrichten, sensible Daten von Internetuser/innen abzugreifen. Durch einfach zu treffende Vorkehrungen und ein wachsames Auge kann vermieden werden, auf derartige Betrugsmaschen hereinzufallen. Dies ist wichtig, denn durch falsches Handeln können mitunter hohe finzielle Verluste entstehen. --------------------------------------------- https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-phishing-v… ===================== = Vulnerabilities = ===================== ∗∗∗ Oracle patcht kritische Lücke in WebLogic Server außer der Reihe ∗∗∗ --------------------------------------------- Angreifer könnten WebLogic Server mit vergleichsweise wenig Aufwand attackieren und übernehmen. Nun hat Oracle Sicherheitsupdates veröffentlicht. --------------------------------------------- https://heise.de/-4409153 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, libpng, and openssh), Debian (checkstyle, evolution, gst-plugins-base0.10, gst-plugins-base1.0, imagemagick, libpng1.6, monit, and systemd), Fedora (aria2, php-symfony, php-symfony3, php-symfony4, and python-jinja2), openSUSE (ceph, libssh2_org, libvirt, php7, python3, samba, wget, and xerces-c), Red Hat (rh-python35-python), Slackware (bind), SUSE (libssh2_org), and Ubuntu (evince, gst-plugins-base0.10, gst-plugins-base1.0, and [...] --------------------------------------------- https://lwn.net/Articles/787052/ ∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by potential Host Header Injection (CVE-2019-4166) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storediq-is-affec… ∗∗∗ IBM Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-15756) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-spri… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin : IBM Storwize V7000 Unified is affected by denial of service vulnerability in GPFS (CVE-2018-1783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storwize-v7000-un… ∗∗∗ IBM Security Bulletin : IBM Storwize V7000 Unified is affected by arbitry file read vulnerability in GPFS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storwize-v7000-un… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affect Rational Method Composer March 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.04.2019
by Daily end-of-shift report 26 Apr '19

26 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 25-04-2019 18:00 − Freitag 26-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Getting in the Zone: dumping Active Directory DNS using adidnsdump ∗∗∗ --------------------------------------------- Zone transfers are a classical way of performing reconnaissance in networks (or even from the internet). They require an insecurely configured DNS server that allows anonymous users to transfer all records and gather information about host in the network. What not many people know however is that if Active Directory integrated DNS is used, any [...] --------------------------------------------- https://blog.fox-it.com/2019/04/25/getting-in-the-zone-dumping-active-direc… ∗∗∗ Service Accounts Redux - Collecting Service Accounts with PowerShell ∗∗∗ --------------------------------------------- Back in 2015 I wrote up a "find the service accounts" story - https://isc.sans.edu/forums/diary/Windows+Service+Accounts+Why+Theyre+Evil+… (yes, it really has been that long). The approach I wrote up then used WMIC. Those scripts saw a lot of use back in the day, but dont reflect the fastest or most efficient way to collect this information - I thought today was a good day to cover how to do this much quicker in PowerShell. --------------------------------------------- https://isc.sans.edu/forums/diary/Service+Accounts+Redux+Collecting+Service… ∗∗∗ Statistik: Deutlich mehr Malware für den Mac ∗∗∗ --------------------------------------------- Laut Angaben des Sicherheitsunternehmens Malwarebytes nehmen die Angriffe auf macOS-User zu. Besonders Adware wird zum Problem. --------------------------------------------- https://heise.de/-4408038 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450 ∗∗∗ --------------------------------------------- Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws present a number of attack vectors for a malicious actor, and could allow them to remotely execute code on the victim machine, change the administrator's password and expose user credentials, among [...] --------------------------------------------- https://blog.talosintelligence.com/2019/04/vulnerability-sierra-airlink.html ∗∗∗ Vorsicht vor Betrugs-Mails mit vermeintlichen Rechnungen ∗∗∗ --------------------------------------------- Konsument/innen und Unternehmen erhalten E-Mails, die auf Links zu angeblichen Rechnungen verweisen. Die Betroffenen werden beispielsweise aufgefordert die Rechnungen zu bezahlen oder deren Inhalt zu überprüfen. Wer den Links folgt landet auf betrügerischen Websites, die versuchen, Systeme mit Schadsoftware zu infizieren. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-betrugs-mails-mit-verme… ∗∗∗ An inside look at how credential stuffing operations work ∗∗∗ --------------------------------------------- Data breaches, custom software, proxies, IoT botnets, and hacking forums -- all play a role. --------------------------------------------- https://www.zdnet.com/article/an-inside-look-at-how-credential-stuffing-ope… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension ∗∗∗ --------------------------------------------- If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company - called "Plugin Vulnerabilities" - that recently gone rogue in order to protest against moderators of the WordPress's official support forum has once [...] --------------------------------------------- https://thehackernews.com/2019/04/wordpress-woocommerce-security.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gpac and mercurial), Fedora (kernel-headers and kernel-tools), openSUSE (GraphicsMagick, kauth, lxc, lxcfs, python, qemu, and xmltooling), SUSE (freeradius-server, ImageMagick, libvirt, samba, and wireshark), and Ubuntu (bind9). --------------------------------------------- https://lwn.net/Articles/786884/ ∗∗∗ Synology-SA-19:20 ISC BIND ∗∗∗ --------------------------------------------- CVE-2018-5743 allows remote attackers to conduct denial-of-service attacks via a susceptible version of DNS Server.DNS Server is not affected by CVE-2019-6947 and CVE-2019-6948 as these vulnerabilities only affect ISC BIND 9.10.5 and later. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_20 ∗∗∗ Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190424-… ∗∗∗ IBM Cognos Business Intelligence: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0354 ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2019 – Includes Oracle Jan 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technolo… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM® Java Runtime and Liberty affect IBM BigFix Remote Control ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2018-20346) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulneraqbility-in-s… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability GNU C Library (CVE-2018-16429) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-manager-wit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libtirpc (CVE-2018-14622 CVE-2018-14621) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSH ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSL (CVE-2018-0732 CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.04.2019
by Daily end-of-shift report 25 Apr '19

25 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 24-04-2019 18:00 − Donnerstag 25-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ ExtraPulsar backdoor based on leaked NSA code – what you need to know ∗∗∗ --------------------------------------------- A US security researcher has come up with an open-source Windows backdoor loosely based on NSA attack code that leaked back in 2017. --------------------------------------------- https://nakedsecurity.sophos.com/2019/04/25/extrapulsar-backdoor-based-on-l… ∗∗∗ Android-App "WiFi Finder" leakte private WLAN-Passwörter ∗∗∗ --------------------------------------------- Auf über 100.000 Handys half WiFi Finder beim Verbinden mit öffentlichen Hotspots. In vielen Fällen sammelte die App aber auch private Zugangsdaten. --------------------------------------------- https://heise.de/-4405783 ∗∗∗ Jetzt patchen! Erpressungstrojaner Gandcrab frisst sich durch Confluence-Lücke ∗∗∗ --------------------------------------------- Die Angriffe auf Confluence weiten sich aus. Derzeit versuchen Angreifer verwundbare Systeme mit der Ransomware Gandcrab zu infizieren. --------------------------------------------- https://heise.de/-4407102 ∗∗∗ JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan ∗∗∗ --------------------------------------------- Malware loaders are playing an increasingly important role in malware distribution. They give adversaries the ability to gain an initial foothold on a system and are typically used to deliver various malware payloads following successful compromise. These attacks are popping up more frequently, as we covered in July with Smoke Loader and Brushaloader earlier this year. --------------------------------------------- https://blog.talosintelligence.com/2019/04/jasperloader-targets-italy.html ∗∗∗ Erpressungs-E-Mail von mir selbst ∗∗∗ --------------------------------------------- Momentan versenden Kriminelle E-Mails, in denen Sie behaupten Ihre Webcam gehackt und Sie beobachtet zu haben. Sie hätten angeblich Videomaterial, das Sie beim Masturbieren zeigt. Ihnen droht eine Veröffentlichung des Films, wenn Sie nicht einen bestimmten Geldbetrag in Form von Bitcoins überweisen. Weiters scheint es so, als hätten die Kriminellen die E-Mail von Ihrem Account aus an Sie selbst versendet. Bleiben Sie ruhig, es handelt sich um einen Betrugsversuch! --------------------------------------------- https://www.watchlist-internet.at/news/erpressungs-e-mail-von-mir-selbst/ ===================== = Vulnerabilities = ===================== ∗∗∗ Unpatched Vulnerability Alert - WebLogic Zero Day, (Thu, Apr 25th) ∗∗∗ --------------------------------------------- The news today is full of a new deserialization vulnerability in Oracle WebLogic. This affects all current versions of the product (the POC is against 10.3, but 12.x versions are also affected). The vulnerability affects the wls9_async_response package (which is not included by default in all builds), so the workaround is to either ACL the Z/_async/* and /wls-wsat/* paths, or delete wls9_async_response.war. A successful attack gets the attacker remote code exec on the vulnerable server. --------------------------------------------- https://isc.sans.edu/diary/rss/24880 ∗∗∗ Technical Advisory: Private Key Extraction from Qualcomm Hardware-backed Keystores ∗∗∗ --------------------------------------------- Recent Android devices include a hardware-backed keystore, which developers can use to protect their cryptographic keys with secure hardware. On some devices, Qualcomms TrustZone-based keystore leaks sensitive information through the branch predictor and memory caches, enabling recovery of 224 and 256-bit ECDSA keys. --------------------------------------------- https://www.nccgroup.trust/us/our-research/private-key-extraction-qualcomm-… ∗∗∗ New security release versions of BIND are available: 9.11.6-P1, 9.12.4-P1, and 9.14.1 ∗∗∗ --------------------------------------------- CVE-2018-5743: Limiting simultaneous TCP clients is ineffective CVE-2019-6467: An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c CVE-2019-6468: BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used --------------------------------------------- https://lists.isc.org/pipermail/bind-announce/2019-April/001126.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (putty and systemd), Fedora (kernel, kernel-headers, and kernel-tools), Gentoo (ming and qemu), openSUSE (openexr and slurm), SUSE (ImageMagick, jasper, ntfs-3g_ntfsprogs, openssh, and webkit2gtk3), and Ubuntu (php5 and tcpflow). --------------------------------------------- https://lwn.net/Articles/786749/ ∗∗∗ TIBCO Security Advisories ∗∗∗ --------------------------------------------- https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-ap… https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-ap… https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-ap… https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-ap… https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-ap… https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-ap… ∗∗∗ BIND vulnerability CVE-2018-5743 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K74009656 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by information disclosure vulnerability (CVE-2019-6157) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integrated-manage… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2019-4047) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2018-2004) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by weak cryptographic algorithms (CVE-2018-2007) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-siteprot… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in GNU C Library (CVE-2017-15804 CVE-2017-15670 CVE-2015-5180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in xorg-x11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in cURL (CVE-2018-14618) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-an… ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in GNU C Library (CVE-2018-11236) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integrated-manage… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily