=====================
= End-of-Day report =
=====================
Timeframe: Montag 01-07-2019 18:00 − Dienstag 02-07-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Network Time Security: Sichere Uhrzeit übers Netz ∗∗∗
---------------------------------------------
Fast alle modernen Geräte synchronisieren ihre Uhrzeit übers Internet. Das dafür genutzte Network Time Protocol ist nicht gegen Manipulationen geschützt - bisher. Mit der Erweiterung Network Time Security soll sich das ändern.
---------------------------------------------
https://www.golem.de/news/network-time-security-sichere-uhrzeit-uebers-netz…
∗∗∗ IT-Sicherheit: BSI erarbeitet neue Mindeststandards für Browser ∗∗∗
---------------------------------------------
Vor zwei Jahren formulierte das Bundesamt für Sicherheit in der Informationstechnik Anforderungen an sichere Browser. Nun soll das Dokument aktualisiert werden, um Kommentierung wird gebeten.
---------------------------------------------
https://www.golem.de/news/it-sicherheit-bsi-erarbeitet-neue-mindeststandard…
∗∗∗ Using Powershell in Basic Incident Response - A Domain Wide "Kill-Switch", (Tue, Jul 2nd) ∗∗∗
---------------------------------------------
Now that we have the hashes for all the running processes in the AD Domain, and also have the VT Score for each hash in the system, how can we use this information? Incident Response comes immediately to mind for me. If you've ever been in a medium-to-large-scale "incident", the situation that you often find is 'we know everything seems to be infected, but out of thousands of machines, which ones are actually infected right now?
---------------------------------------------
https://isc.sans.edu/diary/rss/25088
∗∗∗ Tale of a Windows Error Reporting Zero-Day (CVE-2019-0863) ∗∗∗
---------------------------------------------
In December 2018, a hacker who goes by the alias ‘SandboxEscaper’ publicly disclosed a zero-day vulnerability in the Windows Error Reporting (WER) component. Digging deeper into her submission, I discovered another zero-day vulnerability, which could be abused to elevate system privileges. According to the Microsoft advisory, attackers exploited this bug as a zero-day in the wild until the patch was released in May 2019. So how did this bug work exactly?
---------------------------------------------
https://unit42.paloaltonetworks.com/tale-of-a-windows-error-reporting-zero-…
∗∗∗ Firefox 68: Mozilla behebt Konflikte zwischen Browser und Antiviren-Software ∗∗∗
---------------------------------------------
Frühere Firefox-Versionen kollidierten häufig mit AV-Software; Fehlermeldungen und Verbindungsprobleme waren die Folge. Mit Version 68 soll sich das ändern.
---------------------------------------------
https://heise.de/-4460657
∗∗∗ The art and science of password hashing ∗∗∗
---------------------------------------------
The recent FlipBoard breach shines a spotlight again on password security and the need for organizations to be more vigilant. Password storage is a critical area where companies must take steps to ensure they don’t leave themselves and their customer data vulnerable. Storing passwords in plaintext is recognized as a major cybersecurity blunder.
---------------------------------------------
https://www.helpnetsecurity.com/2019/07/02/password-hashing/
∗∗∗ SD-WAN Security Assessment: The First Hours ∗∗∗
---------------------------------------------
SD-WAN Security Assessment: The First HoursIntroductionSuppose you need to perform a security assessment of an SD-WAN solution.There are several reasons for this and one of them is selecting an SD-WAN provider or product.A traditional SD-WAN system involves many planes, technologies, mechanisms, services, protocols and features.It has distributed and multilayered architecture. So where should you start?
---------------------------------------------
http://www.scada.sl/2019/07/sd-wan-security-assessment-first-hours.html
∗∗∗ Achtung Fake: cyberino.store ∗∗∗
---------------------------------------------
Bestellen Sie nicht bei cyberino.store, denn Sie werden Ihre Ware nie erhalten. Es handelt sich um einen Fake-Shop!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-fake-cyberinostore/
∗∗∗ In eigener Sache: CERT.at sucht Verstärkung ∗∗∗
---------------------------------------------
Für unsere täglichen Routineaufgaben suchen wir derzeit 1 Berufsein- oder -umsteiger/in mit ausgeprägtem Interesse an IT-Security, welche/r uns bei den täglich anfallenden Standard-Aufgaben unterstützt. Details finden sich auf unserer Jobs-Seite.
---------------------------------------------
http://www.cert.at/services/blog/20190702153623-2489.html
=====================
= Vulnerabilities =
=====================
∗∗∗ SquirrelMail XSS ∗∗∗
---------------------------------------------
When viewing e-mails in HTML mode (not active by default) SquirrelMail applies a custom sanitization step in an effort to remove possibly malicious script and other content from the viewed e-mail. Due to improper handling of RCDATA and RAWTEXT type elements, the HTML parser used in this process shows differences compared to real user agent behavior. Exploiting these differences JavaScript code can be introduced which is not removed.
---------------------------------------------
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-…
∗∗∗ Patchday: Android und das löchrige Media Framework ∗∗∗
---------------------------------------------
Google hat Sicherheitsupdates veröffentlicht, die kritische Lücken in Pixel-Smartphones schließen.
---------------------------------------------
https://heise.de/-4460308
∗∗∗ VMSA-2019-0010 ∗∗∗
---------------------------------------------
VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0010.html
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (firefox, firefox-developer-edition, libarchive, and vlc), CentOS (firefox, thunderbird, and vim), Debian (firefox-esr, openssl, and python-django), Fedora (glpi and xen), Mageia (thunderbird), openSUSE (ImageMagick, irssi, libheimdal, and phpMyAdmin), Red Hat (libssh2 and qemu-kvm), Scientific Linux (firefox, thunderbird, and vim), SUSE (389-ds, cf-cli, curl, dbus-1, dnsmasq, evolution, glib2, gnutls, graphviz, java-1_8_0-openjdk, and libxslt), [...]
---------------------------------------------
https://lwn.net/Articles/792595/
∗∗∗ Linux kernel vulnerability CVE-2019-3896 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K04327111
∗∗∗ TMM vulnerability CVE-2019-6628 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K04730051
∗∗∗ F5 TMUI and iControl Rest vulnerability CVE-2019-6634 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K64855220
∗∗∗ iControl REST vulnerability CVE-2019-6637 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K29149494
∗∗∗ TMM vulnerability CVE-2019-6629 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K95434410
∗∗∗ BIG-IP HTTP profile vulnerability CVE-2019-6631 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K19501795
∗∗∗ iControl REST vulnerability CVE-2019-6620 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K20445457
∗∗∗ iControl REST and tmsh vulnerability CVE-2019-6621 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K20541896
∗∗∗ iControl REST vulnerability CVE-2019-6641 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K22384173
∗∗∗ BIG-IP TMUI vulnerability CVE-2019-6625 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K79902360
∗∗∗ iControl REST vulnerability CVE-2019-6638 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K67825238
∗∗∗ SNMP vulnerability CVE-2019-6640 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K40443301
∗∗∗ BIG-IP Appliance mode vulnerability CVE-2019-6633 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K73522927
∗∗∗ BIG-IP Appliance mode vulnerability CVE-2019-6635 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K11330536
∗∗∗ vCMP vulnerability CVE-2019-6632 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K01413496
∗∗∗ F5 SSL Orchestrator vulnerability CVE-2019-6630 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K33444350
∗∗∗ F5 SSL Orchestrator vulnerability CVE-2019-6627 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K36320691
∗∗∗ BIG-IP AFM and PEM TMUI XSS vulnerability CVE-2019-6639 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K61002104
∗∗∗ iControl REST vulnerability CVE-2019-6622 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K44885536
∗∗∗ TMM vulnerability CVE-2019-6623 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K72335002
∗∗∗ BIG-IP TMUI XSS vulnerability CVE-2019-6626 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K00432398
∗∗∗ IP Intelligence Feed List TMUI vulnerability CVE-2019-6636 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K68151373
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 28-06-2019 18:00 − Montag 01-07-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Mehrere Sicherheitslücken im Datenbankmanagementsystem IBM Db2 ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für IBM Db2. Insgesamt gilt das Sicherheitsrisiko als "hoch".
---------------------------------------------
https://heise.de/-4457961
∗∗∗ Verschlüsselte Kommunikation: Angriff auf PGP-Keyserver demonstriert hoffnungslose Situation ∗∗∗
---------------------------------------------
Mit einem gezielten Angriff auf zwei PGP-Schlüssel demonstrieren Unbekannte, dass ein zentraler Teil der PGP-Infrastruktur wahrscheinlich unrettbar kaputt ist.
---------------------------------------------
https://heise.de/-4458354
∗∗∗ Sicherheitsupdates: BIG-IP-Appliances von F5 angreifbar ∗∗∗
---------------------------------------------
In verschiedenen Netzwerkprodukten vom Hersteller F5 findet sich eine Root-Schwachstelle.
---------------------------------------------
https://heise.de/-4457976
∗∗∗ RATs and stealers rush through “Heaven’s Gate” with new loader ∗∗∗
---------------------------------------------
By Holger Unterbrink and Edmund Brumaghin. Executive summaryMalware is constantly finding new ways to avoid detection. This doesnt mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the radar for just a few days is enough to infect sufficient machines to earn a decent amount of revenue for an attack.
---------------------------------------------
https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-h…
∗∗∗ Achtung vor Job-Angeboten der Wentics GmbH ∗∗∗
---------------------------------------------
Arbeitssuchende, die Job-Börsen bei der Suche nach dem neuen Beruf nutzen, müssen sich vor betrügerischen Angeboten in Acht nehmen. So kontaktieren Kriminelle beispielsweise als Wentics GmbH Internetnutzer/innen und bieten verlockende Jobs im Home Office gegen hervorragende Bezahlung an. Betroffene dürfen keine Daten übermitteln, denn es handelt sich um einen Identitätsmissbrauch zum Zweck der Geldwäsche!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-vor-job-angeboten-der-wentic…
∗∗∗ Netzpolitik - Phishing-Mails: Betrüger setzen nun auf QR-Codes ∗∗∗
---------------------------------------------
Betrüger versuchen, Sharepoint-Logindaten zu bekommen – Bildcodes gelangen durch Spamfilter
---------------------------------------------
https://derstandard.at/2000105726829/Phishing-Mails-Betrueger-setzen-nun-au…
=====================
= Vulnerabilities =
=====================
∗∗∗ Sicherheitsupdates: Kritische Lücke in Firewalls und Hotspots von Zyxel ∗∗∗
---------------------------------------------
Verschiedene Netzwerkgeräte von Zyxel sind über eine kritische Schwachstelle attackierbar.
---------------------------------------------
https://heise.de/-4458725
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (expat, golang-go.crypto, gpac, and rdesktop), Fedora (chromium, GraphicsMagick, kernel, kernel-headers, pdns, and xen), openSUSE (chromium, dbus-1, evince, libvirt, postgresql96, tomcat, and wireshark), Oracle (thunderbird and vim), Scientific Linux (thunderbird), Slackware (irssi), SUSE (gvfs), and Ubuntu (linux-lts-xenial, linux-aws, linux-azure and linux-oem, linux-oracle, linux-raspi2, linux-snapdragon).
---------------------------------------------
https://lwn.net/Articles/792463/
∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is impacted by multiple PHP vulnerabilities(CVE-2019-11038 CVE-2019-11039 CVE-2019-11040) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel…
∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a FileServer functionality vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium…
∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib…
∗∗∗ IBM Security Bulletin: A vulnerabilityin IBM Java Runtime affect Financial Transaction Manager for Check Services for Multi-Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerabilityin-ibm…
∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services for Multi-Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: API Connect is impacted by an information leakage vulnerability in Oracle MySQL (CVE-2018-3123) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-impact…
∗∗∗ IBM Security Bulletin: Password disclosure in IBM Spectrum Protect Server (CVE-2019-4140) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-disclosure-i…
∗∗∗ IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2018-1922, CVE-2018-1923, CVE-2018-1936, CVE-2018-1978, CVE-2018-1980, CVE-2019-4014, CVE-2019-4015, CVE-2019-4016, CVE-2019-4094) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerab…
∗∗∗ IBM Security Bulletin: IBM Planning Analytics Administration is affected by a vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-planning-analytic…
∗∗∗ IBM Security Bulletin: IBM Cloud Private Monitoring is vulnerable to XSS attack in Prometheus (CVE-2018-14041) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-mon…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 27-06-2019 18:00 − Freitag 28-06-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
=====================
= Vulnerabilities =
=====================
∗∗∗ Vuln: ImageMagick Multiple Security Vulnerabilities ∗∗∗
---------------------------------------------
Successfully exploiting these issues may allow an attacker to gain access to sensitive information, bypass certain security restrictions and to perform unauthorized actions or cause a denial-of-service condition. This may aid in launching further attacks. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
ImageMagick version 7.0.8-34 is vulnerable; other versions may also be affected.
---------------------------------------------
http://www.securityfocus.com/bid/108913
∗∗∗ Vuln: OpenJPEG Multiple Security Vulnerabilities ∗∗∗
---------------------------------------------
Attackers can exploit these issues to cause the application to crash or execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
OpenJPEG version 2.3.0 and prior are vulnerable; other versions may also be affected.
---------------------------------------------
http://www.securityfocus.com/bid/108921
∗∗∗ Vuln: Symantec Endpoint Encryption CVE-2019-9703 Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
Local attackers can exploit this issue to gain elevated privileges.
Versions prior to Symantec Endpoint Encryption 11.3.0 are vulnerable.
---------------------------------------------
http://www.securityfocus.com/bid/108796
∗∗∗ Vuln: Symantec Endpoint Encryption CVE-2019-9702 Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
Local attackers can exploit this issue to gain elevated privileges.
Versions prior to Symantec Endpoint Encryption 11.3.0 are vulnerable.
---------------------------------------------
http://www.securityfocus.com/bid/108795
∗∗∗ McAfee schließt mehrere Schwachstellen in Enterprise Security Manager ∗∗∗
---------------------------------------------
Neue Versionen des SIEM von McAfee beseitigen insgesamt zehn potenzielle Angriffspunkte, von denen zum Teil ein hohes Sicherheitsrisiko ausgeht.
---------------------------------------------
https://heise.de/-4457190
∗∗∗ Medtronic recalls vulnerable MiniMed insulin pumps ∗∗∗
---------------------------------------------
Medtronic, the world’s largest medical device company, has issued a recall of some of its insulin pumps because they can be tampered with by attackers. About the vulnerable devices The affected devices are insulin pumps from the MiniMed 508 and Paradigm series ...
---------------------------------------------
https://www.helpnetsecurity.com/2019/06/28/hackable-medtronic-insulin-pumps…
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (expat and mupdf), Fedora (drupal7-uuid, php-brumann-polyfill-unserialize, and php-typo3-phar-stream-wrapper2), openSUSE (thunderbird), Oracle (thunderbird and vim), SUSE (glibc), and Ubuntu (poppler).
---------------------------------------------
https://lwn.net/Articles/792318/
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a wget vulnerability (CVE-2019-5953) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se…
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities (CVE-2019-7221, CVE-2019-6974, CVE-2018-17972, CVE-2018-9568) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se…
∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Admin Console (CVE-2019-4269) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur…
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se…
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by multiple libssh2 vulnerabilities (CVE-2019-3863, CVE-2019-3857, CVE-2019-3856, CVE-2019-3855) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se…
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a an openssl vulnerability (CVE-2018-5407) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se…
∗∗∗ IBM Security Bulletin: Sensitive information disclosure affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2019-4369) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-sensitive-information…
∗∗∗ IBM Security Bulletin: Guardium StealthBits Integration is affected by an SQLite vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-guardium-stealthbits-…
∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium…
∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an OpenSSH vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium…
∗∗∗ F5 tmsh vulnerability CVE-2019-6642 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K40378764
∗∗∗ PHOENIX CONTACT Security Advisory for Industrial Controllers ILC1x0, ILC1x1, AXC1050 and AXC3050 ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-015
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 26-06-2019 18:00 − Donnerstag 27-06-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ How Hackers Turn Microsoft Excels Own Features Against It ∗∗∗
---------------------------------------------
A pair of recent findings show how hackers can compromise Excel users without any fancy exploits.
---------------------------------------------
https://www.wired.com/story/microsoft-excel-hacking-power-query-macros
∗∗∗ Fake Instagram Verification ∗∗∗
---------------------------------------------
Across various social media platforms there are verification checkmark symbols that appear near the name of the account’s page we view. For example, this verified account indicator seen from our our Twitter page: These verification checkmarks exist as a credibility indicator to help show authenticity and integrity to social media page visitors.
---------------------------------------------
https://blog.sucuri.net/2019/06/fake-instagram-verification.html
∗∗∗ NIST Releases Report on Managing IoT Risks ∗∗∗
---------------------------------------------
Original release date: June 26, 2019The National Institute of Standards and Technology (NIST) has released the Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks report. The publication—the first in a planned series on IoT—aims to help federal agencies and other organizations manage the cybersecurity and privacy risks associated with individual IoT devices.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/06/26/nist-releases-repo…
∗∗∗ Europäischer Rechtsakt zur Cyber-Sicherheit tritt in Kraft ∗∗∗
---------------------------------------------
Der europäische Rechtsakt zur Cyber-Sicherheit ("Cybersecurity Act") ist am 27. Juni 2019 in Kraft getreten. Kernelemente des Rechtsakts sind ein neues, permanentes Mandat für die europäische Cyber-Sicherheitsagentur ENISA sowie die Einführung eines einheitlichen europäischen Zertifizierungsrahmens für IKT-Produkte, -Dienstleistungen und -Prozesse.
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Cybersecuri…
∗∗∗ GreenFlash Sundown exploit kit expands via large malvertising campaign ∗∗∗
---------------------------------------------
The GreenFlash exploit kit, which we typically saw targeting South Korean users, reaches globally with a large malvertising campaign via a popular website.Categories: Threat analysisTags: EKexploit kitGreenFlash Sundownmalvertisingseon ransomware [...]
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-ex…
∗∗∗ Bestellen Sie nicht bei media-blue.store ∗∗∗
---------------------------------------------
Wer bei media-blue.store glaubt, ein Schnäppchen ergattert zu haben, irrt sich, denn die Ware wird trotz Bezahlung nie geliefert. Es handelt sich um einen Fake-Shop!
---------------------------------------------
https://www.watchlist-internet.at/news/bestellen-sie-nicht-bei-media-bluest…
=====================
= Vulnerabilities =
=====================
∗∗∗ Epyc crypto flaw? AMD emits firmware fix for server processors after Googler smashes RAM encryption algorithms ∗∗∗
---------------------------------------------
SEV code cracked to leak secret keys Updated Microchip slinger AMD has issued a firmware patch to fix the encryption in its Secure Encrypted Virtualization technology (SEV), used to defend the memory of Linux KVM virtual machines running on its Epyc processors.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2019/06/26/amd_epyc_ke…
∗∗∗ Advanced Forum - Critical - Cross Site Scripting - SA-CONTRIB-2019-054 ∗∗∗
---------------------------------------------
Project: Advanced Forum
Version: 7.x-2.x-dev
Date: 2019-June-26
Security risk: Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-054
∗∗∗ Kritische Lücken in Cisco Data Center Network Manager ∗∗∗
---------------------------------------------
Eine Schwachstelle gefährdet Netzwerkgeräte von Cisco. Ein Sicherheitsupdate schließt mehrere Schlupflöcher.
---------------------------------------------
https://heise.de/-4456661
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (drupal7-uuid, php-brumann-polyfill-unserialize, and php-typo3-phar-stream-wrapper2), openSUSE (ansible, compat-openssl098, exempi, glib2, gstreamer-0_10-plugins-base, gstreamer-plugins-base, libmediainfo, libssh2_org, SDL2, sqlite3, and wireshark), Oracle (firefox), Red Hat (thunderbird and vim), Scientific Linux (firefox), SUSE (java-1_8_0-ibm), and Ubuntu (bzip2 and expat).
---------------------------------------------
https://lwn.net/Articles/792231/
∗∗∗ Kubernetes CLI tool security flaw lets attackers run code on host machine ∗∗∗
---------------------------------------------
Interesting bug can lead to total compromise of cloud production environments.
---------------------------------------------
https://www.zdnet.com/article/kubernetes-cli-tool-security-flaw-lets-attack…
∗∗∗ Vuln: GNU Binutils CVE-2019-12972 Heap Based Buffer Overflow Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/108903
∗∗∗ Vuln: Linux Kernel CVE-2019-12984 Null Pointer Dereference Remote Denial of Service Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/108905
∗∗∗ OpenJPEG: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0545
∗∗∗ ImageMagick: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0547
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 25-06-2019 18:00 − Mittwoch 26-06-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ YouTube Bitcoin Scams Pushing the njRAT Backdoor InfoStealer ∗∗∗
---------------------------------------------
YouTube scams are promoting software that pretends to allow users to get free Bitcoins, but instead installs the njRAT remote access Trojan and password stealer.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/youtube-bitcoin-scams-pushin…
∗∗∗ Brickerbot 2.0: Neue Schadsoftware möchte IoT-Geräte zerstören ∗∗∗
---------------------------------------------
Wie das Vorbild Brickerbot möchte die Schadsoftware Silex unsichere IoT-Geräte zerstören. Auch ungeschützte Linux-Server könnten ihr Opfer werden. Der Entwickler der Schadsoftware arbeitet an weiteren Funktionen.
---------------------------------------------
https://www.golem.de/news/brickerbot-2-0-neue-schadsoftware-moechte-iot-ger…
∗∗∗ Subdomain Takeover: Sicherheitsfirmen übernehmen Subdomain von EA ∗∗∗
---------------------------------------------
Die Subdomain eaplayinvite.ea.com des Spieleherstellers Electronic Arts ist von Sicherheitsfirmen übernommen worden. Über einen weiteren Angriff konnten die Firmen auch an Nutzerdaten gelangen.
---------------------------------------------
https://www.golem.de/news/subdomain-takeover-sicherheitsfirmen-uebernehmen-…
∗∗∗ Achtung vor Scamming im Internet ∗∗∗
---------------------------------------------
Scamming (dt. Vorschussbetrug) beschreibt eine beliebte Betrugsform im Internet, die Kriminelle nutzen, um an schnelles Geld zu gelangen. Sie versprechen ihren Opfern Erbschaften, Millionengewinne, günstige Kredite oder spielen ihnen eine Notlage vor und drängen sie zu hohen Vorschusszahlungen. Es handelt sich ausnahmslos um leere Versprechen und Geld landet ausschließlich in den Taschen der Betrüger/innen.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-vor-scamming-im-internet/
=====================
= Vulnerabilities =
=====================
∗∗∗ Vuln: Nessus CVE-2019-3961 Cross Site Scripting Vulnerability ∗∗∗
---------------------------------------------
Nessus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Nessus 8.4.0 and prior versions are vulnerable.
---------------------------------------------
http://www.securityfocus.com/bid/108892
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (python3.4), Oracle (firefox), Red Hat (firefox and kernel-alt), SUSE (ImageMagick and SUSE Manager Server 3.2), and Ubuntu (bzip2).
---------------------------------------------
https://lwn.net/Articles/792111/
∗∗∗ Security Advisory - FRP Bypass Vulnerability on Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190626-…
∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Connect:Direct Web Services (CVE-2018-1890) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-af…
∗∗∗ IBM Security Bulletin: WebSphere App Server – Out of Memory Exception can cause DOS ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-websphere-app-server-…
∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli System Automation Application Manager April 2019 CPU (CVE-2019-2684) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-…
∗∗∗ IBM Security Bulletin: A security vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2019-1559) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil…
∗∗∗ IBM Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components and Watson Content Analytics (CVE-2018-1901) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-exist…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 24-06-2019 18:00 − Dienstag 25-06-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic ∗∗∗
---------------------------------------------
Oracle WebLogic has recently disclosed and patched remote-code-execution (RCE) vulnerabilities in its software, many of which were due to insecure deserialization. Oracle addressed the most recent vulnerability, CVE-2019-2729, in an out-of-band security patch on June 18, 2019. CVE-2019-2729 was assigned a CVSS score of 9.8, making it a critical vulnerability.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fYmCaoi4AE8/
∗∗∗ Thunderbird 60.7.2: Mozilla fixt potenziell gefährliche Lückenkombination ∗∗∗
---------------------------------------------
Das Mozilla Entwickler-Team hat vergangene Woche zwei Sicherheitslücken in Thunderbird behoben, die zuvor in Firefox aktiv ausgenutzt worden war.
---------------------------------------------
https://heise.de/-4454671
∗∗∗ Side-Channel Attacks: OpenSSH erhält Schutz vor Spectre, RAMBleed und Co. ∗∗∗
---------------------------------------------
Die temporäre Verschlüsselung im RAM soll mit OpenSSH genutzte Keys künftig vor Seitenkanalangriffen schützen.
---------------------------------------------
https://heise.de/-4455055
∗∗∗ Phishing-Versuch gegen free-Kund/innen der Advanzia Bank S.A. ∗∗∗
---------------------------------------------
Konsument/innen finden eine E-Mail in ihrem Posteingang, in der sie über die Notwendigkeit einer Datenbestätigung informiert werden, um die free-Kreditkarte weiter nutzen zu können. Die Nachricht erweckt den Eindruck, von der Advanzia Bank S.A. zu stammen, doch sie wird von Kriminellen verschickt. Dem Link darf nicht gefolgt werden, denn es handelt sich um einen Phishing-Versuch!
---------------------------------------------
https://www.watchlist-internet.at/news/phishing-versuch-gegen-free-kundinne…
∗∗∗ New Mac malware abuses recently disclosed Gatekeeper zero-day ∗∗∗
---------------------------------------------
Researchers find new OSX/Linker malware abusing still-unpatched macOS Gatekeeper bypass.
---------------------------------------------
https://www.zdnet.com/article/new-mac-malware-abuses-recently-disclosed-gat…
=====================
= Vulnerabilities =
=====================
∗∗∗ TYPO3 9.5.8 and 8.7.27 security releases published ∗∗∗
---------------------------------------------
We are announcing the release of the following TYPO3 updates: TYPO3 9.5.8 LTS TYPO3 8.7.27 LTS All versions are security releases and contain important security fixes
---------------------------------------------
https://typo3.org/article/typo3-958-and-8727-security-releases-published/
∗∗∗ TYPO3-EXT-SA-2019-014: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin) ∗∗∗
---------------------------------------------
CVE: CVE-2019-11768 and CVE-2019-12616 * PMASA-2019-3: SQL injection in Designer feature * PMASA-2019-4: CSRF vulnerability in login form
---------------------------------------------
https://typo3.org/security/advisory/typo3-ext-sa-2019-014/
∗∗∗ Kubernetes CVE-2019-11246 Incomplete Fix Arbitrary File Overwrite Vulnerability ∗∗∗
---------------------------------------------
Kubernetes is prone to a vulnerability that may allow attackers to overwrite arbitrary files. Successful exploits may allow an attacker to write arbitrary files in the context of the user running the affected application. Versions prior to kubernetes 1.12.9, 1.13.6, and 1.14.2 are vulnerable.
---------------------------------------------
https://www.securityfocus.com/bid/108866/discuss
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (python), Debian (bzip2, libvirt, python2.7, python3.4, rdesktop, and thunderbird), Fedora (thunderbird and tomcat), openSUSE (aubio, docker, enigmail, GraphicsMagick, and python-Jinja2), SUSE (kernel, libvirt, postgresql96, and tomcat), and Ubuntu (ceph, firefox, imagemagick, libmysofa, linux, linux-hwe, neutron, and policykit-desktop-privileges).
---------------------------------------------
https://lwn.net/Articles/792006/
∗∗∗ Alpine Linux Docker image vulnerability CVE-2019-5021 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K25551452
∗∗∗ QEMU: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0541
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 21-06-2019 18:00 − Montag 24-06-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Microsoft: Were fighting Windows malware spread via Excel in email with bad macro ∗∗∗
---------------------------------------------
Earlier this month Microsoft warned that attackers were firing spam that exploited an Office flaw to install a trojan. The bug meant the attackers didn't require Windows users to enable macros.
However, a new malware campaign that doesn't exploit a specific vulnerability in Microsoft software takes the opposite approach, using malicious macro functions in an Excel attachment to compromise fully patched Windows PCs.
---------------------------------------------
https://www.zdnet.com/article/microsoft-were-fighting-windows-malware-sprea…
=====================
= Vulnerabilities =
=====================
∗∗∗ Kritische Schwachstelle in bzip2 - je nach Setup für RCE ausnutzbar ∗∗∗
---------------------------------------------
Kritische Schwachstelle in bzip2 - je nach Setup für RCE ausnutzbar 24. Juni 2019 Beschreibung In der Kompressions-Software bzip2 gibt es eine Lücke, durch die sich in manchen Konfigurationen beliebiger Code mit den Rechten des Benutzers ausführen lässt. CVSS3 Score: 9.8 (laut NIST NVD) CVE-Nummer: CVE-2019-12900 Auswirkungen Angreifer müssen es schaffen, entsprechend präparierte komprimierte Dateien zur Dekompression zu bringen. Dies kann zB durch Versand solcher
---------------------------------------------
http://www.cert.at/warnings/all/20190624.html
∗∗∗ Tor Browser 8.5.3 Fixes a Sandbox Escape Vulnerability in Firefox ∗∗∗
---------------------------------------------
Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest version.
---------------------------------------------
https://www.bleepingcomputer.com/news/software/tor-browser-853-fixes-a-sand…
∗∗∗ Sicherheitslücke: Outlook-App ermöglichte Auslesen von E-Mails ∗∗∗
---------------------------------------------
Eigentlich sollte in E-Mails eingebetteter Javascript-Code nicht ausgeführt werden. Mit der Android-Version von Microsofts Outlook war dies durch einen Trick möglich. Mit einer präparierten E-Mail konnte unter anderem das Mailkonto ausgelesen werden.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-outlook-app-ermoeglichte-ausles…
∗∗∗ Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer ∗∗∗
---------------------------------------------
If you use VLC media player on your computer and havent updated it recently, dont you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. Thats because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities...
---------------------------------------------
https://thehackernews.com/2019/06/vlc-media-player-hacking.html
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (jackson-databind, libvirt, pdns, and vim), Fedora (evince, firefox, gjs, libxslt, mozjs60, and poppler), openSUSE (dbus-1, firefox, ImageMagick, netpbm, openssh, and thunderbird), Oracle (libssh2, libvirt, and python), Scientific Linux (python), SUSE (compat-openssl098 , dbus-1 , evince , exempi , firefox , glib2 , gstreamer-0_10-plugins-base , gstreamer-plugins-base , java-1_8_0-ibm , libssh2_org , libvirt , netpbm , samba , SDL2 , sqlite3 , thunderbird, wireshark), Ubuntu (web2py)
---------------------------------------------
https://lwn.net/Articles/791921/
∗∗∗ cURL: Windows OpenSSL engine code injection ∗∗∗
---------------------------------------------
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.
This flaw exists in the official curl-for-windows binaries built and hosted by the curl project (all versions up to and including 7.65.1_1). It does not exist in the curl executable shipped by Microsoft, bundled with Windows 10. It possibly exists in other curl builds for Windows too that uses OpenSSL.
---------------------------------------------
https://curl.haxx.se/docs/CVE-2019-5443.html
∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Nagios XI ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder vertrauliche Daten einzusehen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0534
∗∗∗ Mattermost security update 5.11.1 / 5.10.2 / 5.9.2 / 4.10.10 (ESR) released ∗∗∗
---------------------------------------------
We are releasing a recommended security update via Mattermost Team Edition 5.11.1, 5.10.2, 5.9.2 and 4.10.10 (ESR) and Mattermost Enterprise Edition 5.11.1, 5.10.2, 5.9.2 and 4.10.10 (ESR). This security update addresses a medium-level vulnerability discovered during a security research review by Zonduu.
---------------------------------------------
https://mattermost.com/blog/mattermost-security-update-5-11-1-5-10-2-5-9-2-…
∗∗∗ Secure Hub accepts 10 digit worxpin when "PIN Length Requirement" Client Property is set to more than 10 ∗∗∗
---------------------------------------------
Secure Hub when enrolling would prompt for Worxpin post successful enrollment and you would observe that Worxpin requirement is met as soon as 10 Digit PIN is set while XM console has PIN Length Requirement set to more than 10.
---------------------------------------------
https://support.citrix.com/article/CTX256810
∗∗∗ IBM Security Bulletin: Vulnerability affects IBM Cloud Object Storage SDK Java (June 2019) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-affects…
∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Access Manager Appliance ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL affect QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-cu…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 19-06-2019 18:00 − Freitag 21-06-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Botnet Uses SSH and ADB to Create Android Cryptomining Army ∗∗∗
---------------------------------------------
Researchers discovered a cryptocurrency mining botnet that uses the Android Debug Bridge (ADB) Wi-Fi interface and SSH connections to hosts stored in the known_hosts list to spread to other devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-c…
=====================
= Vulnerabilities =
=====================
∗∗∗ PHOENIX CONTACT Automation Worx Software Suite ∗∗∗
---------------------------------------------
This advisory includes mitigations for access of uninitialized pointer, out-of-bounds read, and use after free vulnerabilities reported in Phoenix Contacts Automation Worx Software Suite.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-171-01
∗∗∗ Cisco schließt zwei kritische und zahlreiche weitere Schwachstellen ∗∗∗
---------------------------------------------
Updates für Ciscos SD-WAN-Lösung und DNA Center beseitigen kritische Sicherheitsprobleme. Aber auch zahlreiche weitere Produkte wurden frisch gepatcht.
---------------------------------------------
https://heise.de/-4451734
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, gvfs, intel-microcode, and python-urllib3), Fedora (advancecomp, firefox, freeradius, kubernetes, pam-u2f, and rubygem-jquery-ui-rails), openSUSE (elfutils and sssd), Red Hat (chromium-browser), SUSE (doxygen and samba), and Ubuntu (evince, firefox, Gunicorn, libvirt, and sqlite3).
---------------------------------------------
https://lwn.net/Articles/791572/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (libvirt and python), Debian (intel-microcode, php-horde-form, and znc), Fedora (firefox), Mageia (firefox, flash-player-plugin, git, graphicsmagick, kernel, kernel-linus, kernel-tmb, phpmyadmin, and thunderbird), Oracle (libssh2, libvirt, and python), Red Hat (libvirt and python), Scientific Linux (libvirt), Slackware (bind and mozilla), SUSE (enigmail), and Ubuntu (bind9, intel-microcode, mosquitto, postgresql-10, postgresql-11, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/791669/
∗∗∗ Synology-SA-19:28 Linux kernel ∗∗∗
---------------------------------------------
CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 allow remote attackers to conduct denial-of-service attacks via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_28
∗∗∗ Multiple vulnerabilities in VAIO Update ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN13555032/
∗∗∗ Intel-SA-00213: Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT vulnerabilities ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K42117350
∗∗∗ Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
∗∗∗ Security vulnerabilities fixed in Thunderbird 60.7.2 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/
∗∗∗ AirPort Base Station Firmware Update 7.8.1 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT210091
∗∗∗ CVE-2019-10072 Apache Tomcat HTTP/2 DoS ∗∗∗
---------------------------------------------
https://mail-archives.apache.org/mod_mbox/tomcat-announce/201906.mbox/brows…
∗∗∗ DSA-2019-084: Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Security Update for PC Doctor Vulnerability ∗∗∗
---------------------------------------------
https://www.dell.com/support/article/at/de/atdhs1/sln317291/dsa-2019-084-de…
∗∗∗ [webapps] WebERP 4.15 - SQL injection ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/47013
∗∗∗ DoS Vulnerability in Huawei S Series Switch Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-…
∗∗∗ IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following jQuery vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-mess…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability in Node.js (CVE-2019-5737) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af…
∗∗∗ IBM Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-is-a…
∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js lodash module vulnerability (CVE-2018-16487) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat…
∗∗∗ IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following WebSphere Application Server vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-mess…
∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-5390 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd…
∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 18-06-2019 18:00 − Mittwoch 19-06-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Zombieload: Intel-Microcode für Windows v1809/v1803 verfügbar ∗∗∗
---------------------------------------------
Schutz gegen Microarchitectural Data Sampling wie Zombieload: Wer noch Windows 10 oder Windows Server in einer älteren Version auf einem Intel-Prozessor nutzt, erhält nun direkt über das Betriebssystem passenden Microcode, um das System gegen Seitenkanalangriffe zu härten.
---------------------------------------------
https://www.golem.de/news/zombieload-intel-microcode-fuer-windows-v1809-v18…
∗∗∗ Pass the salt! Popular CMSs aren’t securing passwords properly ∗∗∗
---------------------------------------------
A group of researchers has discovered that many of the webs most popular content management systems are using obsolete algorithms to protect their users passwords.
---------------------------------------------
https://nakedsecurity.sophos.com/2019/06/19/popular-content-platforms-putti…
∗∗∗ Quick Detect: Exim "Return of the Wizard" Attack, (Wed, Jun 19th) ∗∗∗
---------------------------------------------
Thanks to our reader Alex for sharing some of his mail logs with the latest attempts to exploit CVE-2019-10149 (aka "Return of the Wizard"). The vulnerability affects Exim and was patched about two weeks ago. There are likely still plenty of vulnerable servers, but it looks like attackers are branching out and are hitting servers not running Exim as well.
---------------------------------------------
https://isc.sans.edu/diary/rss/25052
∗∗∗ Evading Sysmon DNS Monitoring ∗∗∗
---------------------------------------------
In a recent update to Sysmon, a new feature was introduced allowing the ability to log DNS events. While this gives an excellent datapoint for defenders (shout out to the SysInternals team for continuing to provide and support these awesome tools for free), for us as attackers, this means that should our implant or payloads attempt to communicate via DNS, BlueTeam have a potential way to pick up on indicators which could lead to detection.
---------------------------------------------
https://blog.xpnsec.com/
∗∗∗ BSI veröffentlicht Empfehlungen zur sicheren Konfiguration von Microsoft-Office-Produkten ∗∗∗
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat für den Einsatz auf dem Betriebssystem Microsoft Windows sieben Cyber-Sicherheitsempfehlungen für eine sichere Konfiguration von Microsoft Office 2013/2016/2019 erstellt. Diese behandeln zum einen übergreifende Richtlinien für Microsoft Office, zum anderen Richtlinien für sechs häufig genutzte Microsoft Office-Anwendungen (Access, Excel, Outlook, PowerPoint, Visio und Word).
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Empfehlunge…
∗∗∗ Achtung vor gefälschten News zu BitUp und Bitcoin Code ∗∗∗
---------------------------------------------
Internetnutzer/innen stoßen vermehrt auf erfundene Nachrichtenartikel, die die Angebote von Bitcoin Code oder BitUp bewerben. Berichtet wird vom „größten Deal der Geschichte“ bei den Fernsehsendungen „Die Höhle der Löwen“ oder „2 Minuten 2 Millionen“. Die Angebote auf bitcoincodesoftapps.com und bitupapp.com sind unseriös und Anleger/innen verlieren ihr Geld!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-vor-gefaelschten-news-zu-bit…
=====================
= Vulnerabilities =
=====================
∗∗∗ Zero Day: Mozilla schließt ausgenutzte Sicherheitslücke in Firefox ∗∗∗
---------------------------------------------
Firefox-Hersteller Mozilla hat eine kritische Sicherheitslücke in seinem Browser geschlossen, die wohl aktiv ausgenutzt wird. Updates stehen bereit und werden von Mozilla bereits verteilt.
---------------------------------------------
https://www.golem.de/news/zero-day-mozilla-schliesst-ausgenutzte-sicherheit…
∗∗∗ Oracle Releases Security Advisory for WebLogic ∗∗∗
---------------------------------------------
Original release date: June 19, 2019 Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/06/19/Oracle-Releases-Se…
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (dbus, firefox, kernel, linux-lts, linux-zen, and python), CentOS (bind and kernel), Debian (firefox-esr, glib2.0, and vim), Fedora (dbus, kernel, kernel-headers, mingw-libxslt, poppler, and python-gnupg), openSUSE (gnome-shell, kernel, libcroco, php7, postgresql10, python, sssd, and thunderbird), Oracle (kernel and libvirt), Red Hat (go-toolset:rhel8, gvfs, java-11-openjdk, pki-deps:10.6, systemd, and WALinuxAgent), SUSE (docker, kernel, libvirt, [...]
---------------------------------------------
https://lwn.net/Articles/791462/
∗∗∗ PHOENIX CONTACT Multiple Vulnerabilities in Automation Worx Software Suite ∗∗∗
---------------------------------------------
Security Advisory for Automation Worx Software Suite version 1.86 and earlier
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-014
∗∗∗ Vuln: Symantec DLP CVE-2019-9701 Cross Site Scripting Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/108733
∗∗∗ Samba: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0521
∗∗∗ IBM Security Bulletin: IBM API Connect is affected by sensitive information leakage in LoopBack (CVE-2019-4382) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af…
∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4377) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur…
∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Command Center (CVE-2019-2602) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM API Connect ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by sensitive information leak (CVE-2018-2013) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-…
∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by software stack information leak (CVE-2018-2011) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-…
∗∗∗ IBM Security Bulletin: API Connect V5 is vulnerable to CSRF attacks (CVE-2018-1858) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-vul…
∗∗∗ FreeBSD SACK Slowness vulnerability CVE-2019-5599 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K75521003
∗∗∗ Linux SACK Slowness vulnerability CVE-2019-11478 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K26618426
∗∗∗ Linux SACK Panic vulnerability CVE-2019-11477 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K78234183
∗∗∗ Excess resource consumption due to low MSS values vulnerability CVE-2019-11479 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K35421172
∗∗∗ Intel CSME and SPS vulnerability CVE-2019-0093 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K13710800
∗∗∗ Intel Server Platform Services vulnerability CVE-2019-0089 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K47234311
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 17-06-2019 18:00 − Dienstag 18-06-2019 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Security Alert: Booking.Com Fake Emails Infect Computers with Sodinokibi Ransomware ∗∗∗
---------------------------------------------
A new spam campaign pretending to be from Booking.com is now targeting users. The emails carry a document containing macro code. If someone clicks on the document, opens it, and allows the execution of the macro code, a loader will be spawned. This will download and run ransomware of the Sodinokibi class.
---------------------------------------------
https://heimdalsecurity.com/blog/booking-com-fake-emails-sodinokibi-ransomw…
∗∗∗ Plurox: Modular backdoor ∗∗∗
---------------------------------------------
The analysis showed the Backdoor.Win32.Plurox to have a few quite unpleasant features. What’s more, the backdoor is modular, which means that its functionality can be expanded with the aid of plugins.
---------------------------------------------
https://securelist.com/plurox-modular-backdoor/91213/
∗∗∗ Malware sidesteps Google permissions policy with new 2FA bypass technique ∗∗∗
---------------------------------------------
When Google restricted the use of SMS and Call Log permissions in Android apps in March 2019, one of the positive effects was that credential-stealing apps lost the option to abuse these permissions for bypassing SMS-based two-factor authentication (2FA) mechanisms.
We have now discovered malicious apps capable of accessing one-time passwords (OTPs) in SMS 2FA messages without using SMS permissions, circumventing Google’s recent restrictions. As a bonus, this technique also works to obtain OTPs from some email-based 2FA systems.
---------------------------------------------
https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-by…
∗∗∗ Sharing the Secrets: Pwning an industrial IoT router ∗∗∗
---------------------------------------------
I get involved in a lot of IoT and ICS pen tests and found an interesting device on one of them. I didn’t have enough time on the job to go as deep as I wanted, so got PTP to buy a couple to play with. eBay FTW! It’s an Ewon Flexy IoT Router.
---------------------------------------------
https://www.pentestpartners.com/security-blog/sharing-the-secrets-pwning-an…
∗∗∗ Bestellen Sie nicht bei lastore.net ∗∗∗
---------------------------------------------
Auch wenn die Preise bei lastore.net sehr verlockend sind, raten wir von einer Bestellung ab. Denn lastore.net ist ein Fake-Shop, der trotz Bezahlung keine Ware liefert!
---------------------------------------------
https://www.watchlist-internet.at/news/bestellen-sie-nicht-bei-lastorenet/
=====================
= Vulnerabilities =
=====================
∗∗∗ TCP SACK PANIC: Linux- und FreeBSD-Kernel lassen sich aus der Ferne angreifen ∗∗∗
---------------------------------------------
Netflix hat einige Sicherheitsprobleme im Netzwerk-Stack von Linux- und FreeBSD-Kerneln entdeckt, die sich für Denial-of-Service-Attacken eignen.
---------------------------------------------
https://heise.de/-4449183
∗∗∗ Vulnerability Spotlight: Two bugs in KCodes NetUSB affect some NETGEAR routers ∗∗∗
---------------------------------------------
KCodes’ NetUSB kernel module contains two vulnerabilities that could allow an attacker to inappropriately access information on some NETGEAR wireless routers. Specific models of these routers utilize the kernel module from KCodes, a Taiwanese company. The module is custom-made for each device, but they all contain similar functions.
---------------------------------------------
https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-two-bugs…
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (linux-hardened), Debian (kdepim, kernel, linux-4.9, and phpmyadmin), Fedora (ansible and glib2), openSUSE (kernel and vim), Oracle (bind and kernel), Red Hat (kernel and kernel-rt), Scientific Linux (bind and kernel), SUSE (dbus-1, ImageMagick, kernel, netpbm, openssh, and sqlite3), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon and linux,
---------------------------------------------
https://lwn.net/Articles/791370/
∗∗∗ Critical Flaw Exposes TP-Link Wi-Fi Extenders to Remote Attacks ∗∗∗
---------------------------------------------
A critical remote code execution vulnerability discovered by an IBM X-Force researcher allows an unauthenticated attacker to take complete control of some TP-Link Wi-Fi extenders. Firmware updates that should patch the flaw have been made available by the vendor.
---------------------------------------------
https://www.securityweek.com/critical-flaw-exposes-tp-link-wi-fi-extenders-…
∗∗∗ MISP: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
MISP ist eine Open-Source-Plattform für den Informationsaustausch über Bedrohungen.
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in MISP ausnutzen, um beliebigen Programmcode auszuführen.
CVE Liste: CVE-2019-12868
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0515
∗∗∗ Improper Access Control Vulnerability in AppDNA ∗∗∗
---------------------------------------------
A vulnerability has been identified in AppDNA that could result in access controls not being enforced when accessing the web console potentially allowing privilege escalation and remote code execution.
---------------------------------------------
https://support.citrix.com/article/CTX253828
∗∗∗ IBM Security Bulletin: Password exposure via job log in IBM Spectrum Protect Plus (CVE-2019-4385) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-exposure-via…
∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to CSV Injection (CVE-2019-4364) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana…
∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-4303) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana…
∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Tivoli System Automation for Multiplatforms April 2019 CPU (CVE-2019-2684) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-…
∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5743 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-…
∗∗∗ IBM Security Bulletin: An Arbitrary Download Vulnerability Affects IBM Campaign (CVE-2019-4384) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-arbitrary-download…
∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability Affects IBM Marketing Platform (CVE-2017-1107) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily