Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 26.03.2019
by Daily end-of-shift report 26 Mar '19

26 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Montag 25-03-2019 18:00 − Dienstag 26-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitslücken: Abus Alarmanlage kann per Funk ausgeschaltet werden ∗∗∗ --------------------------------------------- Gleich drei Sicherheitslücken erlauben verschiedene Angriffe auf die Funkalarmanlage Secvest von Abus. Ein Sicherheitsupdate gibt es nicht. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-abus-alarmanlage-kann-per-funk… ∗∗∗ Coding Error Could Enable Users to Halt LockerGoga Ransomware ∗∗∗ --------------------------------------------- Users could potentially use a coding error in some variants of LockerGoga to halt the ransomware's encryption routine in its tracks. In its analysis of LockerGoga, Alert Logic Threat Research found that the ransomware performs an initial reconnaissance scan through which it collects file lists once it's infected a machine. The malware may come in [...] --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/coding-… ∗∗∗ Business banking fraud. Keep your eggs in TWO baskets. Here’s why… ∗∗∗ --------------------------------------------- This post has a cautionary tale all about spreading your business banking fraud risk. So, does your business have two bank accounts, with different banks? No? Then you would be well advised to do so, or risk being left unable to trade. WHY? --------------------------------------------- https://www.pentestpartners.com/security-blog/business-banking-fraud-keep-y… ∗∗∗ Amazon Phishing-Mails mit betrügerischem Inhalt ∗∗∗ --------------------------------------------- Unzählige Internetnutzer/innen finden momentan gefälschte Amazon-Mails im Posteingang. Sie werden darin informiert, dass das Amazon-Konto vorläufig deaktiviert wurde. Um es wieder freizuschalten, sollen die Empfänger/innen ihre Daten über den angegeben Link verifizieren. Der Aufforderung darf nicht gefolgt werden! Die eingegebenen Daten gelangen in die Hände Krimineller und das Amazon-Konto wurde nie gesperrt. --------------------------------------------- https://www.watchlist-internet.at/news/amazon-phishing-mails-mit-betruegeri… ===================== = Vulnerabilities = ===================== ∗∗∗ Betriebssysteme und iTunes: Apple schließt viele Sicherheitslücken ∗∗∗ --------------------------------------------- Mit der Veröffentlichung von iOS 12.2, Mojave 10.14.4 sowie der neuen iTunes-Version für Windows schließt Apple zahlreiche Sicherheitslücken. Einige davon sind kritisch, da sie Angriffe mit Kernelprivilegien oder hohen Rechten ermöglichen. --------------------------------------------- https://www.golem.de/news/betriebssysteme-und-itunes-apple-schliesst-viele-… ∗∗∗ ASUS Releases Security Update for Live Update Software ∗∗∗ --------------------------------------------- ASUS has released Live Update version 3.6.8. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. These vulnerabilities were detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ASUS article for more information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/03/26/ASUS-Releases-Secu… ∗∗∗ rt-sa-2019-007 ∗∗∗ --------------------------------------------- Code Execution via Insecure Shell Function getopt_simple --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2019-007.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript), Debian (libssh2 and wireshark), openSUSE (aubio, blueman, and kauth), Red Hat (kernel-rt and openwsman), Scientific Linux (openwsman), Slackware (mozilla), and SUSE (ovmf and ucode-intel). --------------------------------------------- https://lwn.net/Articles/784031/ ∗∗∗ Synology-SA-19:13 Drupal ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Drupal. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_13 ∗∗∗ IBM Security Bulletin: Incorrect permissions on restored files and directories using IBM Spectrum Protect Backup-Archive Client web user interface on Windows (CVE-2019-4093) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-incorrect-permissions… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by OpenSSL vulnerabilities (CVE-2018-0732 and CVE-2018-0739) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2018-14647 in Python affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-201… ∗∗∗ IBM Security Bulletin: Apache Axis as used in IBM QRadar SIEM is vulnerable to a possible man in the middle attack. (CVE-2012-5784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-axis-as-used-i… ∗∗∗ Binutils vulnerabilities CVE-2018-20002 and CVE-2018-20657 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62602089 ∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0240 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0244 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.03.2019
by Daily end-of-shift report 25 Mar '19

25 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-03-2019 18:00 − Montag 25-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers ∗∗∗ --------------------------------------------- The Taiwan-based tech giant ASUS is believed to have pushed the malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the companys server and used it to push the malware to machines. --------------------------------------------- https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-sof… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, libssh2, and powerdns), Debian (bash, firefox-esr, libapache2-mod-auth-mellon, ntfs-3g, openssh, passenger, rsync, and wireshark), Fedora (filezilla, libarchive, libssh2, mxml, php-twig, php-twig2, qemu, and tcpreplay), Slackware (mozilla), SUSE (ghostscript, kernel, libgxps, libjpeg-turbo, libqt5-qtimageformats, libqt5-qtsvg, openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas, [...] --------------------------------------------- https://lwn.net/Articles/783953/ ∗∗∗ PHOENIX CONTACT command injection on RAD-80211-XD(/HP-BUS) ∗∗∗ --------------------------------------------- A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-007 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A security vulnerability in IBM Java Runtime affects IBM Rational ClearQuest (CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ GNU C Library vulnerability CVE-2009-5155 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K64119434 ∗∗∗ xpdf: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0236 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.03.2019
by Daily end-of-shift report 22 Mar '19

22 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-03-2019 18:00 − Freitag 22-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Analysis of SeroMiner Trojan, combine multiple anti-analytic techniques ∗∗∗ --------------------------------------------- Foreword Recently, 360 security brain intercepted a mining Trojan 'SeroMiner'. The Trojan behavior is too concealed to be discovered its mining behavior from the security [...] --------------------------------------------- https://blog.360totalsecurity.com/en/analysis-of-serominer-trojan-combine-m… ∗∗∗ SigSpoof 4: Bypassing signature verification in Yarn package manager (CVE-2018-12556) ∗∗∗ --------------------------------------------- This attack on GnuPG signature verification is specific to yarn, thepackage manager. It can give a powerful attacker the ability toreplace the Yarn installation with arbitrary code. There areadditional protections in place, so if you are using Yarn, youprobably do not need to worry too much about it. --------------------------------------------- https://neopg.io/blog/yarn-signature-bypass/ ∗∗∗ Over 100,000 GitHub repos have leaked API or cryptographic keys ∗∗∗ --------------------------------------------- Thousands of new API or cryptographic keys leak via GitHub projects every day. --------------------------------------------- https://www.zdnet.com/article/over-100000-github-repos-have-leaked-api-or-c… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (cron and ntfs-3g), Fedora (firefox, ghostscript, libzip, python2-django1.11, PyYAML, tcpflow, and xen), Mageia (ansible, firefox, and ImageMagick/GraphicsMagick), Red Hat (ghostscript), Scientific Linux (firefox and ghostscript), SUSE (libxml2, unzip, and wireshark), and Ubuntu (firefox, ghostscript, libsolv, ntfs-3g, p7zip, and snapd). --------------------------------------------- https://lwn.net/Articles/783757/ ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Potential denial of service in Liberty for Java for IBM Cloud (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ ICMP PMTU messages are forwarded to the server side when the TCP proxy-mss setting is enabled in the associated profile ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52510343 ∗∗∗ The BIG-IP SMTPS virtual server may fail to properly restrict I/O buffering, allowing attackers to insert commands into encrypted SMTP sessions ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23284054 ∗∗∗ BIG-IP SNMPD vulnerability CVE-2019-6608 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K12139752 ∗∗∗ REST Framework vulnerability CVE-2019-6602 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11818407 ∗∗∗ BIG-IP snmpd vulnerability CVE-2019-6606 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35209601 ∗∗∗ TMM vulnerability CVE-2019-6603 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K14632915 ∗∗∗ When authentication is set to require, the Client SSL or Server SSL profile does not report an error when it has an associated invalid CRL ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15732489 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.03.2019
by Daily end-of-shift report 21 Mar '19

21 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-03-2019 18:00 − Donnerstag 21-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mac-Focused Malvertising Campaign Abuses Google Firebase DBs ∗∗∗ --------------------------------------------- Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan. --------------------------------------------- https://threatpost.com/mac-focused-malvertising-campaign-abuses-google-fire… ∗∗∗ Kritische Lücken im Git-Client Sourcetree gefährden Computer ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Sourcetree von Atlassian. MacOS- und Windows-Nutzer sollten die abgesicherten Ausgaben zügig installieren. --------------------------------------------- http://heise.de/-4341489 ∗∗∗ D-Link wappnet ältere NAS-Systeme gegen Erpressungstrojaner Cr1ptTor ∗∗∗ --------------------------------------------- D-Link hat Sicherheitsupdates für NAS-Systeme angekündigt. Bis zur Veröffentlichung sollten sie nicht online sein. Für einige Geräte gibt es schon Patches. --------------------------------------------- http://heise.de/-4341586 ∗∗∗ Ransomware or Wiper? LockerGoga Straddles the Line ∗∗∗ --------------------------------------------- Executive SummaryRansomware attacks have been in the news with increased frequency over the past few years. This type of malware can be extremely disruptive and even cause operational impacts in critical systems that may be infected. LockerGoga is yet another example of this sort of malware. It is a ransomware variant that, while lacking in sophistication, can still cause extensive damage when leveraged against organizations or individuals. --------------------------------------------- https://blog.talosintelligence.com/2019/03/lockergoga.html ∗∗∗ Many Vulnerabilities Found in Oracles Java Card Technology ∗∗∗ --------------------------------------------- Poland-based cybersecurity research firm Security Explorations claims to have identified nearly 20 vulnerabilities in Oracle’s Java Card, including flaws that could be exploited to compromise the security of chips using this technology. --------------------------------------------- https://www.securityweek.com/many-vulnerabilities-found-oracles-java-card-t… ∗∗∗ Remote command injection through an endpoint security product ∗∗∗ --------------------------------------------- TL;DR? We discovered command injection in a popular endpoint security product, Heimdal Thor. By using the product, customers PCs were exposed to compromise. Irony++ Heimdal fixed the issue quickly and responded well, but it appears that the vulnerability had been present in ~650,000 PCs for around one year! Heimdal blogged about it today, but er... [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/remote-command-injection-thro… ∗∗∗ Gefälschte Apple-Rechnungen im Umlauf ∗∗∗ --------------------------------------------- Internetnutzer/innen finden vermehrt gefälschte Apple-Rechnungen in ihrem E-Mail-Postfach. Angeblich wurde etwas im App-Store per Kreditkartenzahlung gekauft. Für weitere Details werden Empfänger/innen aufgefordert, einem Link zu folgen oder eine Datei herunterzuladen. Folgen Sie nicht dem Link oder laden Anhänge herunter, denn es handelt sich um einen Phishing-Versuch! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-apple-rechnungen-im-umla… ∗∗∗ Zero-day in WordPress SMTP plugin abused by two hacker groups ∗∗∗ --------------------------------------------- Hacker groups are creating backdoor admin accounts on vulnerable sites and redirecting users to tech support scams. --------------------------------------------- https://www.zdnet.com/article/zero-day-in-wordpress-smtp-plugin-abused-by-t… ===================== = Vulnerabilities = ===================== ∗∗∗ Medtronic Conexus Radio Frequency Telemetry Protocol ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper access control and cleartext transmission of sensitive information vulnerabilities reported in Medtronics proprietary Conexus telemetry system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01 ∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004 ∗∗∗ --------------------------------------------- Project: Drupal coreDate: 2019-March-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.Solution: If you are using Drupal 8.6, update to Drupal 8.6.13.If you are using Drupal 8.5 or earlier, update to Drupal 8.5.14.If you are using Drupal 7, [...] --------------------------------------------- https://www.drupal.org/sa-core-2019-004 ∗∗∗ RESTful - Critical - Remote code execution - SA-CONTRIB-2019-041 ∗∗∗ --------------------------------------------- Project: RESTfulVersion: 7.x-2.x-dev7.x-1.x-devDate: 2019-March-20Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Remote code executionDescription: This resolves issues described in SA-CORE-2019-003 for this module.Solution: If you use the RESTful module for Drupal 7.x, upgrade to RESTful 7.x-1.10 or RESTful 7.x-2.17 [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2019-041 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7, firefox-esr, and openjdk-8), Fedora (ghostscript, python2-django1.11, and SDL), Red Hat (firefox), Scientific Linux (firefox), SUSE (nodejs4 and openssl-1_1), and Ubuntu (gdk-pixbuf). --------------------------------------------- https://lwn.net/Articles/783652/ ∗∗∗ IBM Security Bulletin: Vulnerability in Python affects IBM OS Images for Red Hat Linux Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-pyth… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by information leak (CVE-2019-4052) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a spoofing vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH (CVE-2018-15473 CVE-2018-15919) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in NTP (CVE-2018-12327) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.03.2019
by Daily end-of-shift report 20 Mar '19

20 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-03-2019 18:00 − Mittwoch 20-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Videos für mehr Cyber-Sicherheit: BSI startet YouTube-Kanal ∗∗∗ --------------------------------------------- Ab sofort ist das BSI auch bei der Videoplattform YouTube zu finden. Unter dem Namen "Bundesamt für Sicherheit in der Informationstechnik" finden Interessierte zunächst Tipps und Hinweise für Privatanwender sowie spannende Karriereinformationen oder Neuigkeiten über das BSI. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Youtube-200319.ht… https://www.youtube.com/channel/UC_VgLyJQsChxKfDJcdI-Tcg ∗∗∗ SilkETW: Because Free Telemetry is...Free! ∗∗∗ --------------------------------------------- In the following example, we will collect process event data from the Kernel provider and use image loads to identify Mimikatz execution. We can collect the required data with this command: SilkETW.exe -t kernel -kk ImageLoad -ot file -p C:\Users\b33f\Desktop\mimikatz.json With data in hand it is easy to sort, grep and filter for the properties we are interested in (Figure 2). --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/03/silketw-because-free-te… ∗∗∗ Fake-Shop btckraken.de stielt Daten und liefert nicht! ∗∗∗ --------------------------------------------- Die Suche nach günstiger Technik führt manche Konsument/innen zu btckraken.de. Aus angeblichen Sicherheitsgründen werden bei einer Bestellung Ausweisdokumente verlangt. Eine Zahlung erfolgt vorab. Hier darf nicht bestellt werden: Es handelt sich um schweren Identitätsdiebstahl für weitere Verbrechen unter fremden Namen und die Waren werden nie geliefert! --------------------------------------------- https://www.watchlist-internet.at/news/fake-shop-btckrakende-stielt-daten-u… ∗∗∗ Ransomware is not dead - a light analysis of LockerGoga ∗∗∗ --------------------------------------------- Despite many reports saying that the number of Ransomware samples is on the decrease, we see again and again big multinational companies suffering from these attacks.Just two days ago, Norway based Norsk Hydro - one of the Worlds largest Aluminium producers - was hit by a severe Ransomware attack: [...] --------------------------------------------- http://blog.joesecurity.org/2019/03/ransomware-is-not-dead-light-analysis.h… ∗∗∗ Severe security bug found in popular PHP library for creating PDF files ∗∗∗ --------------------------------------------- Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years. --------------------------------------------- https://www.zdnet.com/article/severe-security-bug-found-in-popular-php-libr… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IP Phone 7800 Series and 8800 Series Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libelf and wordpress), CentOS (cloud-init, cockpit, openssl, and tomcat), Gentoo (openssh), openSUSE (ovmf), Scientific Linux (cloud-init), and SUSE (go1.11, ldb, lftp, libssh2_org, and openwsman). --------------------------------------------- https://lwn.net/Articles/783566/ ∗∗∗ Security Advisory - Digital Signature Verification Bypass Vulnerability in Some Huawei Routers ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-… ∗∗∗ Security Advisory - Signature Verification Bypass Vulnerability in Some Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-… ∗∗∗ OpenSSL vulnerability CVE-2019-1559 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18549143 ∗∗∗ HPESBST03915 rev.1 - HPE CVAE products, and Hitachi Infrastructure Analytics Advisor(HIAA) using JDK, Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ IBM Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cloudant-local-apache… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE 2018-1992 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator (CVE-2018-2800, CVE-2018-2783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in deserialization of openid connect cookie ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-de… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache CXF ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Vulnerabilities in WAS traditional and liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-wa… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM SDK, Java Technology Edition Quarterly CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in 3RD PARTY XSS in IBM WebSphere CacheMonitor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-3r… ∗∗∗ IBM Security Bulletin: Publicly Disclosed Vulnerability Found By vFinder (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.03.2019
by Daily end-of-shift report 19 Mar '19

19 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Montag 18-03-2019 18:00 − Dienstag 19-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Assessing Internal Network with JavaScript, Despite Same-Origin Policy ∗∗∗ --------------------------------------------- Researchers are warning about a hacking technique that enables attacks on the local network using JavaScript on a public website. Using the victims browser as a proxy, the code can reach internal hosts and do reconnaissance activity or even compromise vulnerable services. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/assessing-internal-network-w… ∗∗∗ Business Email Compromise (BEC) Attacks Moving to Mobile ∗∗∗ --------------------------------------------- As text messaging has become a common form of communication within a business, Business Email Compromise (BEC) scammers have started to go mobile by utilizing SMS messaging to direct their targets. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/business-email-compromise-be… ∗∗∗ Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception ∗∗∗ --------------------------------------------- The practice of HTTPS interception continues to be commonplace on the Internet. This blog post discusses types of monster-in-the-middle devices and software, and how to detect them. --------------------------------------------- https://blog.cloudflare.com/monsters-in-the-middleboxes/ ∗∗∗ What Is a Credential Stuffing Attack and How to Protect Yourself from One ∗∗∗ --------------------------------------------- You probably heard of at least one credential stuffing attack lately, as major companies become targets of this new hacking technique. Credential stuffing is not actually new as part of hackers’ repertoire, but lately, the method started being employed more often. I’ll explain the reasons for this surge in popularity down below. Did you notice […]The post What Is a Credential Stuffing Attack and How to Protect Yourself from One appeared first on Heimdal Security Blog. --------------------------------------------- https://heimdalsecurity.com/blog/credential-stuffing-attack-protection/ ∗∗∗ Protecting Against Social Engineering Attacks ∗∗∗ --------------------------------------------- Most people think of hacking as using malware and coding to bypass security defenses and steal data or money. Social engineers take a different approach, targeting the human instead of the software to achieve their goals. How Social Engineering Works Social engineers take advantage of knowledge of human behavior to perform their attacks. A person’s […]The post Protecting Against Social Engineering Attacks appeared first on InfoSec Resources.Protecting Against Social Engineering --------------------------------------------- https://resources.infosecinstitute.com/protecting-against-social-engineerin… ∗∗∗ Vulnerability hunting with Semmle QL, part 2 ∗∗∗ --------------------------------------------- The first part of this series introduced Semmle QL, and how the Microsoft Security Response Center (MSRC) are using it to investigate variants of vulnerabilities reported to us. This post discusses an example of how we’ve been using it proactively, covering a security audit of an Azure firmware component. This was part of a wider... --------------------------------------------- https://blogs.technet.microsoft.com/srd/2019/03/19/vulnerability-hunting-wi… ∗∗∗ Arbitrary Directory Deletion in WP-Fastest-Cache ∗∗∗ --------------------------------------------- The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org: “A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and directories will be deleted recursively. The vulnerable code path extracts the path portion of the referrer header and then uses string concatenation to build an absolute path. --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/dJRlgHKTUzY/arbitrary-directo… ∗∗∗ Discovering a zero day and getting code execution on Mozillas AWS Network ∗∗∗ --------------------------------------------- [...] Although basic authentication can be enabled by modifying the settings.ini file, and is recommended to prevent any anonymous access. Most deployments of WebPageTest that Assetnote CS identifies are unauthenticated, and the array of testing tools provided by WebPageTest can be used offensively to gain access to internal resources by server-side request forgery (commonly known as SSRF, but for WebPageTest, it is a feature). --------------------------------------------- https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-web… ∗∗∗ BGP Hijacking is a RIPE Policy Violation ∗∗∗ --------------------------------------------- This proposal aims to clarify that BGP hijacking is not accepted as normal practice within the RIPE NCC service region, primarily because it negates the core purpose of running a (Regional Internet) Registry. The proposal is not concerned with simple operational mistakes - it is intended to address deliberate BGP hijacking events. --------------------------------------------- https://www.ripe.net/participate/policies/proposals/2019-03 ∗∗∗ Thunderclap ∗∗∗ --------------------------------------------- Vor kurzer Zeit produzierte das O.MG Kabel Schlagzeilen. In dieses harmlos wirkende USB-Kabel ist eine versteckte Hardware eingebaut, die sich beim Anschließen gegenüber dem Betriebssystem als Eingabegerät ausgibt und einem Angreifer die Fernsteuerung eines Rechners über WLAN ermöglicht. Jetzt haben Sicherheitsforscher nach einer zwei Jahre dauernden Zusammenarbeit des Department of Computer Science and Technology at the University of Cambridge, der Rice University und [...] --------------------------------------------- https://www.dfn-cert.de/aktuell/Thunderclap.html ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA InduSoft Web Studio and InTouch Edge HMI ∗∗∗ --------------------------------------------- This advisory includes mitigations for an uncontrolled search path element vulnerability in AVEVAs InduSoft Web Studio and InTouch Edge human machine interface software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-078-01 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel), Debian (libjpeg-turbo, liblivemedia, neutron, and otrs2), Fedora (SDL), Gentoo (ntp), openSUSE (java-1_8_0-openjdk), Red Hat (cloud-init), Slackware (libssh2), SUSE (libssh2_org, nodejs10, and nodejs8), and Ubuntu (tiff). --------------------------------------------- https://lwn.net/Articles/783473/ ∗∗∗ Synology-SA-19:12 Calendar ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary commands via a susceptible version of Calendar. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_12 ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-5391 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-12384 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ ENDRESS+HAUSER WIFI enabled products utilising WPA2 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-005 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.03.2019
by Daily end-of-shift report 18 Mar '19

18 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-03-2019 18:00 − Montag 18-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ RFC8482 - Saying goodbye to ANY ∗∗∗ --------------------------------------------- Ladies and gentlemen, I would like you to welcome the new shiny RFC8482, which effectively deprecates DNS ANY query type. DNS ANY was a "meta-query" - think about it as a similar thing to the common A, AAAA, MX or SRV query types, but unlike these it wasnt a real query type - it was special. --------------------------------------------- https://blog.cloudflare.com/rfc8482-saying-goodbye-to-any/ ∗∗∗ Secure Coding — Top 15 Code Analysis Tools ∗∗∗ --------------------------------------------- Keeping code secure is a top objective for any software company. And to ensure secure coding, you need to perform code analysis during the development life cycle. While manual review of code was once the only option, now there are plenty of tools that can take care of this in an automated fashion. --------------------------------------------- https://resources.infosecinstitute.com/secure-coding-top-15-code-analysis-t… ∗∗∗ Lenovo Patches Intel Firmware Flaws in Multiple Product Lines ∗∗∗ --------------------------------------------- Lenovo has issued patches for several serious vulnerabilities in its products stemming from Intel technology fixes. --------------------------------------------- https://threatpost.com/lenovo-patches-high-severity-arbitrary-code-executio… ∗∗∗ Cryptojacking of businesses' cloud resources still going strong ∗∗∗ --------------------------------------------- In the past year or so, many cybercriminals have turned to cryptojacking as an easier and more low-key approach for "earning" money. While the value of cryptocurrencies like Bitcoin and Monero has been declining for a while now and Coinhive, the most popular in-browser mining service, has stopped working, cryptojacking is still a considerable threat. After all, attackers need to expand very little effort and are using someone else's resources for free. --------------------------------------------- https://www.helpnetsecurity.com/2019/03/18/cryptojacking-cloud-resources/ ∗∗∗ IPv6 unmasking via UPnP ∗∗∗ --------------------------------------------- With tools such as ZMap and Masscan and general higher bandwidth availability, exhaustive internet-wide scans of full IPv4 address space have become the norm after it was once impractical. Projects like Shodan and Scans.io aggregate and publish frequently updated datasets of scan results for public analysis, giving researchers greater insight into the current state of the internet. While IPv4 is the norm, the use of IPv6 [...] --------------------------------------------- https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html ∗∗∗ Gefälschte CIA-Mails fordern Bitcoins wegen Kinderpornografie ∗∗∗ --------------------------------------------- Internetnutzer/innen erhalten gefälschte Nachrichten der CIA mit dem Betreff „Central Intelligence Agency – Case #12345678“. In der Nachricht wird behauptet, dass die Empfänger/innen im Rahmen von Ermittlungen gegen Kinderpornografie als Verdächtige aufscheinen. Um eine Verhaftung zu verhindern, sollen 10,000 Dollar in Bitcoins an die Absender/innen überwiesen werden. Der Inhalt der Nachrichten ist frei erfunden und die Zahlungen dürfen nicht [...] --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-cia-mails-fordern-bitcoi… ∗∗∗ New Mirai Variant Targets Enterprise Wireless Presentation & Display Systems ∗∗∗ --------------------------------------------- Unit 42 has discovered a new Mirai variant that targets business video display systems. It uses additional exploits, boosts the number of credentials for brute-force attacks and hosts payload on the compromised website of a Colombian security firm. --------------------------------------------- https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wi… ∗∗∗ Microsoft releases Application Guard extension for Chrome and Firefox ∗∗∗ --------------------------------------------- Extensions only available for Windows Insiders for now. To work for everyone once Windows 10 19H1 is live. --------------------------------------------- https://www.zdnet.com/article/microsoft-releases-application-guard-extensio… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Funktastatur nimmt Befehle von Angreifern entgegen ∗∗∗ --------------------------------------------- Die Verschlüsselung der kabellosen Fujitsu-Tastatur LX901 lässt sich von Angreifern auf gleich zwei Arten umgehen - und für Angriffe aus der Distanz nutzen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-funktastatur-nimmt-befehle-von-… ∗∗∗ SSH-Software: Kritische Sicherheitslücken in Putty ∗∗∗ --------------------------------------------- In der SSH-Software Putty sind im Rahmen eines von der EU finanzierten Bug-Bounty-Programms mehrere schwerwiegende Sicherheitslücken entdeckt worden. Der verwundbare Code wird auch von anderen Projekten wie Filezilla und WinSCP verwendet. --------------------------------------------- https://www.golem.de/news/ssh-software-kritische-sicherheitsluecken-in-putt… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ikiwiki, liblivemedia, linux-4.9, rdflib, and sqlalchemy), Fedora (advancecomp, kubernetes, mingw-poppler, and php), Mageia (ikiwiki), openSUSE (chromium, file, and sssd), Red Hat (ansible, openstack-ceilometer, and openstack-octavia), Scientific Linux (kernel), SUSE (galera-3, mariadb, mariadb-connector-c, java-1_8_0-ibm, kernel, nodejs10, openwsman, wireshark, and yast2-rmt), and Ubuntu (file, linux, linux-aws, linux-kvm, linux-raspi2, [...] --------------------------------------------- https://lwn.net/Articles/783370/ ∗∗∗ [webapps] Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password) ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/46541 ∗∗∗ Security Advisory - Double Free Vulnerability on Bastet Module of Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer and IBM Watson Content Analytics (CVE-2018-2579, CVE-2018-2588, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.03.2019
by Daily end-of-shift report 15 Mar '19

15 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-03-2019 18:00 − Freitag 15-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Threatlist: IMAP-Based Attacks Compromising Accounts at ‘Unprecedented Scale’ ∗∗∗ --------------------------------------------- Attackers are increasingly targeting insecure legacy protocols, like IMAP, to avoid running into multi-factor authentication in password-spraying campaigns. --------------------------------------------- https://threatpost.com/imap-attacks-compromise-accounts/142824/ ∗∗∗ DNS Tunneling: how DNS can be (ab)used by malicious actors ∗∗∗ --------------------------------------------- DNS is a critical foundation of the Internet that makes it possible to get to websites without entering numerical IP addresses. The power that makes DNS beneficial for everyone also creates potential for abuse. Unit 42 researchers explain how attackers can abuse DNS to hide their tracks and steal data using a technique known as "DNS Tunneling". This research can help organizations understand DNS-based threats and the risks they pose to their environment. --------------------------------------------- https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2019-0804 | Azure Linux Agent Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks. An authenticated attacker who successfully exploited this vulnerability could view data in swap that is normally hidden. --------------------------------------------- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019… ∗∗∗ VMSA-2019-0003 ∗∗∗ --------------------------------------------- VMware Horizon update addresses Connection Server information disclosure vulnerability. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0003.html ∗∗∗ VMSA-2019-0002 ∗∗∗ --------------------------------------------- VMware Workstation update addresses elevation of privilege issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0002.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (mingw-poppler and php), Mageia (apache, gnome-keyring, gnupg2, hiawatha, and rsyslog), openSUSE (libcomps and obs-service-tar_scm), and Ubuntu (libvirt and linux-lts-trusty). --------------------------------------------- https://lwn.net/Articles/783140/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2018-1890, CVE-2018-12547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ Console has inadequate input validation (CVE-2018-1836) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-console-has-in… ∗∗∗ HPESBNS03910 rev.1 - HPE NonStop SafeGuard, Local Disclosure of Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03911 rev.1 - HPE Command View AE (CVAE) Products, multiple vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.03.2019
by Daily end-of-shift report 14 Mar '19

14 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-03-2019 18:00 − Donnerstag 14-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Schadcode per Wordpress-Kommentar ∗∗∗ --------------------------------------------- Gleich mehrere Sicherheitslücken kombinierte ein Sicherheitsforscher, um Schadcode in Wordpress ausführen zu können. Die Wordpress-Standardeinstellungen und ein angemeldeter Administrator reichten als Voraussetzung. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-schadcode-per-wordpress-komment… ∗∗∗ GlitchPOS Malware Appears to Steal Credit-Card Numbers ∗∗∗ --------------------------------------------- A new malware targeting point of sale systems, GlitchPOS, has been spotted on a crimeware forum. --------------------------------------------- https://threatpost.com/glitchpos-malware-credit-card/142804/ ∗∗∗ Further attack surface of Wordpress PHAR injection ∗∗∗ --------------------------------------------- In August 2018, Sam Thomas presented a new vulnerability of Wordpress at Black Hat USA 2018. The PHP object injection vulnerability is not new, but the way attacker can trigger this error is worth mentioning. In this article, I will go over the detail of this exploit and inspect further impact of this vulnerability to the Wordpress community. A list of more than 300 Wordpress plugins that could be used to exploit this bug is also included. --------------------------------------------- https://blog.cystack.net/wordpress-phar/ ∗∗∗ Jetzt updaten: Cisco patcht gegen eine von zwei Remote-Attacken ∗∗∗ --------------------------------------------- Zwei Cisco-Produkte sind aus der Ferne angreifbar. Updates gibt es aber wohl nur für Common Services Platform Collector – das IP-Telefon SPA514G ist zu alt. --------------------------------------------- http://heise.de/-4335459 ∗∗∗ Viele Intel-Rechner brauchen wieder BIOS-Updates ∗∗∗ --------------------------------------------- Gleich 17 neue Firmware-Sicherheitslücken meldet Intel, die sich allerdings auf mehrere Systeme verteilen und nur lokal am Rechner nutzbar sind. --------------------------------------------- http://heise.de/-4335118 ∗∗∗ Multiple Security Flaws Discovered in Visitor Management Systems ∗∗∗ --------------------------------------------- Vulnerabilities discovered by IBM security researchers in five different visitor management systems could be abused for data exfiltration or for access to the underlying machines. --------------------------------------------- https://www.securityweek.com/multiple-security-flaws-discovered-visitor-man… ∗∗∗ Netflix-Phishing-Mail im Umlauf ∗∗∗ --------------------------------------------- Netflix Nutzer/innen aufgepasst: Momentan sind wieder Phishing-Mails im Umlauf. Betrüger/innen fordern Sie im Namen von Netflix auf, Ihre Kontoinformationen zu überprüfen. Klicken Sie auf den Button in der E-Mail, werden Sie auf eine betrügerische Seite weitergeleitet. Folgen Sie den Anweisungen, erspähen Kriminelle Ihre Zugangs- und Kreditkartendaten. --------------------------------------------- https://www.watchlist-internet.at/news/netflix-phishing-mail-im-umlauf/ ∗∗∗ Magecart Isn't Just a Security Problem; It's Also a Business Problem ∗∗∗ --------------------------------------------- Magecart is more than just a security problem—it's also a business problem. When threat actors breached British Airways in September resulting in the compromise of thousands of customers’ credit cards, the world got a look at what the fallout of a modern security breach looks like. Immediately afterward, a law firm launched a £500 million[...] --------------------------------------------- https://www.riskiq.com/blog/external-threat-management/magecart-business-pr… ∗∗∗ New BitLocker attack puts laptops storing sensitive data at risk ∗∗∗ --------------------------------------------- New Zealand security researcher details never-before-seen attack for recovering BitLocker keys. --------------------------------------------- https://www.zdnet.com/article/new-bitlocker-attack-puts-laptops-storing-sen… ===================== = Vulnerabilities = ===================== ∗∗∗ Gemalto Sentinel UltraPro ∗∗∗ --------------------------------------------- This advisory includes mitigations for an uncontrolled search path element in Gemaltos Sentinel UltraPro encryption keys. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-073-02 ∗∗∗ PEPPERL+FUCHS WirelessHART-Gateways ∗∗∗ --------------------------------------------- This advisory includes mitigations for a path traversal vulnerability in PEPPERL+FUCHS WirelessHART-Gateways network products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03 ∗∗∗ Video - Critical - Remote Code Execution - SA-CONTRIB-2019-037 ∗∗∗ --------------------------------------------- Project: Video Date: 2019-March-13 Security risk: Critical 19∕25 AC:None/A:Admin/CI:All/II:All/E:Theoretical/TD:All Vulnerability: Remote Code Execution Description: This module provides a field where editors can add videos to their content and this module offers functionality to transcode these videos to different sizes and formats.The module doesnt sufficiently sanitize some user input on administrative forms. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-037 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium), Debian (libsdl1.2 and libsdl2), Fedora (firefox), Gentoo (bind, glibc, openssl, oracle-jdk-bin, webkit-gtk, and xrootd), Mageia (kernel), openSUSE (freerdp, mariadb, and obs-service-tar_scm), Oracle (openssl), Red Hat (kernel, kernel-rt, openstack-ceilometer, openstack-octavia, and tomcat), Scientific Linux (cockpit, openssl, and tomcat), and SUSE (java-1_7_1-ibm and mariadb). --------------------------------------------- https://lwn.net/Articles/783046/ ∗∗∗ BlackBerry powered by Android Security Bulletin - March 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Ruby on Rails: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0221 ∗∗∗ IBM Security Bulletin: IBM® Db2® is vulnerable to privilege escalation via loading libraries from an untrusted path (CVE-2019-4094). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-is-vulnerable… ∗∗∗ IBM Security Bulletin: Security vulnerability in the IBM HTTP Server (CVE-2018-17199) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud Transformation Advisor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.03.2019
by Daily end-of-shift report 13 Mar '19

13 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-03-2019 18:00 − Mittwoch 13-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Zertifizierungsstellen: Millionen TLS-Zertifikate mit fehlendem Zufallsbit ∗∗∗ --------------------------------------------- Viele TLS-Zertifikate wurden nicht nach den geltenden Regeln ausgestellt. Sie müssten eine zufällige 64-Bit-Seriennummer haben, es sind aber real nur 63 Bit. Ein Risiko ist praktisch nicht vorhanden, trotzdem müssen die Zertifikate zurückgezogen werden. --------------------------------------------- https://www.golem.de/news/zertifizierungsstellen-millionen-tls-zertifikate-… ∗∗∗ E-Learnings Digitale Sicherheit ∗∗∗ --------------------------------------------- Informationssicherheit hat für die Stadt Wien einen sehr hohen Stellenwert. Deshalb wurde ein aus sechs Modulen aufgebauter Kompakt-Kurs entwickelt, der den bewussten Umgang mit dem Thema Informationssicherheit in verschiedenen Lebenssituationen ermöglicht. [...] Am Ende kann man das erlangte Wissen bei einem kurzen Quiz überprüfen. --------------------------------------------- https://digitales.wien.gv.at/site/storyboard-e-learning/ ∗∗∗ Augen auf beim Online-Gebrauchtwagenkauf ∗∗∗ --------------------------------------------- Konsument/innen, die im Internet nach Gebrauchtwagen suchen, müssen sich vor folgender Betrugsmasche in Acht nehmen: Laut Verkaufsanzeigen befindet sich das Auto in Österreich. Später wird behauptet, dass es mittlerweile im Ausland ist und daher keine Besichtigung möglich ist. Bezahlung und Lieferung sollen versichert über erfundene Transport- und Zahlungsdienstleister erfolgen. Überwiesene Beträge sind verloren und die kommen nie an. --------------------------------------------- https://www.watchlist-internet.at/news/augen-auf-beim-online-gebrauchtwagen… ∗∗∗ Neue PGP-Keys ∗∗∗ --------------------------------------------- Nachdem unsere "alten" PGP-Keys nahe ihres Ablaufdatums sind, haben wir einen Satz neue Keys generiert. Diese sind wie üblich über den CERT.at PGP keyring verfügbar. --------------------------------------------- http://www.cert.at/services/blog/20190313150627-2400.html ===================== = Vulnerabilities = ===================== ∗∗∗ BSRT 2019 -001 Vulnerability in Management System Impacts BlackBerry AtHoc ∗∗∗ --------------------------------------------- This advisory addresses an XML External Entity Injection (XXE) vulnerability in the Management System (console) of affected versions of BlackBerry AtHoc that could potentially allow a successful attacker to read arbitrary local files from the application server or make requests on the network. BlackBerry is not aware of any exploitation of this vulnerability. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ WordPress 5.1.1 Security and Maintenance Release ∗∗∗ --------------------------------------------- WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. --------------------------------------------- https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance… ∗∗∗ Microsoft March 2019 Patch Tuesday ∗∗∗ --------------------------------------------- This month we got patches for 64 vulnerabilities. Two of them have been exploited and four have been made public before today. Both exploited vulnerabilities (CVE-2019-0808 and CVE-2019-0797) affects win32k component on multiple Windows versions, from Windows 7 to 2019, and may lead to privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. --------------------------------------------- https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/ ∗∗∗ March 2019 Office Update Release ∗∗∗ --------------------------------------------- The March 2019 Public Update releases for Office are now available! This month, there are 6 security updates and 28 non-security updates. All of the security and non-security updates are listed in KB article 4491754. A new version of Office 2013 Click-To-Run is available: 15.0.5119.1000 A new version of Office 2010 Click-To-Run is available: 14.0.7230.5000 --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2019/03/12… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libsndfile, systemd, waagent, and xmltooling), Fedora (guacamole-server, postgresql-jdbc, and xen), Oracle (cockpit and kernel), Red Hat (cockpit, docker, kernel-alt, and openssl), SUSE (ceph, java-1_7_0-ibm, java-1_7_1-ibm, openssl-1_0_0, python-azure-agent, python-numpy, and supportutils), and Ubuntu (kernel, php5, and walinuxagent). --------------------------------------------- https://lwn.net/Articles/782926/ ∗∗∗ Vuln: Wibu Systems WibuKey DRM Multiple Input Validation Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107005 ∗∗∗ Cisco Common Services Platform Collector Static Credential Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ ZDI: Hewlett Packard Enterprise Intelligent Management Center Vulnerabilities ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-271/ http://www.zerodayinitiative.com/advisories/ZDI-19-270/ http://www.zerodayinitiative.com/advisories/ZDI-19-269/ http://www.zerodayinitiative.com/advisories/ZDI-19-268/ http://www.zerodayinitiative.com/advisories/ZDI-19-267/ http://www.zerodayinitiative.com/advisories/ZDI-19-266/ http://www.zerodayinitiative.com/advisories/ZDI-19-265/ http://www.zerodayinitiative.com/advisories/ZDI-19-264/ http://www.zerodayinitiative.com/advisories/ZDI-19-263/ http://www.zerodayinitiative.com/advisories/ZDI-19-262/ http://www.zerodayinitiative.com/advisories/ZDI-19-261/ http://www.zerodayinitiative.com/advisories/ZDI-19-260/ http://www.zerodayinitiative.com/advisories/ZDI-19-259/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily