=====================
= End-of-Day report =
=====================
Timeframe: Freitag 29-11-2019 18:00 β Montag 02-12-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
βββ Cybercrime-Bericht 2018: KriminalitΓ€t im Netz bleibt groΓe Herausforderung βββ
---------------------------------------------
Auch im Jahr 2018 verzeichnete das Cybercrime Competence Center (C4) des Bundeskriminalamtes eine Zunahme von Cybercrime Delikten. Im Vergleich zum Vorjahr wurde ein Anstieg von 16,8 Prozent registriert, vorwiegend im Bereich Internetbetrug.
---------------------------------------------
http://www.bmi.gv.at/news.aspx?id=6D4D326A543767595673593D
βββ Analysis of Malicious ElectrumX Servers Source Code βββ
---------------------------------------------
Recently I have found some malicious ElectrumX nodes in the Electrum network that are still being connected by the Electrum software. In this post I share some information about these nodes and the ElectrumX patched code that they execute.
---------------------------------------------
http://www.peppermalware.com/2019/12/analysis-of-malicious-electrumx-serverβ¦
βββ Polizei warnt vor professionellen Fake-Shops im Internet βββ
---------------------------------------------
In der Weihnachtszeit wird krΓ€ftig online eingekauft. Das machen sich auch BetrΓΌger zunutze. Experten der Polizei warnen gerade jetzt vor deren Maschen.
---------------------------------------------
https://heise.de/-4600046
βββ Insight into NIS Directive sectoral incident response capabilities βββ
---------------------------------------------
The report provides a deeper insight into NISD sectoral Incident Response capabilities, procedures, processes and tools to identify the trends and possible gaps and overlaps.
---------------------------------------------
https://www.helpnetsecurity.com/2019/12/02/nis-directive-incident-response/
=====================
= Vulnerabilities =
=====================
βββ Multiple Critical Vulnerabilities in SALTO ProAccess SPACE βββ
---------------------------------------------
In the software SALTO ProAccess Space ... multiple typical web application vulnerabilities got identified. An authenticated attacker was able to exploit a path traversal vulnerability to backup arbitrary files into the web root. This allowed an attacker to export the database into the web root and download it.
Furthermore, it was possible to combine another export feature with the path traversal vulnerability to write arbitrary contents to arbitrary locations on the backend Windows server.
---------------------------------------------
https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilitieβ¦
βββ Security updates for Monday βββ
---------------------------------------------
Security updates have been issued by Debian (389-ds-base, asterisk, file, nss, proftpd-dfsg, ssvnc, and tnef), Fedora (chromium, djvulibre, freeradius, ImageMagick, jhead, kernel, phpMyAdmin, python-pillow, and rubygem-rmagick), Mageia (bzip2, chromium-browser-stable, curl, dbus, djvulibre, glib2.0, glibc, gnupg2, httpie, libreoffice, libssh2, mosquitto, nginx, python-sqlalchemy, unbound, and zipios++), openSUSE (bluez, clamav, cpio, freerdp, openafs, phpMyAdmin, strongswan, and webkit2gtk3),
---------------------------------------------
https://lwn.net/Articles/806079/
βββ Multiple Cisco Analog Telephone Adapters Remote Code Execution Vulnerabilities βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Webex Teams and Cisco Webex Meetings Client DLL Hijacking Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 28-11-2019 18:00 β Freitag 29-11-2019 18:00
Handler: Robert Waldner
Co-Handler: Dimitri Robl
=====================
= News =
=====================
βββ SicherheitslΓΌcken: So einfach lassen sich SMS mitlesen βββ
---------------------------------------------
Mit dem SMS-Nachfolger RCS werden SMS und Telefonanrufe ΓΌber das Internet abgewickelt - mit einem vorgegebenen Passwort. Mit diesem kΓΆnnen auch klassische SMS unbemerkt mitgelesen werden. Eine entsprechende Konfigurationsdatei lΓ€sst sich von jeder App empfangen. (Joyn, Datenschutz)
---------------------------------------------
https://www.golem.de/news/sicherheitsluecken-so-einfach-lassen-sich-sms-mitβ¦
βββ Smartwatch exposes locations and other data on thousands of children βββ
---------------------------------------------
A device that is supposed to help parents keep track of their children and give them a peace of mind can be turned into a surveillance device for bad actors The post Smartwatch exposes locations and other data on thousands of children appeared first on WeLiveSecurity
---------------------------------------------
https://www.welivesecurity.com/2019/11/29/smartwatch-exposes-location-data-β¦
=====================
= Vulnerabilities =
=====================
βββ Y2K-Bug-Variante trifft Splunk-Produkte β LΓΆsungen verfΓΌgbar βββ
---------------------------------------------
Splunk-Admins sollten sich vor dem Jahreswechsel dringend mit einem "Jahr-2020-Problem" in der Software auseinandersetzen. Updates stehen bereit.
---------------------------------------------
https://heise.de/-4599420
βββ Security updates for Friday βββ
---------------------------------------------
Security updates have been issued by Debian (libvpx and vino), Fedora (grub2 and nss), and SUSE (cloud-init, libarchive, libtomcrypt, ncurses, and ucode-intel).
---------------------------------------------
https://lwn.net/Articles/805811/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 27-11-2019 18:00 β Donnerstag 28-11-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
βββ Video: Abo-Falle Streaming-Plattformen βββ
---------------------------------------------
Streaming-Plattformen werben mit einer kostenlosen Registrierung. Nach fΓΌnf Tagen verlangen sie von BenutzerInnen fΓΌr einen Premium-Status 358,80 Euro, 359,88 Euro bzw. 395,88 Euro. FΓΌr die Bezahlung der Rechnung gibt es keinen Grund.
---------------------------------------------
https://www.watchlist-internet.at/news/video-abo-falle-streaming-plattformeβ¦
βββ Adobe discloses security breach impacting Magento Marketplace users βββ
---------------------------------------------
Security breach was detected last week and traced back to a vulnerability in the Magento Marketplace website.
---------------------------------------------
https://www.zdnet.com/article/adobe-discloses-security-breach-impacting-magβ¦
=====================
= Vulnerabilities =
=====================
βββ BlackBerry Powered by Android Security Bulletin - November 2019 βββ
---------------------------------------------
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build.
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumberβ¦
βββ DSA-4577 haproxy - security update βββ
---------------------------------------------
Tim DΓΌsterhus discovered that haproxy, a TCP/HTTP reverse proxy, didnot properly sanitize HTTP headers when converting from HTTP/2 toHTTP/1. This would allow a remote user to perform CRLF injections.
---------------------------------------------
https://www.debian.org/security/2019/dsa-4577
βββ QNAP NAS: Hersteller fixt unter anderem kritische Schwachstelle in Photo Station βββ
---------------------------------------------
QTS-Updates beseitigen zahlreiche AngriffsmΓΆglichkeiten aus der Ferne.
---------------------------------------------
https://heise.de/-4598238
βββ Security updates for (US) Thanksgiving βββ
---------------------------------------------
Security updates have been issued by Debian (haproxy and libvorbis), Fedora (mod_auth_mellon and xen), Oracle (389-ds-base, kernel, and tcpdump), SUSE (bsdtar, java-11-openjdk, java-1_7_0-openjdk, and libxml2), and Ubuntu (nss and python-psutil).
---------------------------------------------
https://lwn.net/Articles/805777/
βββ WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery βββ
---------------------------------------------
https://jvn.jp/en/jp/JVN26838191/
βββ Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Using Components with Known Vulnerabilities βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-packeβ¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 26-11-2019 18:00 β Mittwoch 27-11-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
βββ Almost 60% Of Malicious Ads Come from Three Ad Providers βββ
---------------------------------------------
In Confiants "Demand Quality Report for Q3 2019", the ad fraud and security company analyzed 120 billion ad impressions between January 1st and September 20th that flowed through their systems in order to provide a breakdown of different malicious ad campaigns.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/almost-60-percent-of-malicioβ¦
βββ Top 25 Most Dangerous Vulnerabilities Refreshed After 8 Years βββ
---------------------------------------------
For the first time in eight years, the list with the most dangerous 25 software vulnerabilities received an update that promises to be relevant for current times.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/top-25-most-dangerous-vulnerβ¦
βββ MITRE ATT&CK vulnerability spotlight: Credentials in registry βββ
---------------------------------------------
One of the attack stages as described in the MITRE ATT&CK tool is credential access, where a hacker tries to steal user credential information to gain access to new accounts or elevate privileges on a compromised system. One of the means by which an attacker can perform this stage of an attack is by extracting credentials from where they are stored in the Windows registry.
---------------------------------------------
https://resources.infosecinstitute.com/mitre-attck-vulnerability-spotlight-β¦
βββ Insights from one year of tracking a polymorphic threat βββ
---------------------------------------------
We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One yearβs worth of intelligence helped us gain insight not only into the goals and motivations of Dexphotβs authors, but of cybercriminals in general.
---------------------------------------------
https://www.microsoft.com/security/blog/2019/11/26/insights-from-one-year-oβ¦
βββ Exposed Firebase Database βββ
---------------------------------------------
An issue can arise in firebase when developers fail to enable authentication. This vulnerability is very similar to every other database misconfiguration, theres no authentication. Leaving a database exposed to the world unauthenticated is an open invite for malicious hackers.
---------------------------------------------
http://ghostlulz.com/google-exposed-firebase-database/
βββ Vorsicht vor Ping-Anrufen! βββ
---------------------------------------------
KonsumentInnen erhalten immer wieder sogenannte Ping-Calls. Sie werden dabei von unbekannten Nummern angerufen. Die Anrufe werden meist nach dem ersten oder zweiten LΓ€uten wieder beendet. Wer aus HΓΆflichkeit oder Neugierde zurΓΌckruft, tappt in die Kostenfalle. Bei unbekannten, verdΓ€chtigen Nummern gilt: Nicht abheben und nicht zurΓΌckrufen!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-ping-anrufen/
=====================
= Vulnerabilities =
=====================
βββ Security updates for Wednesday βββ
---------------------------------------------
Security updates have been issued by Debian (bsdiff, libvpx, tiff, and xmlrpc-epi), Fedora (freeimage, imapfilter, kernel, mingw-freeimage, and thunderbird), openSUSE (cups and djvulibre), Oracle (SDL), SUSE (ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud, freerdp, mailman, slurm) and Ubuntu (ruby2.3, ruby2.5).
---------------------------------------------
https://lwn.net/Articles/805720/
βββ Security Advisory - Information Leak Vulnerability in Huawei Smart Speaker Myna βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-β¦
βββ Security Advisory - Buffer Overflow Vulnerability in Huawei Atlas Product βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-β¦
βββ Security Advisory - Improper Authorization Vulnerability in Several Smartphones βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-β¦
βββ Security Advisory - Information Disclosure Vulnerability in Several Smartphones βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-β¦
βββ Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to (CVE-2019-1559) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qrβ¦
βββ Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2019-1547, CVE-2019-1563) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssβ¦
βββ Security Bulletin: Vulnerability CVE-2019-10218 in Samba affects IBM i βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-10β¦
βββ Security Bulletin: Python as used by IBM QRadar Network Packet Capture is vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers (CVE-2019-9947, CVE-2019-9948) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-python-as-used-by-ibm-qraβ¦
βββ Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to a timing side channel attack (CVE-2018-0734) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qrβ¦
βββ TMM vulnerability CVE-2019-6669 βββ
---------------------------------------------
https://support.f5.com/csp/article/K11447758
βββ BIG-IP AAM vulnerability CVE-2019-6666 βββ
---------------------------------------------
https://support.f5.com/csp/article/K92411323
βββ BIG-IP FIX profile security advisory vulnerability CVE-2019-6667 βββ
---------------------------------------------
https://support.f5.com/csp/article/K82781208
βββ BIG-IP TMM vulnerability CVE-2019-6671 βββ
---------------------------------------------
https://support.f5.com/csp/article/K39225055
βββ BIG-IP AFM vulnerability CVE-2019-6672 βββ
---------------------------------------------
https://support.f5.com/csp/article/K14703097
βββ BIG-IP ASM Bot Detection DNS cache does not expire security exposure βββ
---------------------------------------------
https://support.f5.com/csp/article/K79240502
βββ The BIG-IP system may fail to properly parse HTTP headers that are prepended by whitespace (non RFC2616 compliant) βββ
---------------------------------------------
https://support.f5.com/csp/article/K39794285
βββ BIG-IP ASM and BIG-IQ/Enterprise Manager/F5 iWorkflow device authentication and trust vulnerability CVE-2019-6665 βββ
---------------------------------------------
https://support.f5.com/csp/article/K26462555
βββ BIG-IP HTTP/2 vulnerability CVE-2019-6673 βββ
---------------------------------------------
https://support.f5.com/csp/article/K81557381
βββ F5 SSL Orchestrator vulnerability CVE-2019-6674 βββ
---------------------------------------------
https://support.f5.com/csp/article/K21135478
βββ BIG-IP Edge Client for macOS vulnerability CVE-2019-6668 βββ
---------------------------------------------
https://support.f5.com/csp/article/K49827114
βββ BIG-IP APM ignores the Restrict to Single Client IP option for Native RDP resources βββ
---------------------------------------------
https://support.f5.com/csp/article/K24241590
βββ vCMP vulnerability CVE-2019-6670 βββ
---------------------------------------------
https://support.f5.com/csp/article/K05765031
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 25-11-2019 18:00 β Dienstag 26-11-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
βββ Unsichere Tracking-Smartwatch: Angreifer kΓΆnnten Tausende Kinder stalken βββ
---------------------------------------------
Billige Tracker-Uhren aus China sind recht hΓ€ufig Gegenstand von Sicherheitswarnungen. Das aktuelle Kindermodell SMA-WATCH-M2 setzt den (AbhΓΆr-)Alptraum fort.
---------------------------------------------
https://heise.de/-4596410
βββ Vorsicht beim Black-Friday-Shopping βββ
---------------------------------------------
Zahlreiche Online-HΓ€ndlerInnen locken im Zuge des Black Fridays mit sagenhaften Angeboten. Am Freitag kΓΆnnen Sie Kleidung, Elektronik, Haushaltswaren und viel mehr deutlich gΓΌnstiger erwerben. Seien Sie jedoch bei den unglaublichsten SchnΓ€ppchen doppelt vorsichtig, denn nicht jedes Angebot ist seriΓΆs.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-beim-black-friday-shopping/
βββ A hacking group is hijacking Docker systems with exposed API endpoints βββ
---------------------------------------------
Its almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.
---------------------------------------------
https://www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-wβ¦
=====================
= Vulnerabilities =
=====================
βββ ZDI-19-996: Dell EMC Storage Monitoring and Reporting Java RMI Deserialization of Untrusted Data Remote Code Execution Vulnerability βββ
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dell EMC Storage Monitoring and Reporting. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-996/
βββ Xen Security Advisory XSA-306 - Device quarantine for alternate pci assignment methods βββ
---------------------------------------------
An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-306.html
βββ Security updates for Tuesday βββ
---------------------------------------------
Security updates have been issued by Debian (libxdmcp, nss, php-imagick, and ruby2.1), openSUSE (java-11-openjdk), Red Hat (389-ds-base, kernel, kernel-rt, python-jinja2, qemu-kvm-ma, and tcpdump), SUSE (bluez, clamav, cpio, cups, gcc9, libpng16, libssh2_org, mailman, sqlite3, squid, strongswan, tiff, and webkit2gtk3), and Ubuntu (redmine).
---------------------------------------------
https://lwn.net/Articles/805650/
βββ Paessler PRTG: Mehrere Schwachstellen βββ
---------------------------------------------
PRTG Network Monitor ist eine Netzwerk Monitoring Werkzeug der Paessler AG. Ein Angreifer kann mehrere Schwachstellen in Paessler PRTG ausnutzen, um einen nicht nΓ€her spezifizierten Angriff durchzufΓΌhren oder beliebigen Programmcode mit Rechten des Dienstes auszufΓΌhren.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1019
βββ Kaspersky Produkte: Mehrere Schwachstellen βββ
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Kaspersky Anti-Virus, Kaspersky Internet Security und Kaspersky Total Security ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1018
βββ Security Bulletin: Multiple IBM MQ Security Vulnerabilities Affect IBM Sterling B2B Integrator βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-mq-security-β¦
βββ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server on AIX (CVE-2019-4473, CVE-2019-11771) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-β¦
βββ Security Bulletin: WebSphere Application Server is vulnerable to Apache Commons Beanutils (CVE-2019-10086) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-serβ¦
βββ Security Bulletin: SQL Injection Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4387) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerabiliβ¦
βββ Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2019-4057, CVE-2019-4101, CVE-2019-4154, CVE-2019-4386, CVE-2019-4322) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-vulnerabilitβ¦
βββ BIG-IP Engineering Hotfix authentication bypass vulnerability CVE-2019-6675 βββ
---------------------------------------------
https://support.f5.com/csp/article/K55655944
βββ NodeJS vulnerability CVE-2018-7160 βββ
---------------------------------------------
https://support.f5.com/csp/article/K63025104
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 22-11-2019 18:00 β Montag 25-11-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ A Short History of Juice Jacking βββ
---------------------------------------------
The days are now shorter, and the holiday season is upon us. Many of us have travel booked to bring our family together and will soon be uncomfortably sitting in the halls of airline terminals, desperate to escape the monotony of an international waiting room we will sit transfixed to our mobile devices. Breaking our mobile-mindfulness-zen like state, an alert graces the screen: 15% battery life remaining.
---------------------------------------------
https://www.secjuice.com/history-of-juice-jacking/
βββ Local Malware Analysis with Malice, (Sat, Nov 23rd) βββ
---------------------------------------------
This project (Malice) provides the ability to have your own locally managed multi-engine malware scanning system. The framework allows the owner to analyze files for known malware. It can be used both as a command tool to analyze samples and review the results via a Kibana web interface. The Command-Line Interface (CLI) is used to scan a file or directory or can be setup to watch and scan new files when copied into a write only directory.
---------------------------------------------
https://isc.sans.edu/diary/rss/25544
βββ Introducing Merlin - A cross-platform post-exploitation HTTP/2 Command & Control Tool βββ
---------------------------------------------
Merlin is a cross-platform post-exploitation framework that leverages HTTP/2 communications to evade inspection. HTTP/2 is a relatively new protocol that requests Perfect Forward Secrecy (PFS) encryption cipher suites are used. ... Additionally, many security technologies are not equipped with HTTP/2 protocol dissectors and are therefore not able to evaluate traffic even if keying material is provided.
---------------------------------------------
https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a
βββ Trickbot Updates Password Grabber Module βββ
---------------------------------------------
Trickbot is a modular malware, and one of its modules is a password grabber. In November 2019, we started seeing indicators of Trickbot's password grabber targeting data from OpenSSH and OpenVPN applications.
---------------------------------------------
https://unit42.paloaltonetworks.com/trickbot-updates-password-grabber-modulβ¦
βββ PC-Fernwartung: Sicherheitsforscher warnen vor angreifbarer VNC-Software βββ
---------------------------------------------
Angreifer kΓΆnnten Clients und Server mit verschiedener VNC-Software attackieren und unter bestimmten Voraussetzungen Malware platzieren.
---------------------------------------------
https://heise.de/-4595718
βββ Kauf von Konzertkarten auf eventtickets24.com birgt Gefahren βββ
---------------------------------------------
Die Smartfox Media b.v. aus den Niederlanden bietet auf eventtickets24.com Konzert- und Veranstaltungskarten an. Zahlreiche KundInnen berichten von groben Problemen nach dem Ticketkauf. So kommt es u.U. zu Schwierigkeiten bei der Beschaffung und Lieferung oder ausbleibenden RΓΌckerstattungen nach Nichtlieferung. Wir raten zu groΓer Vorsicht bei diesem Angebot.
---------------------------------------------
https://www.watchlist-internet.at/news/kauf-von-konzertkarten-auf-eventtickβ¦
=====================
= Vulnerabilities =
=====================
βββ Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps βββ
---------------------------------------------
CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the underlying problem lies in the library called libpl_droidsonroids_gif.so, which is part of the android-gif-drawable package. While this flaw has also been patched, many [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/sBAf9Ks1I8Y/
βββ Security updates for Monday βββ
---------------------------------------------
Security updates have been issued by Debian (chromium, enigmail, isc-dhcp, libice, libofx, and pam-python), Fedora (chromium, ghostscript, mingw-cfitsio, mingw-gdal, mingw-libidn2, and rsyslog), Gentoo (adobe-flash, chromium, expat, and firefox), openSUSE (apache2-mod_perl, haproxy, java-11-openjdk, and ncurses), Oracle (ghostscript, kernel, php:7.2, php:7.3, and sudo), Red Hat (chromium-browser, python27-python, and SDL), and Ubuntu (dpdk and libvpx).
---------------------------------------------
https://lwn.net/Articles/805527/
βββ Weak encryption cipher and hardcoded cryptographic keys in Fortinet products βββ
---------------------------------------------
https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcβ¦
βββ Security Bulletin: Incorrect permissions on CIT files in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-2025) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-permissions-on-β¦
βββ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Enterprise Resource Planning on AIX (CVE-2019-4473, CVE-2019-11771) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-β¦
βββ Security Bulletin: Denial of Service vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4406) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulneraβ¦
βββ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot on AIX (CVE-2019-4473, CVE-2019-11771) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-β¦
βββ Security Bulletin: SMB signing not required in IBM Spectrum Protect Plus (CVE-2016-2115) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-smb-signing-not-required-β¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 21-11-2019 18:00 β Freitag 22-11-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
βββ Securing Portable Electronic Devices During Travel βββ
---------------------------------------------
Holiday travelers often use portable electronic devices (PEDs) because they offer a range of conveniences, for example, enabling the traveler to order gifts on-the-go, access to online banking, or download boarding passes. However, these devices are vulnerable to cyberattack or theft, resulting in exposure of personal information.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/11/22/securing-portable-β¦
βββ Abusing Web Filters Misconfiguration for Reconnaissance βββ
---------------------------------------------
Yesterday, an interesting incident was detected while working at a customer SOC. They use a βnext-generationβ firewall that implements a web filter based on categories. This is common in many organizations today: Users web traffic is allowed/denied based on an URL categorization database (like βadult contentβ, βhackingβ, βgamblingβ, β¦). How was it detected?
---------------------------------------------
https://isc.sans.edu/diary/rss/25538
βββ ENISA: How to implement security by design for IoT βββ
---------------------------------------------
ENISA, the European Union Agency for Cybersecurity releases βGood Practices for Security of IoTβ, a significant report to promote security by design for IoT.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/how-to-implement-security-by-deβ¦
βββ A guidebook to open-source OT reconnaissance βββ
---------------------------------------------
An attacker targeting OT needs to perform reconnaissance on the targeted system and learn how it is connected to the IT network. This often involves old-fashioned or digital espionage, but a lot of such information is actually available out there in the open. ... how open source intelligence (OSINT) can be used to learn crucial details of the inner workings of many a system. An important lesson from Daniels paper and talk is that security by obscurity is dead and ...
---------------------------------------------
https://www.virusbulletin.com/blog/2019/11/vb2019-paper-fantastic-informatiβ¦
βββ Introducing Flan Scan: Cloudflareβs Lightweight Network Vulnerability Scanner βββ
---------------------------------------------
Today, weβre excited to open source Flan Scan, Cloudflareβs in-house lightweight network vulnerability scanner. Flan Scan is a thin wrapper around Nmap that converts this popular open source tool into a vulnerability scanner with the added benefit of easy deployment.
---------------------------------------------
https://blog.cloudflare.com/introducing-flan-scan/
βββ Ransomware: A free tool can decrypt this malware variant that puts a ransom note on you desktop wallpaper βββ
---------------------------------------------
Emsisoft, which has build the decryption tool, said that the Hakbit ransomware has hit home users and businesses in the US and Europe, demanding $300 in bitcoin from victims, while warning them how many files they stand to lose.
---------------------------------------------
https://www.zdnet.com/article/ransomware-a-free-tool-can-decrypt-this-malwaβ¦
=====================
= Vulnerabilities =
=====================
βββ ClamAV: Schwachstelle ermΓΆglicht Denial of Service βββ
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in ClamAV ausnutzen, um einen Denial of Service Angriff durchzufΓΌhren.
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/11/warnβ¦
βββ Nodequeue - Critical - Cross Site Scripting - SA-CONTRIB-2019-085 βββ
---------------------------------------------
Nodequeues JavaScript can be leveraged to insert HTML from attacker-controlled JSON data. This is exploitable if user-submitted "Filtered HTML" content is displayed on a page where nodequeue.js is loaded. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "manipulate queues".
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-085
βββ Security updates for Friday βββ
---------------------------------------------
Security updates have been issued by Fedora (dpdk, mingw-djvulibre, mingw-hunspell, mingw-ilmbase, mingw-OpenEXR, php-symfony, php-symfony3, and rsyslog), openSUSE (chromium and squid), SUSE (aspell, cups, djvulibre, and dpdk), and Ubuntu (djvulibre).
---------------------------------------------
https://lwn.net/Articles/805367/
βββ Asterisk: Mehrere Schwachstellen βββ
---------------------------------------------
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Asterisk ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszufΓΌhren oder einen Denial of Service Zustand herbeizufΓΌhren.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1011
βββ New bypass disclosed in Microsoft PatchGuard (KPP) βββ
---------------------------------------------
After GhostHook and InfinityHook, we now have ByePg. No patch out yet.
---------------------------------------------
https://www.zdnet.com/article/new-bypass-disclosed-in-microsoft-patchguard-β¦
βββ Security Bulletin: Information disclosure vulnerability in IBM Tivoli Netcool Impact (CVE-2019-4570) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vuβ¦
βββ Security Bulletin: Log Analysis is vulnerable to a client side scripting attack due to missing HTTPOnly and Secure attribute in the cookie βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-log-analysis-is-vulnerablβ¦
βββ Security Bulletin: Stored cross site scripting vulnerability in IBM Tivoli Netcool Impact (CVE-2019-4569) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-stored-cross-site-scriptiβ¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 20-11-2019 18:00 β Donnerstag 21-11-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin βββ
---------------------------------------------
Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability present since Jetpack 5.1.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/millions-of-sites-exposed-byβ¦
βββ New RIPlace Bypass Evades Windows 10, AV Ransomware Protection βββ
---------------------------------------------
A new ransomware bypass technique called RIPlace requires only a few lines of code to bypass ransomware protection features built into many security products and Windows 10.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-riplace-bypass-evades-wiβ¦
βββ Gnip Banking Trojan Shows Ongoing, Aggressive Development βββ
---------------------------------------------
The mobile malware, which incorporates Anubis source code, could evolve into a fully fledged spyware in the future.
---------------------------------------------
https://threatpost.com/gnip-banking-trojan-aggressive-development/150521/
βββ Linux Webmin Servers Under Attack by Roboto P2P Botnet βββ
---------------------------------------------
A newly-discovered peer-to-peer (P2P) botnet has been found targeting a remote code execution vulnerability in Linux Webmin servers.
---------------------------------------------
https://threatpost.com/linux-webmin-servers-attack-p2p-botnet/150513/
βββ Security baseline (FINAL) for Windows 10 v1909 and Windows Server v1909 βββ
---------------------------------------------
Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1909 (a.k.a., β19H2β), and for Windows Server version 1909. Note that Windows Server version 1909 is Server Core only and does not offer a Desktop Experience (a.k.a., βfullβ) server installation option.
---------------------------------------------
https://techcommunity.microsoft.com/t5/Microsoft-Security-Baselines/Securitβ¦
βββ Explained: juice jacking βββ
---------------------------------------------
Juice jacking is a type of cyberattack that uses a USB charging port to steal data or infect phones with malware. Learn how it works and ways to protect against it.
---------------------------------------------
https://blog.malwarebytes.com/explained/2019/11/explained-juice-jacking/
βββ Video: IdentitΓ€tsdiebstahl bei Umfragejob βββ
---------------------------------------------
Auf diversen Job-Portalen stoΓen Sie momentan auf Ausschreibungen zu Umfragejobs. Schon bei der Registrierung verlangt man Ihre Ausweiskopie. Melden Sie sich hier nicht an! Kriminelle stehlen Ihre Daten und tarnen die ErΓΆffnung eines Bankkontos in Ihrem Namen als bezahlte Umfrage.
---------------------------------------------
https://www.watchlist-internet.at/news/video-identitaetsdiebstahl-bei-umfraβ¦
βββ DePriMon downloader uses novel ways to infect your PC with ColoredLambert malware βββ
---------------------------------------------
It is believed the downloader is using techniques not seen before in the wild.
---------------------------------------------
https://www.zdnet.com/article/deprimon-downloader-uses-novel-ways-to-infectβ¦
βββ New SectopRAT Trojan creates hidden second desktop to control browser sessions βββ
---------------------------------------------
The Trojan makes sure the second desktop is hidden from sight.
---------------------------------------------
https://www.zdnet.com/article/new-sectoprat-malware-creates-hidden-second-dβ¦
=====================
= Vulnerabilities =
=====================
βββ Microsoft Releases Outlook for Android Security Update βββ
---------------------------------------------
Original release date: November 21, 2019Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/11/21/microsoft-releasesβ¦
βββ New security release versions of BIND are available: 9.11.13, 9.14.8 and 9.15.6 βββ
---------------------------------------------
New security releases of BIND are available which contain fixes for the CVEs disclosed today.
---------------------------------------------
https://lists.isc.org/pipermail/bind-announce/2019-November/001143.html
βββ Apache Solr Bug Gets Bumped Up to High Severity βββ
---------------------------------------------
The vulnerability (CVE-2019-12409) was first reported in July and patched in August. ... Since the bug was initially discovered, researchers have reevaluated the threat and escalated its severity to high-risk.
---------------------------------------------
https://threatpost.com/apache-solr-bug-gets-bumped-up-to-high-severity/1504β¦
βββ Security updates for Thursday βββ
---------------------------------------------
Security updates have been issued by Fedora (oniguruma and thunderbird-enigmail), openSUSE (chromium, ghostscript, and slurm), Oracle (kernel), Red Hat (kpatch-patch), Slackware (bind), SUSE (python-ecdsa), and Ubuntu (bind9 and mariadb).
---------------------------------------------
https://lwn.net/Articles/805281/
βββ Security Bulletin: Inadequate account lockout in Cloud Pak System (CVE-2019-4096) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-inadequate-account-lockouβ¦
βββ Security Bulletin: Vulnerabilities in WAS Liberty affect IBM Spectrum LSF Suite, Spectrum LSF Suite for HPA and Spectrum LSF Application Center βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-was-liβ¦
βββ Security Bulletin: Bypass Client-Side Validation vulnerability in Cloud Pak System (CVE-2019-4240) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-bypass-client-side-validaβ¦
βββ Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM Operations Analytics β Log Analysis (CVE-2019-4243) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apacheβ¦
βββ Security Bulletin: Clickjacking vulnerability in IBM Operations Analytics β Log Analysis (CVE-2019-4215) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-clickjacking-vulnerabilitβ¦
βββ Security Bulletin: IBM Operations Analytics β Log Analysis is vulnerable to potential Host Header Injection (CVE-2019-4216) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-β¦
βββ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoil Federated Identity Manager βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-β¦
βββ Security Bulletin: XStream as used by IBM QRadar SIEM is vulnerable to os command injection (CVE-2019-10173) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-xstream-as-used-by-ibm-qrβ¦
βββ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center on AIX (CVE-2019-4473, CVE-2019-11771) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-β¦
βββ IBM Security Bulletin: A Vulnerability in Apache PDFBox Affects Transformation Extender βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-apβ¦
βββ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (CVE-2019-4473, CVE-2019-11771) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-β¦
βββ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (July2019 updates) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-β¦
βββ Security Bulletin: IBM Cognos Controller 2019Q4 Security Updater: Multiple Security Vulnerabilities have been identified in IBM Cognos Controller βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-controller-201β¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 19-11-2019 18:00 β Mittwoch 20-11-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
βββ NSA Releases Cyber Advisory: Managing Risk from Transport Layer Security Inspection βββ
---------------------------------------------
The National Security Agency (NSA) has released a Cyber Advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted), explains some risks and associated challenges, and discusses mitigations.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/11/19/nsa-releases-cyberβ¦
βββ D-Link Adds More Buggy Router Models to 'Wonβt Fix' List βββ
---------------------------------------------
D-Link has warned that more of its routers are vulnerable to critical flaws that allow remote hackers to take control of hardware and steal data. The routers wonβt be fixed, said D-Link, explaining that the hardware has reached its end-of-life and will no longer receive security updates. ... D-Link identified the additional affected models as: DIR-866, DIR-655, DHP-1565, DIR-652, DAP-1533, DGL-5500, DIR-130, DIR-330, DIR-615, DIR-825, DIR-835, DIR-855L and DIR-862.
---------------------------------------------
https://threatpost.com/d-link-wont-fix-router-bugs/150438/
βββ Monero Project site compromised, served malware-infected binaries βββ
---------------------------------------------
The official website of the Monero Project has been compromised to serve a malware-infected version of the CLI (command-line interface) wallet. The malicious file was available for download for around 14 hours and at least one of the users who downloaded the malware has had their funds stolen. What happened?
---------------------------------------------
https://www.helpnetsecurity.com/2019/11/20/monero-project-compromised/
=====================
= Vulnerabilities =
=====================
βββ Google and Samsung Fix Android Spying Flaw. Other Makers May Still Be Vulnerable βββ
---------------------------------------------
Until recently, weaknesses in Android camera apps from Google and Samsung made it possible for rogue apps to record video and audio and take images and then upload them to an attacker-controlled server -- without any permissions to do so. Camera apps from other manufacturers may still be susceptible.
---------------------------------------------
https://tech.slashdot.org/story/19/11/19/1737219/google-and-samsung-fix-andβ¦
βββ Administration Views - Moderately critical - Access bypass - SA-CONTRIB-2019-076 βββ
---------------------------------------------
This module replaces administrative overview/listing pages with actual views for superior usability.The module doesnt sufficiently check user access when using the "Menu system path" access handler on a Views displays other than "System".
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-076
βββ Unbound: Vulnerability in IPSEC module βββ
---------------------------------------------
Due to unsanitized characters passed to the ipsecmod-hook shell command, it is possible for Unbound to allow shell code execution from a specially crafted IPSECKEY answer. (CVE-2019-18934)
---------------------------------------------
https://nlnetlabs.nl/projects/unbound/security-advisories/
βββ Flexera FlexNet Publisher βββ
---------------------------------------------
These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory corruption vulnerability could allow remote code execution. (CVE-2018-20033, CVSS v3 9.8)
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-323-01
βββ High Severity Vulnerability Patched in WP Maintenance Plugin βββ
---------------------------------------------
This flaw allowed attackers to enable a vulnerable siteβs maintenance mode and inject malicious code affecting site visitors. We disclosed this issue privately to the pluginβs developer who released a patch the next day. Plugin versions of WP Maintenance up to 5.0.5 are vulnerable to attacks against this flaw. All WP Maintenance users should update to version 5.0.6 immediately.
---------------------------------------------
https://www.wordfence.com/blog/2019/11/high-severity-vulnerability-patched-β¦
βββ Security updates for Wednesday βββ
---------------------------------------------
Security updates have been issued by Debian (redmine), Fedora (libidn2), Mageia (clamav, ghostscript, kernel, kernel-linus, libexif, libjpeg, mariadb, microcode, and systemd), and openSUSE (libjpeg-turbo).
---------------------------------------------
https://lwn.net/Articles/805224/
βββ Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Unified Communications Manager SQL Injection Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Webex Teams for Windows DLL Hijacking Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco SD-WAN Solution vManage Cross-Site Request Forgery Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Unity Express Command Injection Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Stealthwatch Enterprise Cross-Site Scripting Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Email Security Appliance URL Filtering Bypass Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco Email Security Appliance MP3 Content Filter Bypass Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco DNA Spaces: Connector SQL Injection Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco DNA Spaces: Connector Privilege Escalation Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Cisco DNA Spaces: Connector Command Injection Vulnerability βββ
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ Security Advisory - Use of Insufficiently Random Values Vulnerability in Huawei ViewPoint Products βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191120-β¦
βββ Security Advisory - Two Vulnerabilities in Some Huawei Home Routers βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191113-β¦
βββ Security Advisory - Improper Validation of Array Index Vulnerability in Several Smartphones βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191120-β¦
βββ Security Bulletin: IBM Maximo Asset Management is vulnerable to Privilege Escalation (CVE-2019-4530) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-managemeβ¦
βββ Security Bulletin: A security vulnerability has been fixed in the IBM Security Identity Manager product (CVE-2019-4561) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-β¦
βββ Security Bulletin: Vulnerabilities in WAS Liberty affect IBM Spectrum LSF Suite, Spectrum LSF Suite for HPA and Spectrum LSF Application Center βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-was-liβ¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 18-11-2019 18:00 β Dienstag 19-11-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
βββ Linux, Windows Users Targeted With New ACBackdoor Malware βββ
---------------------------------------------
Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/linux-windows-users-targetedβ¦
βββ Buran Ransomware Infects PCs via Microsoft Excel Web Queries βββ
---------------------------------------------
A new spam campaign has been spotted distributing the Buran Ransomware through IQY file attachments. When opened, these Microsoft Excel Web Query attachments will execute a remote command that installs the ransomware onto a victims computer.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcsβ¦
βββ Coin Stealer Found in Monero Linux Binaries From Official Site βββ
---------------------------------------------
The Monero Project is currently investigating a potential compromise of the official website after a coin stealer was found in the Linux 64-bit command line (CLI) Monero binaries downloaded from the download page.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/coin-stealer-found-in-moneroβ¦
βββ Elasticsearch: Datenleak bei Conrad βββ
---------------------------------------------
Der ElektronikhΓ€ndler Conrad meldet, dass ein Angreifer Zugang zu Kundendaten und Kontonummern gehabt habe. Grund dafΓΌr war eine ungesicherte Elasticsearch-Datenbank.
---------------------------------------------
https://www.golem.de/news/elasticsearch-datenleak-bei-conrad-1911-145091-rsβ¦
βββ Windows Debugging & Exploiting Part 2 - WinDBG 101 βββ
---------------------------------------------
Hello again! After our previous post about the environment setup, now it is time to cover the main tool of this project, the WinDBG.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debβ¦
βββ When Bank Communication is Indistinguishable from Phishing Attacks βββ
---------------------------------------------
You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? And how banks are the shining beacons of light when it comes to demonstrating security [...]
---------------------------------------------
https://www.troyhunt.com/when-bank-communication-is-indistinguishable-from-β¦
βββ Vulnerability in ABB Plant Historian Disclosed 5 Years After Discovery βββ
---------------------------------------------
It took Swiss-based industrial technology solutions provider ABB five years to inform customers of a critical vulnerability affecting one of its products, and the researcher who found it says this increased the chances of threat actors discovering and exploiting the security flaw.
---------------------------------------------
https://www.securityweek.com/vulnerability-abb-plant-historian-disclosed-5-β¦
βββ Vorsicht bei angeblichen Gewinnspielen von Magenta, A1, Drei oder Liwest βββ
---------------------------------------------
Aktuell verbreiten Kriminelle ΓΌber unterschiedliche KanΓ€le Fake-Gewinnspiele. Sie werden entweder per E-Mail, SMS oder mittels Pop-Up im Browser benachrichtigt, dass Sie angeblich ein Smartphone gewonnen haben. Um den Gewinn zu erhalten, muss nur eine kurze Umfrage beantwortet und ein kleiner Geldbetrag fΓΌr den Versand bezahlt werden. Vorsicht: Es handelt sich um eine Abo-Falle.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-bei-angeblichen-gewinnspielβ¦
=====================
= Vulnerabilities =
=====================
βββ Schwere SicherheitslΓΌcke in WhatsApp entdeckt βββ
---------------------------------------------
In WhatsApp wurde eine Schwachstelle gefunden, die es Angreifern ermΓΆglicht, Dateien zu stehlen und Nachrichten auszulesen.
---------------------------------------------
https://futurezone.at/apps/schwere-sicherheitsluecke-in-whatsapp-entdeckt/4β¦
βββ Lernplattform Moodle: Entwickler schlieΓen kritische Schwachstellen βββ
---------------------------------------------
Moodle-Admins aufgepasst: Neue Versionen schlieΓen mehrere, teils als "Serious" bewertete LΓΌcken.
---------------------------------------------
https://heise.de/-4591094
βββ Security updates for Tuesday βββ
---------------------------------------------
Security updates have been issued by Debian (python-psutil, slurm-llnl, symfony, and thunderbird), Fedora (gd and ghostscript), and SUSE (ceph, haproxy, java-11-openjdk, and ncurses).
---------------------------------------------
https://lwn.net/Articles/805149/
βββ Lexmark Services Monitor 2.27.4.0.39 Directory Traversal βββ
---------------------------------------------
https://cxsecurity.com/issue/WLB-2019110124
βββ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-β¦
βββ Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2019-5435, CVE-2019-5436) βββ
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-aβ¦
βββ HPESBHF03963 rev.1 - Certain HPE ProLiant Servers with Intel CSME, AMT, SPS, TXE, βββ
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_nβ¦
βββ HPESBHF03968 rev.1 - HPE Gen10 ProLiant, Apollo, and Synergy Servers using Intel CPU Transactional Synchronization Extensions (TSX) Asynchronous Abort (TAA), Local Disclosure of Information βββ
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_nβ¦
βββ HPESBHF03969 rev.1 - HPE ProLiant Gen10 Servers using certain Intel Xeon Scalable Processors, Voltage Modulation, Local Denial of Service βββ
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_nβ¦
βββ HPESBHF03971 rev.1 - HPE Servers using certain Intel Processors, SMM and TXT, Local Escalation of Privilege βββ
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_nβ¦
βββ HPESBST03964 rev.1 - HPE Nimble Storage, Multiple Remote Vulnerabilities βββ
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_nβ¦
βββ Google Chrome: Mehrere Schwachstellen βββ
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0998
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily