Daily

daily@lists.cert.at

1 participants
3249 discussions

Tageszusammenfassung - 30.07.2019
by Daily end-of-shift report 30 Jul '19

30 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 29-07-2019 18:00 − Dienstag 30-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ E-Bikes nicht bei limebikes.de bestellen ∗∗∗ --------------------------------------------- Haben Sie vor, sich ein E-Bike zu kaufen? Dann sollten Sie es keinesfalls bei limebikes.de bestellen. Die ansprechende Website und die unschlagbaren Preise sind Fake, es handelt sich um einen betrügerischen Shop. Ihr Bike wird trotz Bezahlung nie geliefert! --------------------------------------------- https://www.watchlist-internet.at/news/e-bikes-nicht-bei-limebikesde-bestel… ===================== = Vulnerabilities = ===================== ∗∗∗ PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records ∗∗∗ --------------------------------------------- Updated packages (that only contain a Postgres schema change) will be released later. Just upgrading at that time will not fix the vulnerability - applying the schema change is mandatory. --------------------------------------------- https://mailman.powerdns.com/pipermail/pdns-announce/2019-July/001123.html ∗∗∗ OpenSSL Security Advisory: Windows builds with insecure path defaults (CVE-2019-1552) ∗∗∗ --------------------------------------------- OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. ... However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of C:/usr/local, which may be world writable, which enables untrusted users to modify OpenSSLs default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. Severity: Low --------------------------------------------- https://www.openssl.org/news/secadv/20190730.txt ∗∗∗ Google Project Zero: Sechs interaktionslose iMessage-Lücken, eine ohne Patch ∗∗∗ --------------------------------------------- Das Sicherheitsprojekt der Suchmaschine hat ein halbes Dutzend Fehler im Apple-Betriebssystem iOS offengelegt, davon diverse kritische. --------------------------------------------- https://heise.de/-4483807 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (cutter-re and radare2), Oracle (389-ds-base, httpd, kernel, libssh2, and qemu-kvm), Red Hat (389-ds-base, chromium-browser, curl, docker, httpd, keepalived, kernel, kernel-alt, kernel-rt, libssh2, perl, podman, procps-ng, qemu-kvm, qemu-kvm-ma, ruby, samba, and vim), Scientific Linux (389-ds-base, curl, libssh2, and qemu-kvm), SUSE (bzip2 and openexr), and Ubuntu (python-urllib3 and tmpreaper). --------------------------------------------- https://lwn.net/Articles/794920/ ∗∗∗ 2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on High Voltage Products ∗∗∗ --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=2GHV057194&LanguageC… ∗∗∗ 2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on ABB Power Grids - Grid Automation products ∗∗∗ --------------------------------------------- https://new.abb.com/news/detail/28733/cyber-security-notification ∗∗∗ 2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on ABB Robot Controller Software ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=SI20192&LanguageCod… ∗∗∗ 2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on AC 800PEC ∗∗∗ --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A6671&Lang… ∗∗∗ Security Advisory - Three Vulnerabilities in Huawei PCManager Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190710-… ∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by a missing function level access control vulnerability (CVE-2019-4163) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storediq-is-affec… ∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by a denial of service attack vulnerability (CVE-2019-4165) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storediq-is-affec… ∗∗∗ IBM Security Bulletin: External Service invocation in IBM Business Space affects IBM Business Monitor (CVE-2018-1885) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-external-service-invo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.07.2019
by Daily end-of-shift report 29 Jul '19

29 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 26-07-2019 18:00 − Montag 29-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Rare Steganography Hack Can Compromise Fully Patched Websites ∗∗∗ --------------------------------------------- An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP code into JPEG files’ EXIF headers in order to upload malware onto targeted websites. --------------------------------------------- https://threatpost.com/rare-steganography-hack-can-compromise-fully-patched… ∗∗∗ A VxWorks Operating System Bug Exposes 200 Million Critical Devices ∗∗∗ --------------------------------------------- VxWorks is designed as a secure, "real-time" operating system for continuously functioning devices, like medical equipment, elevator controllers, or satellite modems. --------------------------------------------- https://www.wired.com/story/vxworks-vulnerabilities-urgent11 ∗∗∗ Finding Evil in Windows 10 Compressed Memory, Part One: Volatility andRekall Tools ∗∗∗ --------------------------------------------- Paging all digital forensicators, incident responders, and memory manager enthusiasts! Have you ever found yourself at a client site working around the clock to extract evil from a Windows 10 image? Have you hit the wall at step zero, running into difficulties viewing a process tree, or enumerating kernel modules? Or even worse, had to face the C-Suite and let them know you couldn’t find any evil? Well fear no more – FLARE has you covered. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/07/finding-evil-in-windows… ∗∗∗ Examining the Link Between TLD Prices and Abuse ∗∗∗ --------------------------------------------- Briefing Over the years, McAfee researchers have observed that certain new top-level Domains (TLDs) are more likely to be abused by cyber criminals for malicious activities than others. Our investigations reveal a negative relationship between the likelihood for abuse and registration price of some TLDs, as reported by the McAfee URL and email intelligence team. --------------------------------------------- https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/examining-the-l… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin - July 2019 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ iTunes und iCloud für Windows mit Sicherheitslücken – Updates einspielen ∗∗∗ --------------------------------------------- iTunes 12.9.6 und iCloud für Windows sollen kritische Schwachstellen beseitigen, die Apple auch in eigenen Betriebssystemen behoben hat. --------------------------------------------- https://heise.de/-4480524 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (patch, sdl-image1.2, and unzip), Fedora (deepin-clone, dtkcore, dtkwidget, and sqlite), Mageia (virtualbox), openSUSE (firefox), and SUSE (cronie and firefox). --------------------------------------------- https://lwn.net/Articles/794838/ ∗∗∗ LibreOffice: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in LibreOffice ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0662 ∗∗∗ Trend Micro OfficeScan: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode und DoS ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro OfficeScan ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen und um einen Denial of Service zu verursachen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0666 ∗∗∗ OpenLDAP: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- OpenLDAP ist eine frei verfügbare Implementierung des Verzeichnisdienstes LDAP. Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenLDAP ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0665 ∗∗∗ xpdf: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in xpdf ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herzustellen oder Informationen auszuspähen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0663 ∗∗∗ IBM Security Bulletin: IBM Cloud Automation Manager is affected by an issue with API endpoints behind the ‘docker cp’ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-automation-… ∗∗∗ IBM Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center (CVE-2019-4285) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-clickjacking-vulnerab… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Asset Analyzer. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Digital Payments ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM i2 Intelligent Analyis Platform is affected by a XML External Entity (XXE) vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i2-intelligent-an… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Digital Payments for Multi-Platform is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ HPESBUX03927 rev.1 - HP-UX BIND, Remote Denial of Service (DoS) and Remote Unauthorized Data Modification ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03944 rev.1 - HPE HP2910al-48G switches, local Arbitrary Command Execution ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.07.2019
by Daily end-of-shift report 26 Jul '19

26 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 25-07-2019 18:00 − Freitag 26-07-2019 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ No More Ransom Success Story: Saves $108+ Million in Ransomware Payments ∗∗∗ --------------------------------------------- Today marks the third anniversary of No More Ransom and through its partners from the public and private sectors, law enforcement, academia, and researchers, the project has been able to help hundreds of thousands, if not millions, of victims get their encrypted files back for free. --------------------------------------------- https://www.bleepingcomputer.com/news/security/no-more-ransom-success-story… ∗∗∗ New Loader Variant Behind Widespread Malware Attacks ∗∗∗ --------------------------------------------- Malware infection technique called TxHollower gets updated with stealthy features. --------------------------------------------- https://threatpost.com/new-loader-variant-behind-widespread-malware-attacks… ∗∗∗ MyDoom Still Active in 2019 ∗∗∗ --------------------------------------------- MyDoom is an infamous computer worm first noted in early 2004. This malware has been featured in top ten lists of the most destructive computer viruses, causing an estimated $38 billion in damage. Although now well past its heyday, MyDoom continues to be a presence in the cyber threat landscape. While not as prominent as other malware families, over the past few years MyDoom has remained relatively consistent, averaging approximately 1.1 percent of all emails we see with malware attachments. --------------------------------------------- https://unit42.paloaltonetworks.com/mydoom-still-active-in-2019/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libssh2 and patch), Fedora (kernel and kernel-headers), Mageia (vlc), Red Hat (rh-redis32-redis), SUSE (libgcrypt, libsolv, libzypp, zypper, and rmt-server), and Ubuntu (exim4, firefox, libebml, linux, linux-aws, linux-kvm, linux-raspi2, and vlc). --------------------------------------------- https://lwn.net/Articles/794694/ ∗∗∗ Vuln: Qualcomm Components CVE-2019-2307 Integer Underflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/109383 ∗∗∗ Security Advisory - DoS Vulnerability in Huawei S Series Switch Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-… ∗∗∗ Security Advisory - DoS Vulnerability in RTSP Module of Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190523-… ∗∗∗ IBM Security Bulletin: ViewONE is vulnerable to XXE attack via HTTP payload (CVE-2019-4456) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-viewone-is-vulnerable… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential SQL Injection vulnerability (CVE-2019-4032) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ cURL and libcurl vulnerability CVE-2019-5436 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55133295 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.07.2019
by Daily end-of-shift report 25 Jul '19

25 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 24-07-2019 18:00 − Donnerstag 25-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ BlueKeep, mal wieder ∗∗∗ --------------------------------------------- Das "Schöne" an der IT ist, dass uns manche Themen längerfristig begleiten. So auch die Schwachstelle mit der CVE-Nummer 2019-0708, besser bekannt unter dem Namen "BlueKeep". Wir haben davor gewarnt und darüber gebloggt - und Letzteres muss leider wieder sein. --------------------------------------------- http://www.cert.at/services/blog/20190725104348-2524.html ∗∗∗ When Users Attack! Users (and Admins) Thwarting Security Controls, (Thu, Jul 25th) ∗∗∗ --------------------------------------------- Today, I'd like to discuss a few of the Critical Controls, and how I see real people abusing or circumventing them in real companies. (Sorry, no code in todays story, but we do have some GPOs ) --------------------------------------------- https://isc.sans.edu/diary/rss/25170 ∗∗∗ Verordnung über qualifizierte Stellen – QuaSteV ∗∗∗ --------------------------------------------- Mit dieser Verordnung werden jene Erfordernisse, die qualifizierte Stellen erfüllen müssen, um Betreiber wesentlicher Dienste im Hinblick auf die von ihnen betriebenen wesentlichen Dienste gemäß § 17 Abs. 3 NISG überprüfen zu können, sowie das Verfahren zur Feststellung qualifizierter Stellen festgelegt. --------------------------------------------- https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2019_II_226/BGBLA_2019_I… ∗∗∗ Cook: security things in Linux v5.2 ∗∗∗ --------------------------------------------- Over on his blog, Kees Cook runs through the security changes that came in Linux 5.2. --------------------------------------------- https://lwn.net/Articles/794145/ ∗∗∗ Hundewelpen aus Kamerun auf Facebook? Nicht kaufen! ∗∗∗ --------------------------------------------- Immer wieder wenden sich verzweifelte Konsument/innen an uns, die im Internet Hundewelpen kaufen wollten. Egal ob auf Facebook oder auf Kleinanzeigenplattformen gilt: Soll Geld nach Kamerun oder andere weit entfernte Länder überwiesen werden, handelt es sich höchstwahrscheinlich um ein betrügerisches Angebot! Die Tiere gibt es nicht und das Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/hundewelpen-aus-kamerun-auf-facebook… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Ansible CVE-2019-10206 Remote Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. --------------------------------------------- http://www.securityfocus.com/bid/109361 ∗∗∗ FreeBSD: Bhyve out-of-bounds read in XHCI device ∗∗∗ --------------------------------------------- A misbehaving bhyve guest could crash the system or access memory that it should not be able to. --------------------------------------------- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc ∗∗∗ Exim: security release for CVE-2019-13917 ∗∗∗ --------------------------------------------- A local or remote attacker can execute programs with root privileges - if youve an unusual configuration. Mitigation: Do not use ${sort } in your configuration. Fixed in: Exim 4.92.1. --------------------------------------------- http://exim.org/static/doc/security/CVE-2019-13917.txt ∗∗∗ Micro Focus ArcSight Logger CVE-2019-3485 HTML Injection Vulnerability ∗∗∗ --------------------------------------------- Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. --------------------------------------------- https://www.securityfocus.com/bid/109363/discuss ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), Debian (exim4), Fedora (java-latest-openjdk), openSUSE (libsass, tomcat, and ucode-intel), Oracle (java-1.7.0-openjdk and thunderbird), SUSE (OpenEXR, spamassassin, and thunderbird), and Ubuntu (ansible and patch). --------------------------------------------- https://lwn.net/Articles/794623/ ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: IBM Network Performance Insight (CVE-2019-10241, CVE-2019-10247) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-network-performan… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2018-1719) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.07.2019
by Daily end-of-shift report 24 Jul '19

24 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 23-07-2019 18:00 − Mittwoch 24-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Videolan: Eine VLC-Lücke, die keine ist ∗∗∗ --------------------------------------------- Ein eher unbedeutender Fehler in einer Abhängigkeit des VLC-Players wird von Behörden fälschlich als schwere Sicherheitslücke klassifiziert und viele Medien übernehmen dies ungeprüft. Das Videolan-Projekt ist nicht erfreut. --------------------------------------------- https://www.golem.de/news/videolan-eine-vlc-luecke-die-keine-ist-1907-14275… ∗∗∗ Exim: security release ahead (CVE-2019-13917) ∗∗∗ --------------------------------------------- We discovered a vulnerability. We consider the risk of an exploit as low, you need to have a fairly unusual runtime configuration. Neither our default runtime configuration nor the runtime configuration shipped by the Debian distribution is vulnerable. This is a *heads-up* notice about the upcoming release. Coordinated Release Date (CRD) for Exim 4.92.1: Thu Jul 25 10:00:00 UTC 2019 --------------------------------------------- https://seclists.org/oss-sec/2019/q3/63 ∗∗∗ Warnung: Schadsoftware mit angeblichem BSI-Absender verschickt ∗∗∗ --------------------------------------------- Derzeit verschicken Kriminelle per E-Mail Schadsoftware und gaukeln dabei vor, die Mails stammten vom BSI. Bislang bekannte Mails nutzen die Absenderadresse "meldung(a)bsi-bund.org". Das Bundesamt für Sicherheit in der Informationstechnik (BSI) ist nicht Absender dieser Mails. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Schadsoftware-BSI… ∗∗∗ Keine Ware trotz Zahlung: epic-media.shop ∗∗∗ --------------------------------------------- Konsument/innen auf der Suche nach Wasch- und Kaffeemaschinen, Spielkonsolen, Staubsaugern, Kameras und anderen technischen Geräten stoßen auf epic-media.shop. Gute Preise verlocken zu einem schnellen Einkauf. Doch Vorsicht: Bezahlte Ware wird nie geliefert, denn hinter der Website steckt nichts als Betrug! --------------------------------------------- https://www.watchlist-internet.at/news/keine-ware-trotz-zahlung-epic-medias… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Poppler CVE-2019-9959 Integer Overflow Vulnerability ∗∗∗ --------------------------------------------- Poppler is prone to an integer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Attackers can exploit this issue to cause denial-of-service conditions. --------------------------------------------- http://www.securityfocus.com/bid/109342 ∗∗∗ Vuln: GNU Binutils libiberty CVE-2019-14250 Integer Overflow Vulnerability ∗∗∗ --------------------------------------------- GNU Binutils is prone to an integer overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. --------------------------------------------- http://www.securityfocus.com/bid/109354 ∗∗∗ Serious Remote Code Execution Flaw Affects ProFTPD Powered FTP Servers ∗∗∗ --------------------------------------------- ... it's important to note that not every FTP server running vulnerable ProFTPD can be hijacked remotely, since the attacker requires log-in to the respective targeted server, or the server should have anonymous access enabled. --------------------------------------------- https://thehackernews.com/2019/07/linux-ftp-server-security.html ∗∗∗ HAProxy CVE-2019-14241 Remote Denial of Service Vulnerability ∗∗∗ --------------------------------------------- Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to HAProxy 1.9.9 and 2.0.3 are vulnerable. --------------------------------------------- https://www.securityfocus.com/bid/109352/discuss ∗∗∗ D-Link DSL-2750U Multiple Authentication Bypass Vulnerabilities ∗∗∗ --------------------------------------------- An attacker can exploit these issues to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. D-Link DSL-2750U Router 1.11 is vulnerable; other versions may also be affected. --------------------------------------------- https://www.securityfocus.com/bid/109351/discuss ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel, linux-4.9, and neovim), Fedora (slurm), openSUSE (ImageMagick, libgcrypt, libsass, live555, mumble, neovim, and teeworlds), Oracle (java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), Red Hat (java-1.7.0-openjdk), Scientific Linux (java-1.7.0-openjdk), SUSE (glibc and openexr), and Ubuntu (mysql-5.7 and patch). --------------------------------------------- https://lwn.net/Articles/794511/ ∗∗∗ Synology-SA-19:31 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to set a new password without verification via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_31 ∗∗∗ Security Advisory - TLS Certificate Verification Vulnerability in Huawei 7900 IP Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190724-… ∗∗∗ IBM Security Bulletin: IBM Cloud Private – Session not invalidated on logout (CVE-2019-4439) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-ses… ∗∗∗ IBM Security Bulletin: In IBM Cloud Private on OpenShift icp-scc SecurityContextContraints is erroneously assigned to all pods in all namespaces ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-in-ibm-cloud-private-… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Virtualization Engine TS7700 – April 2019 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in IBM Decision Optimization for Watson Studio Local ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2019-0196;CVE-2019-0197;CVE-2019-0211;CVE-2019-0215;CVE-2019-0217; and CVE-2019-0220) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-build-forge-… ∗∗∗ IBM Security Bulletin: IBM Cloud Private for Data is affected multiple security vulnerabilities in IBM Cloud Private Kubernetes ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-for… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to CSRF attack (CVE-2019-4212) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Eclipse OpenJ9, Oracle Java SE, and IBM WebSphere Application Server affect IBM Watson Compare and Comply for IBM Cloud Private for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ec… ∗∗∗ IBM Security Bulletin: IBM Cloud Private for Data is affected by vulnerabilities in the Setup package. CVE-2018-1113 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-for… ∗∗∗ NTP vulnerability CVE-2019-11331 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K09940637 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.07.2019
by Daily end-of-shift report 23 Jul '19

23 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Montag 22-07-2019 18:00 − Dienstag 23-07-2019 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Verifying SSL/TLS configuration (part 1) ∗∗∗ --------------------------------------------- One of very important steps when performing penetration tests is to verify configuration of any SSL/TLS services. Specifically, the goal of this step is to check which protocols and ciphers are supported. This might sound easier than it is – so this will be a series of diaries where I will try to explain how to verify configuration but also how to assess risk. --------------------------------------------- https://isc.sans.edu/diary/rss/25162 ∗∗∗ QNAP und Synology warnen vor Malware-Angriffen auf schlecht gesicherte NAS ∗∗∗ --------------------------------------------- Netzwerkspeicher von QNAP und Synology sind derzeit verstärkt Attacken via Brute-Force und Exploits ausgesetzt. Die Hersteller geben Tipps zum Absichern. --------------------------------------------- https://heise.de/-4477214 ∗∗∗ Identitätsmissbrauch durch Umfrage auf selektur.net ∗∗∗ --------------------------------------------- Die Selektur GmbH gibt sich als Marktforschungsinstitut aus, bei dem Konsument/innen von Zuhause aus Produkte testen und einfach Geld verdienen können. Schon bei der Anmeldung sind Pass oder Personalausweis hochzuladen. Diese Unterlagen werden von den Kriminellen hinter selektur.net dazu genützt, ein Bankkonto zu eröffnen, welches später durch die nichtsahnenden Umfrageteilnehmer/innen freigeschaltet wird. --------------------------------------------- https://www.watchlist-internet.at/news/identitaetsmissbrauch-durch-umfrage-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: Microsoft Windows OleCreateFontIndirectExt Out of Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. --------------------------------------------- http://www.securityfocus.com/bid/109335 ∗∗∗ COModo: From Sandbox to SYSTEM (CVE-2019–3969) ∗∗∗ --------------------------------------------- Antivirus (AV) is a great target for vulnerability hunting: Large attack surface, complex parsing, and various components executing with high privileges. So a couple of months ago, I decided looked at the latest Comodo Antivirus v12.0.0.6810. I ended up finding a few cool things, however one I thought was worth covering here, which is a sandbox escape as well as a privilege escalation to SYSTEM. --------------------------------------------- https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-… ∗∗∗ macOS 10.14.6 behebt Sicherheitslücken und macht Boot Camp wieder flott ∗∗∗ --------------------------------------------- macOS 10.14.6 behebt weiterhin diverse Sicherheitslücken, die unter anderem in der Web-Engine WebKit, in Bluetooth, in Core Data, im Disk Management, in Foundation und in Siri stecken. Teilweise sind sie auch aus der Ferne ausnutzbar gewesen. Zusätzlich wurde eine Lücke im Kommunikationsdienst FaceTime geschlossen, über die sogar Code von außen ausgeführt werden konnte. --------------------------------------------- https://heise.de/-4476767 ∗∗∗ Manuelles Update notwendig: Fortinet fixt kritische Lücke in mehreren Produkten ∗∗∗ --------------------------------------------- Mehrere Versionen von FortiOS, FortiManager und FortiAnalyzer akzeptieren aufgrund eines Bugs ungültige Zertifikate. Der Hersteller rät zum sofortigen Update. --------------------------------------------- https://heise.de/-4476610 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libsdl2-image and libxslt), Oracle (java-1.8.0-openjdk and java-11-openjdk), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (bzip2, microcode_ctl, and ucode-intel), and Ubuntu (clamav, evince, linux-hwe, linux-gcp, linux-snapdragon, and squid3). --------------------------------------------- https://lwn.net/Articles/794445/ ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities (CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3863) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ BIND vulnerability CVE-2019-6471 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10092301 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.07.2019
by Daily end-of-shift report 22 Jul '19

22 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 19-07-2019 18:00 − Montag 22-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Palo Alto stümpert bei kritischer Sicherheitslücke im VPN GlobalProtect ∗∗∗ --------------------------------------------- Ein Jahr nach dem Schließen einer Sicherheitslücke informiert Palo Alto seine Kunden über die Gefahr. In der Zwischenzeit hackten Forscher damit mal eben Uber. --------------------------------------------- https://heise.de/-4476441 ===================== = Vulnerabilities = ===================== ∗∗∗ Selfblow: Secure Boot in allen Tegra X1 umgehbar ∗∗∗ --------------------------------------------- Ein Fehler im Bootloader der Tegra X1 von Nvidia ermöglicht das komplette Umgehen der Verifikation des Systemboots. Das betrifft wohl alle Geräte außer der Switch. Nvidia stellt ein Update bereit. (Tegra, Nvidia) --------------------------------------------- https://www.golem.de/news/selfblow-secure-boot-in-allen-tegra-x1-umgehbar-1… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9, exiv2, kernel, nss, openjdk-11, openjdk-8, patch, and squid3), Fedora (gvfs, libldb, and samba), Mageia (firefox, gvfs, libreswan, rdesktop, and thunderbird), openSUSE (bzip2, clementine, dbus-1, expat, fence-agents, firefox, glib2, kernel, kernel-firmware, ledger, libqb, libu2f-host, pam_u2f, libvirt, neovim, php7, postgresql10, python-requests, python-Twisted, ruby-bundled-gems-rpmhelper, ruby2.5, samba, webkit2gtk3, zeromq, and znc), Red --------------------------------------------- https://lwn.net/Articles/794363/ ∗∗∗ BlackBerry Cylance Downplays, Patches Antivirus Bypass ∗∗∗ --------------------------------------------- BlackBerry Cylance has prepared an update for its CylancePROTECT product to address a recently disclosed bypass method, but the company has downplayed the impact of the issue. read more --------------------------------------------- https://www.securityweek.com/blackberry-cylance-downplays-patches-antivirus… ∗∗∗ Pro-FTPd: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Pro-FTPd ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0642 ∗∗∗ Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der Foxit Phantom PDF Suite ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0641 ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Kubernetes (CVE-2019-11246) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (CVE-2019-2602) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-0732, CVE-2018-0739, CVE-2017-3735) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2019 – Includes Oracle Apr 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technolo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.07.2019
by Daily end-of-shift report 19 Jul '19

19 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 18-07-2019 18:00 − Freitag 19-07-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Elusive MegaCortex Ransomware Found - Here is What We Know ∗∗∗ --------------------------------------------- A sample of the ransomware called MegaCortex that is known to target the enterprise in targeted attacks has been found and analyzed. In this article, we will provide a brief look at the MegaCortex Ransomware and how it encrypts a computer. --------------------------------------------- https://www.bleepingcomputer.com/news/security/elusive-megacortex-ransomwar… ∗∗∗ The Strange Case of the Malicious Favicon ∗∗∗ --------------------------------------------- During the past year, our Remediation department has seen a large increase in the number of fully spammed sites. The common factors are strangely named and unusually located favicon.ico files, along with the creation of “bak.bak” index files peppered around the website. In the majority of the cases, the pattern is similar regardless of the size of the website or the CMS being used. We have found WordPress, Magento, Joomla, and even HTML-only sites impacted by this campaign. --------------------------------------------- https://blog.sucuri.net/2019/07/the-strange-case-of-the-malicious-favicon.h… ∗∗∗ [webapps] fuelCMS 1.4.1 - Remote Code Execution ∗∗∗ --------------------------------------------- fuelCMS 1.4.1 - Remote Code Execution --------------------------------------------- https://www.exploit-db.com/exploits/47138 ===================== = Vulnerabilities = ===================== ∗∗∗ Johnson Controls exacqVision Server ∗∗∗ --------------------------------------------- This advisory includes mitigations for an unquoted search path or element vulnerability reported in the Johnson Controls exacqVision Server. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-199-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bzip2), Fedora (freetds, kernel, kernel-headers, and knot-resolver), openSUSE (bubblewrap, fence-agents, kernel, libqb, libu2f-host, pam_u2f, and tomcat), Oracle (vim), SUSE (kernel, LibreOffice, libxml2, and tomcat), and Ubuntu (libmspack and squid, squid3). --------------------------------------------- https://lwn.net/Articles/794190/ ∗∗∗ IBM Security Bulletin: Buffer overflow vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4267) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-buffer-overflow-vulne… ∗∗∗ IBM Security Bulletin: ACLs not backed up on VxFS-HP-UX filesystems by IBM Spectrum Protect Backup-Archive Client (CVE-2019-4236) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-acls-not-backed-up-on… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMWare (CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Backup-Archive Client on Windows, Linux, and Macintosh (CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: Vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-node… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Integration Bus , IBM App Connect and WebSphere Message Broker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-1902, CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-and-denial-o… ∗∗∗ IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Client web user interface and IBM Spectrum Protect for Virtual Environments (CVE-2018-1902, CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-and-denial-o… ∗∗∗ IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by an Apache Zookeeper vulnerability (CVE-2019-0201) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-netcool-agile-ser… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Jetty affect Netcool Agile Service Manager (CVE-2019-10247, CVE-2019-10246) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Expat XML parser vulnerability CVE-2018-20843 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K51011533 ∗∗∗ VLC: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0634 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.07.2019
by Daily end-of-shift report 18 Jul '19

18 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 17-07-2019 18:00 − Donnerstag 18-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Netz- und Informationssystemsicherheitsverordnung – NISV ∗∗∗ --------------------------------------------- Am 17.07.2019 wurde die Netz- und Informationssystemsicherheitsverordnung - NISV veröffentlicht. Diese ergänzt das Bundesgesetz zur Gewährleistung eines hohen Sicherheitsniveaus von Netz- und Informationssystemen (Netz- und Informationssystemsicherheitsgesetz - NISG) und bietet die Grundlage für die Identifizierung der Betreiber wesentlicher Dienste. --------------------------------------------- https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2019_II_215/BGBLA_2019_I… ∗∗∗ WeAct: Datenleck bei Petitionsplattform von Campact ∗∗∗ --------------------------------------------- Ein Fehler auf der Petitionsplattform WeAct von Campact ermöglichte den Zugriff auf die Daten der Unterstützer. Rund 1,8 Millionen Unterzeichner sind betroffen. Die Nichtregierungsorganisation hat die Hintergründe des Fehlers veröffentlicht. (Datenleck, Datenschutz) --------------------------------------------- https://www.golem.de/news/weact-datenleck-bei-petitionsplattform-von-campac… ∗∗∗ Unseriöse Shops: Versprechen Wunderdinge – liefern minderwertige Ware! ∗∗∗ --------------------------------------------- Konsument/innen stoßen beim Surfen im Internet immer wieder auf Werbung zu Produkten, die wahre Wunderdinge versprechen. Während manche Gegenstände halten, was sie versprechen, wird in anderen Fällen billigste Ware durch aggressive Werbung an die Frau und den Mann gebracht. Ähnliches gilt für Websites wie wifiboost.pro, airfreez.pro, coolblade.pro oder cleanaqua.pro, die darüber hinaus zahlreiche gesetzliche Vorgaben beim Verkauf missachten. --------------------------------------------- https://www.watchlist-internet.at/news/unserioese-shops-versprechen-wunderd… ∗∗∗ Zoom RCE only hit those who uninstalled it: Assetnote ∗∗∗ --------------------------------------------- Local webserver searched for domain suffixes that left it open to exploitation. --------------------------------------------- https://www.zdnet.com/article/zoom-rce-only-hit-those-who-uninstalled-it-as… ===================== = Vulnerabilities = ===================== ∗∗∗ Wireshark: ASN.1 BER and related dissectors crash ∗∗∗ --------------------------------------------- It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. --------------------------------------------- https://www.wireshark.org/security/wnpa-sec-2019-20.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, firefox, and squid), CentOS (thunderbird and vim), Debian (libonig), SUSE (firefox, glibc, kernel, libxslt, and tomcat), and Ubuntu (libreoffice and thunderbird). --------------------------------------------- https://lwn.net/Articles/794104/ ∗∗∗ Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Industrial Network Director Web Services Management Agent Unauthorized Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Series Switches Open Redirect Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Blind SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FindIT Network Management Software Static Credentials Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Improper Authentication Vulnerability on PC Manager ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190718-… ∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities CVE-2019-10072 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-websphere-cast-ir… ∗∗∗ IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager IP Edition (CVE-2018-1890, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-mul… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: An IBM QRadar SIEM protocol is vulnerable to Incorrect Permission Assignment (CVE-2018-2024) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-ibm-qradar-siem-pr… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-asset-analyzer-raa-is… ∗∗∗ IBM Security Bulletin: IBM Watson Studio – Local allows mounting glusterFS without security check ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-watson-studio-loc… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer (CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017-14503) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.07.2019
by Daily end-of-shift report 17 Jul '19

17 Jul '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 16-07-2019 18:00 − Mittwoch 17-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Newly identified StrongPity operations ∗∗∗ --------------------------------------------- Alien Labs has identified an unreported and ongoing malware campaign, which we attribute with high confidence to the adversary publicly reported as “StrongPity”. Based on compilation times, infrastructure, and public distribution of samples - we assess the campaign operated from the second half of 2018 into today (July 2019). This post details new malware and new infrastructure which is used to control compromised machines. --------------------------------------------- https://www.alienvault.com/blogs/labs-research/newly-identified-strongpity-… ∗∗∗ American Express Customers Targeted by Novel Phishing Attack ∗∗∗ --------------------------------------------- The phishing campaign targeted both corporate and consumer cardholders with phishing emails full of grammatical errors but with a small but deadly twist: instead of using the regular hyperlink to the landing page trick, this one used a base HTML element to hide the malicious URL from antispam solutions. This allows the attackers to specify the base URL that should be used for all relative URLs within the phishing message, effectively splitting up the phishing landing page in two separate pieces. --------------------------------------------- https://www.bleepingcomputer.com/news/security/american-express-customers-t… ∗∗∗ Analyzis of DNS TXT Records, (Wed, Jul 17th) ∗∗∗ --------------------------------------------- At the Internet Storm Center, we already mentioned so many times that the domain name system is a goldmine for threat hunting or OSINT. A particular type of DNS record is the TXT record (or text record). It's is a type of resource record used to provide the ability to associate free text with a host or other name. ... I extracted a long list of domain names from different DNS servers logs and malicious domains lists. Then I queried TXT records for each of them. Results have been loaded into a Splunk instance to search for some juicy stuff. What did I find? --------------------------------------------- https://isc.sans.edu/diary/rss/25142 ∗∗∗ EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users ∗∗∗ --------------------------------------------- researchers at security firm Intezer Labs recently discovered a new Linux backdoor implant that appears to be under development and testing phase but already includes several malicious modules to spy on Linux desktop users. ... EvilGnome malware masquerades itself as a legit GNOME extension, a program that lets Linux users extend the functionality of their desktops. --------------------------------------------- https://thehackernews.com/2019/07/linux-gnome-spyware.html ∗∗∗ Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks ∗∗∗ --------------------------------------------- In our analysis, we observed that a user account with less privilege can gain administrator rights over the automation server if jobs are built on the master machine (i.e., the main Jenkins server), a setup enabled by default. An exploit for this can be easily written using shell spawn — a default build step. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PObGTrIqU0M/ ∗∗∗ Fehler in PowerShell Core: Angreifer könnten Windows Defender austricksen ∗∗∗ --------------------------------------------- Microsoft hat einen als "wichtig" eingestuften Sicherheitspatch für PowerShell Core veröffentlicht. Ein Angriff gelingt aber nicht ohne Weiteres. --------------------------------------------- https://heise.de/-4473123 ===================== = Vulnerabilities = ===================== ∗∗∗ Oracle Critical Patch Update Advisory - July 2019 ∗∗∗ --------------------------------------------- This Critical Patch Update contains 319 new security fixes --------------------------------------------- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libreoffice), Red Hat (thunderbird), SUSE (ardana and crowbar, firefox, libgcrypt, and xrdp), and Ubuntu (nss, squid3, and wavpack). --------------------------------------------- https://lwn.net/Articles/793966/ ∗∗∗ LibreOffice: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in LibreOffice ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0611 ∗∗∗ Security Advisory - Information Disclosure Vulnerability on Secure Input ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190717-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Apache ZooKeeper vulnerability CVE-2019-0201 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by kubectl vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Go vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9 and IBM BigFix Inventory v9. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ru… ∗∗∗ IBM Security Bulletin: Vulnerability in systemd affects Power Hardware Management Console (CVE-2019-6454) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-syst… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by WebSphere Liberty Profile vulnerability CVE-2019-4046 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2018-20685 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-rackswitch-firmwa… ∗∗∗ IBM Security Bulletin: IBM Flex System switch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-switc… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily