Daily

daily@lists.cert.at

1 participants
3249 discussions

Tageszusammenfassung - 17.06.2019
by Daily end-of-shift report 17 Jun '19

17 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-06-2019 18:00 − Montag 17-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ U.S. Govt Achieves BlueKeep Remote Code Execution, Issues Alert ∗∗∗ --------------------------------------------- The Cybersecurity and Infrastructure Security Agency (CISA) published an alert for Windows users to patch the critical severity Remote Desktop Services (RDS) RCE security flaw dubbed BlueKeep. --------------------------------------------- https://www.bleepingcomputer.com/news/security/us-govt-achieves-bluekeep-re… ∗∗∗ Ermittler entschlüsselten neue Version der GandCrab-Ransomware ∗∗∗ --------------------------------------------- Wer Opfer der Ransomware wurde, kann die Schadsoftware mit dem neuen Tool kostenfrei entfernen. --------------------------------------------- https://futurezone.at/netzpolitik/ermittler-entschluesselten-neue-version-d… ∗∗∗ An infection from Rig exploit kit, (Mon, Jun 17th) ∗∗∗ --------------------------------------------- [...] Today's diary reviews a recent example of infection traffic caused by Rig EK. --------------------------------------------- https://isc.sans.edu/diary/rss/25040 ∗∗∗ Überteuertes Visum für Kanada auf kanadaeta.com und kanada-eta.de ∗∗∗ --------------------------------------------- Zahlreiche verärgerte Konsument/innen berichten uns von überteuerten ETA-Anträgen (Electronic Travel Authorization) – also Reisegenehmigungen – auf kanadaeta.com und kanada-eta.de. Statt etwa 5 Euro auf der offiziellen Website der kanadischen Regierung werden hier zwischen 50 und 80 Euro für ein Visum verrechnet. Die Watchlist Internet empfiehlt: Die offizielle Regierungswebsite nutzen! --------------------------------------------- https://www.watchlist-internet.at/news/ueberteuertes-visum-fuer-kanada-auf-… ∗∗∗ Security researcher finds critical XSS bug in Googles Invoice Submission Portal ∗∗∗ --------------------------------------------- Security bug would have allowed hackers access to one of Googles backend apps. --------------------------------------------- https://www.zdnet.com/article/security-researcher-finds-critical-xss-bug-in… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and thunderbird), Debian (php-horde-form, pyxdg, thunderbird, and znc), Fedora (containernetworking-plugins, mediawiki, and podman), openSUSE (chromium), Red Hat (bind, chromium-browser, and flash-plugin), SUSE (docker, glibc, gstreamer-0_10-plugins-base, gstreamer-plugins-base, postgresql10, sqlite3, and thunderbird), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/791277/ ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-pla… ∗∗∗ IBM Security Bulletin: Vulnerability in strongswan affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-stro… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL and strongswan affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-fabric-os-firmware-fo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.06.2019
by Daily end-of-shift report 14 Jun '19

14 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-06-2019 18:00 − Freitag 14-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs ∗∗∗ --------------------------------------------- Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations’ computing resources to use for malicious purposes and it remains a top security concern. In this blog post, we will detail an attack type where an API [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/T-m0jjHJA_o/ ∗∗∗ Security and Privacy, Two Sides of the Same Coin ∗∗∗ --------------------------------------------- ENISA Annual Privacy Forum 2019 --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/security-and-privacy-two-sides-… ∗∗∗ Phishing-Mails gaukeln Ende von WhatsApp-Abonnement vor ∗∗∗ --------------------------------------------- Eine aktuelle Phishing-Welle versucht, WhatsApp-Nutzer über ein angeblich auslaufendes Abonnement zur Preisgabe von Zahlungsdaten zu bewegen. --------------------------------------------- https://heise.de/-4447165 ∗∗∗ Linux servers under attack via latest Exim flaw ∗∗∗ --------------------------------------------- It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149). Active campaigns One security enthusiast detected exploitation attempts five days ago: [...] --------------------------------------------- https://www.helpnetsecurity.com/2019/06/14/exploiting-cve-2019-10149/ ∗∗∗ Adware and PUPs families add push notifications as an attack vector ∗∗∗ --------------------------------------------- Push notifications are being added to the arsenal of PUPs, adware, and even a Trojan browser extension that spams Facebook groups. --------------------------------------------- https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-p… ∗∗∗ Yubico Replacing YubiKey FIPS Devices Due to Security Issue ∗∗∗ --------------------------------------------- Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA signatures generated on these devices to have reduced strength. --------------------------------------------- https://www.securityweek.com/yubico-replacing-yubikey-fips-devices-due-secu… ∗∗∗ French Authorities Release Free Decryptor for PyLocky Ransomware ∗∗∗ --------------------------------------------- The French Ministry of Interior has released a free decryption tool for the PyLocky ransomware to help victims recover their data. --------------------------------------------- https://www.securityweek.com/french-authorities-release-free-decryptor-pylo… ∗∗∗ MISP 2.4.109 released (aka cool-attributes-to-object) ∗∗∗ --------------------------------------------- MISP 2.4.109 releasedA new version of MISP (2.4.109) has been released with a host of new features, improvements, bug fixes and a minor security fix. We strongly advise all users to update their MISP installations to this latest version. --------------------------------------------- https://www.misp-project.org/2019/06/14/MISP.2.4.109.released.html ===================== = Vulnerabilities = ===================== ∗∗∗ BD Alaris Gateway Workstation ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper access control and unrestricted upload of file with dangerous type vulnerabilities reported in BD’s Alaris Gateway Workstation. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01 ∗∗∗ Johnson Controls exacqVision Enterprise System Manager ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper authorization vulnerability reported in Johnson Controls exacqVision Enterprise System Manager. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-164-01 ∗∗∗ Xen Security Advisory XSA-295 - Unlimited Arm Atomics Operations ∗∗∗ --------------------------------------------- An attacker in a domU could perform a denial of service attack on Xen by accessing a memory region shared with the hypervisor, while Xen is performing an atomic operation on the same region. As a result Xen could end up looping boundlessly. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-295.txt ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (gvim, lib32-openssl, openssl, and vim), Debian (dbus), Fedora (dovecot, evince, js-jquery-jstree, libxslt, php-phpmyadmin-sql-parser, and phpMyAdmin), openSUSE (neovim and rubygem-rack), Oracle (docker-engine and python), Scientific Linux (python), Slackware (mozilla), and SUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, elfutils, libvirt, and python-requests). --------------------------------------------- https://lwn.net/Articles/791165/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact Remote Code Execution (CVE-2019-4103) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-netcool-im… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is affected by a XXE (XML External Entity) Injection vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Notes 9 and Domino 9 are affected by Open Source James Clark Expat Vulnerabilities (CVE-2013-0340, CVE-2013-0341) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-notes-9-and-domin… ∗∗∗ IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cognos-controller… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.06.2019
by Daily end-of-shift report 13 Jun '19

13 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-06-2019 18:00 − Donnerstag 13-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ What is "THAT" Address Doing on my Network, (Thu, Jun 13th) ∗∗∗ --------------------------------------------- Disclosure: ISC does not endorse any one particular vendor. That said, you may recognize what type of firewall I use :) --------------------------------------------- https://isc.sans.edu/diary/rss/25028 ∗∗∗ LDAP Swiss Army Knife ∗∗∗ --------------------------------------------- This paper presents the "LDAP Swiss Army Knife", an easy to use LDAP server implementation built for penetration oder software testing. Apart from general usage as a server or proxy it also shows some specific attacks against Java/JNDI based LDAP clients. --------------------------------------------- https://packetstormsecurity.com/files/153270/LDAP-Swiss-Army-Knife.html ∗∗∗ SandboxEscaper enthüllt fünften Win-Exploit, Microsoft patcht die übrigen ∗∗∗ --------------------------------------------- Pünktlich zum Patchday hat Microsoft auch die 0-Day-Lücken des Hackers "SandboxEscaper" geschlossen. Alle bis auf eine. --------------------------------------------- https://heise.de/-4445318 ∗∗∗ Vermeintliche E-Mail von A1 ignorieren ∗∗∗ --------------------------------------------- Eine E-Mail von A1, in der es heißt, dass Ihnen irrtümlicherweise 86,43 Euro in Rechnung gestellt wurde, können Sie ignorieren. Es handelt sich um einen Versuch, an Ihre Zugangs- und Bankdaten zu gelangen. --------------------------------------------- https://www.watchlist-internet.at/news/vermeintliche-e-mail-von-a1-ignorier… ∗∗∗ SEC security alert warns about misconfigured NAS, DBs, and cloud storage servers ∗∗∗ --------------------------------------------- SEC OCIE inspections finds that companies have failed to properly secure network-accessible storage systems. --------------------------------------------- https://www.zdnet.com/article/sec-security-alert-warns-about-misconfigured-… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ About the security content of iCloud for Windows 10.4 ∗∗∗ --------------------------------------------- This document describes the security content of iCloud for Windows 10.4. --------------------------------------------- https://support.apple.com/en-us/HT210212 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (firefox, kernel, kernel-headers, libreswan, python-urllib3, and vim), Red Hat (python), SUSE (sssd), and Ubuntu (dbus). --------------------------------------------- https://lwn.net/Articles/791052/ ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2019-4403) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-secur… ∗∗∗ IBM Security Bulletin: IBM i Clustering is affected by CVE-2019-4381 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-clustering-is-a… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud April 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in Python affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-py… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.06.2019
by Daily end-of-shift report 12 Jun '19

12 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-06-2019 18:00 − Mittwoch 12-06-2019 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft Releases June 2019 Office Updates With Security Fixes ∗∗∗ --------------------------------------------- Microsoft released the June 2019 Office Updates today, which consist of 13 security updates and 13 non-security updates. Given that some of the Microsoft Office security updates issued today also resolve critical vulnerabilities, it is strongly advised to install them as soon as possible. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-releases-june-2019… ∗∗∗ Bad Cert Vulnerability Can Bring Down Any Windows Server ∗∗∗ --------------------------------------------- A Google security expert today revealed that an unpatched issue in the main cryptographic library in Microsofts operating system can cause a denial-of-service (DoS) condition on Windows 8 servers and above. --------------------------------------------- https://www.bleepingcomputer.com/news/security/bad-cert-vulnerability-can-b… ∗∗∗ Ransomware identification for the judicious analyst ∗∗∗ --------------------------------------------- When facing a ransomware infection, it helps to be familiar with some tools as well as key points to identify ransomware correctly. --------------------------------------------- https://www.gdatasoftware.com/blog/2019/06/31666-ransomware-identification-… ∗∗∗ RAMBleed: Rowhammer kann auch Daten auslesen ∗∗∗ --------------------------------------------- Mit Angriffen durch RAM-Bitflips lassen sich unberechtigt Speicherinhalte auslesen. Als Demonstration zeigen Forscher, wie sie mit Nutzerrechten einen RSA-Key eines SSH-Daemons auslesen können. --------------------------------------------- https://www.golem.de/news/rambleed-rowhammer-kann-auch-daten-auslesen-1906-… ∗∗∗ DICOM Standard in Medical Devices ∗∗∗ --------------------------------------------- NCCIC is aware of a public report of a vulnerability in the DICOM (Digital Imaging and Communications in Medicine) standard with proof-of-concept (PoC) exploit code. The DICOM standard is the international standard to transmit, store, retrieve, print, process, and display medical imaging information. According to this report, the vulnerability is exploitable by embedding executable code into the 128 byte preamble. This report was released without coordination with NCCIC or any known vendor. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-19-162-01 ∗∗∗ AVML - Acquire Volatile Memory for Linux ∗∗∗ --------------------------------------------- AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary. AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori. No on-target compilation or fingerprinting is needed. --------------------------------------------- https://github.com/microsoft/avml ∗∗∗ Windows-Schwachstelle „Bluekeep“: Erneute Warnung vor wurmartigen Angriffen ∗∗∗ --------------------------------------------- Wurmartige Cyber-Angriffe mit den Schadprogrammen WannaCry und NotPetya haben im Jahr 2017 weltweit Millionenschäden verursacht und einzelne Unternehmen in Existenznöte gebracht. Ein vergleichbares Szenario ermöglicht die kritische Schwachstelle Bluekeep, die im Remote-Desktop-Protocol-Dienst (RDP) von Microsoft-Windows enthalten ist. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hatte bereits im Mai ebenso wie Microsoft vor dieser Schwachstelle gewarnt und --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Windows-Sch… ∗∗∗ Achtung vor angeblichen Microsoft-Anrufen ∗∗∗ --------------------------------------------- Eine neue Welle angeblicher Microsoft Anrufe rollt momentan über Österreich hinweg. Die Anrufer/innen behaupten, Probleme auf den Geräten der Betroffenen gefunden zu haben. Vorsicht: Es handelt sich um Betrüger/innen, die versuchen, Zugriff auf das System ihrer Opfer zu erhalten und Daten zu stehlen. Konsument/innen sollten derartige Anrufe umgehend beenden. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-angeblichen-microsoft-an… ===================== = Vulnerabilities = ===================== ∗∗∗ Intel Releases Security Updates, Mitigations for Multiple Products ∗∗∗ --------------------------------------------- Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Sec… ∗∗∗ Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series ∗∗∗ --------------------------------------------- The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities resulting from old software components embedded in the firmware. --------------------------------------------- https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-wago… ∗∗∗ Patchday: Gefährliche Lücke in Aufgabenplanung von Windows 10 gepatcht ∗∗∗ --------------------------------------------- Microsoft hat jede Menge Sicherheitsupdates für Windows, Office und weitere Software veröffentlicht. Viele Lücke gelten als kritisch. --------------------------------------------- https://heise.de/-4444614 ∗∗∗ Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine ∗∗∗ --------------------------------------------- The Preempt research team found two critical Microsoft vulnerabilities that consist of three logical flaws in NTLM, the company’s proprietary authentication protocol. These vulnerabilities allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS. The research shows that all Windows versions are vulnerable. --------------------------------------------- https://www.helpnetsecurity.com/2019/06/11/microsoft-ntlm-vulnerabilities/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libgd2, mediawiki, otrs2, vlc, and zookeeper), Fedora (containernetworking-plugins, kernel, kernel-headers, nodejs-tough-cookie, podman, python-django, and python-urllib3), openSUSE (virtualbox), SUSE (gnome-shell, libcroco, and php7), and Ubuntu (dbus, Neovim, and vim). --------------------------------------------- https://lwn.net/Articles/790976/ ∗∗∗ Flaw in Evernote Extension Allows Hackers to Steal Data ∗∗∗ --------------------------------------------- A vulnerability identified by researchers in a popular Evernote extension for Chrome can be exploited by hackers to steal sensitive information from the websites accessed by a user. read more --------------------------------------------- https://www.securityweek.com/flaw-evernote-extension-allows-hackers-steal-d… ∗∗∗ MISP: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- MISP ist eine Open-Source-Plattform für den Informationsaustausch über Bedrohungen. Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in MISP ausnutzen, um seine Privilegien zu erhöhen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0491 ∗∗∗ Security Advisory - DLL Hijacking Vulnerability on Huawei HiSuite ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190612-… ∗∗∗ IBM Security Bulletin: A security vulnerability has been idenfied in IBM SDK which affects IBM Db2 Query Management Facility for z/OS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.06.2019
by Daily end-of-shift report 11 Jun '19

11 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-06-2019 18:00 − Dienstag 11-06-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Paketmanagement: Java-Dependencies über unsichere HTTP-Downloads ∗∗∗ --------------------------------------------- In zahlreichen Java-Projekten werden Abhängigkeiten ungeprüft über HTTP ohne TLS heruntergeladen. Ein Netzwerkangreifer kann dadurch trivial die Downloads manipulieren und Schadcode ausführen. --------------------------------------------- https://www.golem.de/news/paketmanagement-java-dependencies-ueber-unsichere… ∗∗∗ Tip: Sysmon Will Log DNS Queries ∗∗∗ --------------------------------------------- [...] Mark announced a new version of Sysmon that will log DNS queries (and replies): [...] --------------------------------------------- https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/ ∗∗∗ Microsoft Office: Gefährliches RTF-Dokument bringt Backdoor-Trojaner mit ∗∗∗ --------------------------------------------- Derzeit nutzen Angreifer vermehrt eine zwei Jahre alte Office-Lücke aus, für die es bereits einen Patch gibt. Dabei stehen vor allem Ziele in Europa im Fokus. --------------------------------------------- https://heise.de/-4444187 ∗∗∗ China Telecom Routes European Traffic to Its Network for Two Hours ∗∗∗ --------------------------------------------- For two hours last week, a BGP route leak resulted in large portions of European Internet traffic being routed through China Telecom’s network. read more --------------------------------------------- https://www.securityweek.com/china-telecom-routes-european-traffic-its-netw… ∗∗∗ Bitcoin-Erpressungs-Mail mit erfundenen Webcam-Aufnahmen ∗∗∗ --------------------------------------------- Kriminelle versenden massenhaft E-Mails an Internet-Nutzer/innen, in denen sie behaupten, dass die Systeme der Empfänger/innen gehackt wurden. Sie geben an, dadurch Videos über die Webcam aufgenommen zu haben, die die Empfänger/innen beim Masturbieren zeigen sollen. Um eine Verbreitung der Aufnahmen zu verhindern, werden 2000 Euro in Bitcoins gefordert. Es besteht kein Grund zur Sorge, denn es handelt sich um einen Erpressungsversuch und die Videos existieren nicht. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressungs-mail-mit-erfunde… ∗∗∗ Major HSM vulnerabilities impact banks, cloud providers, governments ∗∗∗ --------------------------------------------- Researchers disclose major vulnerabilities in HSMs (Hardware Security Modules). --------------------------------------------- https://www.zdnet.com/article/major-hsm-vulnerabilities-impact-banks-cloud-… ∗∗∗ Das CERT, das Wolf rief ∗∗∗ --------------------------------------------- Die Fabel ist bekannt: dem Hirtenjungen war fad, er schlug Alarm ("Wolf!"), um die Eintönigkeit zu vertreiben, und als dann der Wolf wirklich da war, hörte keiner mehr auf seinen Hilferuf. Wir haben regelmäßig ein ähnliches Thema: Wir sollen möglichst früh vor kommenden Problemen warnen, aber wenn der vorhergesagte Notfall doch nicht eintritt, dann senkt das unsere Glaubwürdigkeit. --------------------------------------------- http://www.cert.at/services/blog/20190611093533-2484.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe ColdFusion (APSB19-27), Adobe Flash Player (APSB19-30) and Adobe Campaign (APSB19-28). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1760 ∗∗∗ SAP Security Patch Day – June 2019 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580 ∗∗∗ --------------------------------------------- There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, including denial of service and the disclosure of sensitive information. --------------------------------------------- https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-multiple… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and pam-u2f), Debian (cyrus-imapd), Fedora (curl, cyrus-imapd, kernel, kernel-headers, php, and vim), openSUSE (axis, bind, bubblewrap, evolution, firefox, gnome-shell, libpng16, and rmt-server), Oracle (edk2 and kernel), and SUSE (bind, cloud7, and libvirt). --------------------------------------------- https://lwn.net/Articles/790818/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind and thunderbird), Mageia (firefox, ghostscript, graphicsmagick, imagemagick, postgresql, and thunderbird), Oracle (kernel), Red Hat (Advanced Virtualization and rh-haproxy18-haproxy), SUSE (bind, gstreamer-0_10-plugins-base, thunderbird, and vim), and Ubuntu (elfutils, glib2.0, and libsndfile). --------------------------------------------- https://lwn.net/Articles/790875/ ∗∗∗ Synology-SA-19:26 Photo Station ∗∗∗ --------------------------------------------- These vulnerabilities allow remote attackers to obtain sensitive information or modify system settings via a susceptible version of Photo Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_26 ∗∗∗ IBM Security Bulletin: IBM MQ Advanced Cloud Pak may print out plain text credentials in logs. (CVE-2019-4239) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud… ∗∗∗ [20190603] - Core - ACL hardening of com_joomlaupdate ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_M8Ux7hoaTM/785-20190603-c… ∗∗∗ [20190602] - Core - XSS in subform field ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/pYcjfxwUS9o/784-20190602-c… ∗∗∗ [20190601] - Core - CSV injection in com_actionlogs ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/XjAgqEhAS7g/783-20190601-c… ∗∗∗ # SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt ∗∗∗ # SSA-557804: Mirror Port Isolation Vulnerability in SCALANCE X switches ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-557804.txt ∗∗∗ # SSA-480230: Denial-of-Service in Webserver of Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-480230.txt ∗∗∗ # SSA-307392: Denial-of-Service in OPC UA in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt ∗∗∗ # SSA-254686: Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt ∗∗∗ # SSA-181018: Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-181018.txt ∗∗∗ # SSA-816980: Multiple Web Vulnerabilities in SIMATIC Ident MV420 and MV440 families ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-816980.txt ∗∗∗ # SSA-774850: Vulnerabilities in SIEMENS LOGO!8 devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-774850.txt ∗∗∗ # SSA-646841: Recoverable Password from Configuration Storage in SCALANCE X Switches ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-646841.txt ∗∗∗ # SSA-212009: Vulnerabilities in Siveillance VMS ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-212009.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.06.2019
by Daily end-of-shift report 07 Jun '19

07 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-06-2019 18:00 − Freitag 07-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ SandboxEscaper Debuts ByeBear Windows Patch Bypass ∗∗∗ --------------------------------------------- SandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch. --------------------------------------------- https://threatpost.com/sandboxescaper-byebear-windows-bypass/145470/ ∗∗∗ Keep an Eye on Your WMI Logs, (Thu, Jun 6th) ∗∗∗ --------------------------------------------- WMI ("Windows Management Instrumentation")[1] is, like Microsoft says, "the infrastructure for management data and operations on Windows-based operating systems". Personally, I like to make a (very) rough comparison between WMI and SNMP: You can query information about a system (read) but also alter it (write). WMI is present on Windows systems since the version Windows 2000. As you can imagine, when a tool is available by default on all systems, [...] --------------------------------------------- https://isc.sans.edu/diary/rss/25012 ∗∗∗ The EU Cybersecurity Act: a new Era dawns on ENISA ∗∗∗ --------------------------------------------- Today, 7th June 2019, the EU Cybersecurity Act was published in the Official Journal of the European Union. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/the-eu-cybersecurity-act-a-new-… ∗∗∗ Bloodhound walkthrough. A Tool for Many Tradecrafts ∗∗∗ --------------------------------------------- A walkthrough on how to set up and use BloodHound BloodHound (https://github.com/BloodHoundAD/BloodHound) is an application used to visualize active directory environments. The front-end is built on electron and the back-end is a Neo4j database, the data leveraged is pulled from a series of data collectors also referred to as ingestors which come in PowerShell and [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/bloodhound-walkthrough-a-tool… ∗∗∗ New Mirai Variant Adds 8 New Exploits, Targets Additional IoT Devices ∗∗∗ --------------------------------------------- Palo Alto Networks Unit 42 has been tracking the evolution of the Mirai malware, known for targeting embedded devices with the primary intent of launching DDoS attacks and self-propagation, since 2016 when it took down several notable targets. As part of this ongoing research, we’ve recently discovered a new variant of Mirai that[...] --------------------------------------------- https://unit42.paloaltonetworks.com/new-mirai-variant-adds-8-new-exploits-t… ∗∗∗ A botnet is brute-forcing over 1.5 million RDP servers all over the world ∗∗∗ --------------------------------------------- Furthermore, statistics show that despite BlueKeep, most RDP attacks today are brute-force attempts. --------------------------------------------- https://www.zdnet.com/article/a-botnet-is-brute-forcing-over-1-5-million-rd… ===================== = Vulnerabilities = ===================== ∗∗∗ Optergy Proton Enterprise Building Management System ∗∗∗ --------------------------------------------- This advisory includes mitigations for information exposure, cross-site request forgery, unrestricted upload of file with dangerous type, open redirect, hidden functionality, exposed dangerous method or function, and use of hard-coded credentials vulnerabilities reported in Optergy’s Proton/Enterprise Building Management System. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-157-01 ∗∗∗ Panasonic Control FPWIN Pro ∗∗∗ --------------------------------------------- This advisory includes mitigations for heap-based buffer overflow and type confusion vulnerabilities reported in Panasonics Control FPWIN Pro PLC programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (evolution and qemu), Fedora (cyrus-imapd and hostapd), Gentoo (exim), openSUSE (exim), Red Hat (qpid-proton), SUSE (bind, libvirt, mariadb, mariadb-connector-c, python, and rubygem-rack), and Ubuntu (firefox, jinja2, and linux-lts-xenial, linux-aws). --------------------------------------------- https://lwn.net/Articles/790647/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM API Connect’s Developer Portal is impacted by vulnerabilities in PHP (CVE-2019-11035 CVE-2019-11034) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-deve… ∗∗∗ IBM Security Bulletin: Secure Gateway is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-secure-gateway-is-aff… ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is impacted by Cross Site Scripting vulnerability (CVE-2016-10531 CVE-2018-3721 CVE-2017-0268) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… ∗∗∗ Intel UEFI vulnerability CVE-2019-0119 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K85585101 ∗∗∗ Intel Xeon access control vulnerability CVE-2019-0126 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37428370 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.06.2019
by Daily end-of-shift report 06 Jun '19

06 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-06-2019 18:00 − Donnerstag 06-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ USB Killer: What it is and how to protect your devices ∗∗∗ --------------------------------------------- Introduction What’s more ubiquitous in the PC world than USB sticks? They’re easy to use, affordable and are used by millions of people on a daily basis. Everyone knows that USB sticks can house nasties, including malware, but did you know that this same little drive can completely destroy a system by simply inserting it? --------------------------------------------- https://resources.infosecinstitute.com/usb-killer-how-to-protect-your-devic… ∗∗∗ Telecoms taken by storm: Natural phenomena dominate the outage picture ∗∗∗ --------------------------------------------- A total of 157 telecom outages were reported by the 28 EU member states and 2 EFTA countries, as part of the EU-wide telecom security breach reporting for the year 2018. Today ENISA, the EU Agency for Cybersecurity, publishes the 8th annual report on telecom security incidents, analyzing root causes, impact, and trends. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/telecoms-taken-by-storm-natural… ∗∗∗ Will you be Europe’s best cybersecurity talent? ∗∗∗ --------------------------------------------- European countries have started or are preparing to kick off their national cybersecurity competitions. The winners of the national contests will represent their countries in the ultimate cybersecurity competition on the continent: the European Cyber Security Challenge (ECSC) 2019. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/will-you-be-europe-s-best-cyber… ∗∗∗ Emotet bei Heise – Lehren aus einem Trojaner-Angriff ∗∗∗ --------------------------------------------- Es gab einen schwerwiegenden Einbruch in das Heise-Netz. An der Beseitigung arbeiten aktuell die IT-Abteilungen der Heise Gruppe und weitere Spezialisten. --------------------------------------------- https://heise.de/-4437807 ∗∗∗ Vorsicht bei BAWAG PSK-Mails ∗∗∗ --------------------------------------------- Mit der Aufforderung Ihren "secTAN" zu aktivieren, versuchen Kriminelle derzeit an Ihre Bankzugangsdaten zu gelangen. In der vermeintlichen E-Mail der Bank werden Sie aufgefordert, einem Link zu folgen. Dieser Link führt jedoch zu einer gefälschten BAWAG PSK-Website! Wir raten dazu, derartige Mails in den Spam-Ordner zu verschieben. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-bawag-psk-mails/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Exim-Sicherheitslücke gefährlicher als gedacht ∗∗∗ --------------------------------------------- EineSicherheitslücke im Exim-Mailserver lässt sich auch übers Netz zur Codeausführung ausnutzen, der Angriff dauert aber in der Standardkonfiguration mehrere Tage. Lokal ist er trivial und emöglicht es Nutzern, Root-Rechte zu erlangen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-root-zugriff-fuer-angreifer-bei… ∗∗∗ Angreifer könnten Kommunikationssoftware von Cisco lahmlegen ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Cisco Unified Communications Manager, Webex Meetings Server & Co. --------------------------------------------- https://heise.de/-4440986 ∗∗∗ VMSA-2019-0009 ∗∗∗ --------------------------------------------- VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities. (CVE-2019-5522, CVE-2019-5525) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0009.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (binutils), Debian (exim4 and poppler), Fedora (deepin-api, kernel, kernel-headers, kernel-tools, and php), openSUSE (cronie), and Ubuntu (apparmor, exim4, mariadb-10.1, php5, and php7.0, php7.2). --------------------------------------------- https://lwn.net/Articles/790541/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM® Intelligent Operations Center does not correctly validate file types before uploading files (CVE-2019-4069) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-intelligent-opera… ∗∗∗ IBM Security Bulletin: IBM® Intelligent Operations Center has a weak user-creation policy (CVE-2019-4066) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-intelligent-opera… ∗∗∗ IBM Security Bulletin: IBM® Intelligent Operations Center is vulnerable to user enumeration (CVE-2019-4068) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-intelligent-opera… ∗∗∗ IBM Security Bulletin: User passwords might be obtained by a brute force attack on IBM® Intelligent Operations Center (CVE-2019-4067) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-user-passwords-might-… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in IBM® Intelligent Operations Center (CVE-2019-4070) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is impacted by multiple vulnerabilities in IBM Java SDK (CVE-2018-3139 CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.06.2019
by Daily end-of-shift report 05 Jun '19

05 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-06-2019 18:00 − Mittwoch 05-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ We Decide What You See: Remote Code Execution on a Major IPTV Platform ∗∗∗ --------------------------------------------- Check Point Research discerned there to be over 1000 providers of this service with quite likely very high numbers of worldwide customers. As this vulnerability has been patched, we can now reveal what was involved. --------------------------------------------- https://research.checkpoint.com/we-decide-what-you-see-remote-code-executio… ∗∗∗ Its alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign ∗∗∗ --------------------------------------------- Cisco Talos recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. We assess that the attackers carried out these operations between January and April 2019 in an effort to install malware on users machines via malicious documents. --------------------------------------------- https://blog.talosintelligence.com/2019/06/frankenstein-campaign.html ∗∗∗ Warnung vor den Geschäftspraktiken bei FutureNet ∗∗∗ --------------------------------------------- FutureNet der BCU Trading LLC aus Dubai verspricht User/innen leicht zu verdienendes Geld. Zum einen soll durch das Kaufen von ‚AdPacks‘ und Anklicken von Werbungen, zum anderen durch das Anwerben neuer Nutzer/innen Geld verdient werden können. Es häufen sich aber die Meldungen zu ausbleibenden Zahlungen und das polnische Amt für Wettbewerb und Verbraucherschutz (UOKIK) warnt wegen dem Verdacht auf ein Pyramidensystem vor dem Unternehmen. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-den-geschaeftspraktiken-… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: VIM-Modelines erlauben Codeausführung ∗∗∗ --------------------------------------------- Im Texteditor VIM wurde eine Sicherheitslücke gefunden, bei der ein speziell präpariertes Dokument Code ausführen kann. Die dafür genutzte Funktion der Modelines ist nur auf manchen Systemen aktiv. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-vim-modelines-erlauben-codeausf… ∗∗∗ phpmyadmin: PMASA-2019-4 ∗∗∗ --------------------------------------------- CSRF vulnerability in login form Affected Versions: All versions prior to phpMyAdmin 4.9.0 are affected, probably at least as old as version 4.0 (perhaps even earlier) CVE ID: CVE-2019-12616 --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2019-4/ ∗∗∗ phpmyadmin: PMASA-2019-3 ∗∗∗ --------------------------------------------- SQL injection in Designer feature Affected Versions: phpMyAdmin versions prior to 4.8.6 are affected. CVE ID: CVE-2019-11768 --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2019-3/ ∗∗∗ Django security releases issued: 2.2.2, 2.1.9 and 1.11.21 ∗∗∗ --------------------------------------------- * CVE-2019-12308: AdminURLFieldWidget XSS * Patched bundled jQuery for CVE-2019-11358: Prototype pollution --------------------------------------------- https://www.djangoproject.com/weblog/2019/jun/03/security-releases/ ∗∗∗ Wireless Presenter von Logitech und Inateck anfällig für Angriffe über Funk ∗∗∗ --------------------------------------------- Die Pentesting-Firma SySS hat bereits zum wiederholten Male Sicherheitslücken in Wireless-Presenter-Systemen gefunden, über die sich Systeme kapern lassen. --------------------------------------------- https://heise.de/-4439795 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python-django), openSUSE (curl and libtasn1), Oracle (kernel), Red Hat (etcd, kernel-alt, and rh-python36-python-jinja2), Scientific Linux (thunderbird), SUSE (libvirt), and Ubuntu (db5.3, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws-hwe, linux-hwe, linux-oracle, linux-hwe, and linux-raspi2, linux-snapdragon). --------------------------------------------- https://lwn.net/Articles/790411/ ∗∗∗ PHOENIX CONTACT PLCNext AXC F 2152 ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-155-01 ∗∗∗ PHOENIX CONTACT FL NAT SMx ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-155-02 ∗∗∗ Geutebrück G-Cam and G-Code ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-155-03 ∗∗∗ 2019-06-05: Multiple Vulnerabilities in ABB CP635 HMI ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&Language… ∗∗∗ 2019-06-05: Vulnerabilities in ABB PB610 ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&Language… ∗∗∗ 2019-06-05: Vulnerabilities in ABB CP651 HMI ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&Language… ∗∗∗ Security Advisory - XSS Vulnerability in Huawei HedEx products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190605-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server in IBM Cloud April 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server used in IBM WebSphere Application Server in IBM Cloud (CVE-2019-0211 CVE-2019-0220) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue reveals internal data in application error messages ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue does not prevent caching of sensitive pages ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue web application is vulnerable to clickjacking attack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue web server allows downgrading to non-secure HTTP ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: IBM Security Information Queue discloses internal data left over from the product development phases ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-informat… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ TECSON/GOK Improper Authentication and Access Control on multiple devices ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-012 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.06.2019
by Daily end-of-shift report 04 Jun '19

04 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Montag 03-06-2019 18:00 − Dienstag 04-06-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ VU#576688: Microsoft windows RDP Network Level Authenticaion can bypass the Windows lock screen ∗∗∗ --------------------------------------------- Microsoft Windows Remote Desktop supports a feature called Network Level Authentication(NLA),which moves the authentication aspect of a remote session from the RDP layer to the network-layer. The use of NLA is recommended to reduce the attack surface of systems exposed using the RDP protocol. --------------------------------------------- https://kb.cert.org/vuls/id/576688 ∗∗∗ VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles ∗∗∗ --------------------------------------------- The Lazarus Group, generally linked to the North Korean government, is one of the most notorious threat groups seen in recent years. At VB2018 ESET researchers Peter Kálnai and Michal Poslušný presented a paper looking at the groups various campaigns. Today, we publish their paper and the recording of their presentation. Read more --------------------------------------------- https://www.virusbulletin.com:443/blog/2019/06/vb2018-paper-lazarus-group-m… ∗∗∗ So schützen Sie sich vor Kleinanzeigen-Betrug ∗∗∗ --------------------------------------------- Kleinanzeigen-Plattformen erfreuen sich großer Beliebtheit. Sie bieten eine hervorragende Möglichkeit, alte Gegenstände zu verkaufen, die nicht mehr gebraucht werden, oder wahre Schnäppchen aus zweiter Hand zu ergattern. Doch Vorsicht: Sowohl hinter angeblichen Interessent/innen als auch Verkäufer/innen verstecken sich oft Kriminelle, die es nur auf das Geld oder die Ware ihrer Opfer abgesehen haben. --------------------------------------------- https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-kleinanzei… ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - June 2019 ∗∗∗ --------------------------------------------- The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-06-01.html ∗∗∗ Potentielles Sicherheitsproblem in Mailserver-Software Exim - Patches ab 11. 6. verfügbar ∗∗∗ --------------------------------------------- Das Exim-Projekt hat am 4. 6. 2019 Vorab-Informationen zu einer schwerwiegenden Sicherheitslücke veröffentlicht. Entsprechende Patches sind bereits für Linux-Distributionen etc. verfügbar, und so können von diesen - zeitgleich mit Veröffentlichung des Patches - ab 11. 6. fehlerbereinigte Pakete ausgerollt werden. --------------------------------------------- http://www.cert.at/warnings/all/20190604.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (python-django and python2-django), Debian (heimdal), Fedora (kernel, kernel-headers, kernel-tools, and sqlite), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork and GraphicsMagick), Oracle (thunderbird), Red Hat (systemd and thunderbird), SUSE (bind and firefox), and Ubuntu (qtbase-opensource-src). --------------------------------------------- https://lwn.net/Articles/790266/ ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Analyzer and Information Governance Catalog is affected by an Information Disclosure vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js denial of service vulnerability (CVE-2019-5737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: Jazz for Service Management (JazzSM) could allow a remote attacker to conduct phishing attacks, using an open redirect attack (CVE-2019-4201) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-jazz-for-service-mana… ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere eXtreme Scale ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Malicious File Upload attack (CVE-2019-4056) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Back and Refresh Attack (CVE-2019-4048) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Reverse Tabnabbing (CVE-2018-2028) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.06.2019
by Daily end-of-shift report 03 Jun '19

03 Jun '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 31-05-2019 18:00 − Montag 03-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Vorsicht: Offizielle Windows-10-Apps zeigen schädliche Werbung an ∗∗∗ --------------------------------------------- Der Konzern warnt Windows-Nutzer: Microsoft-Anwendungen leiten ihre Nutzer auf betrügerische Websites um. --------------------------------------------- https://futurezone.at/digital-life/vorsicht-offizielle-windows-10-apps-zeig… ∗∗∗ Legacy app whitelist can be abused to bypass latest macOS security features, expert warns ∗∗∗ --------------------------------------------- Three words to ruin an Apple engineers day: Patrick Wardle disclosure Malware can bypass protections in macOS Mojave, and potentially access user data as well as the webcam and mic – by exploiting a hole in Apples legacy app support. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/06/03/macos_secur… ∗∗∗ GandCrab ransomware operation says its shutting down ∗∗∗ --------------------------------------------- GandCrab crew says it made enough money and plans to retire within a month. --------------------------------------------- https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutti… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#877837: Multiple vulnerabilities in Quest (Dell) Kace K1000 Appliance ∗∗∗ --------------------------------------------- CVE-2018-5404:The Dell Kace K1000 Appliance allows an authenticated,remote attacker with least privileges(User Console Only role)to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. (CWE-89) CVE-2018-5405:The Dell Kace K1000 Appliance allows an authenticated least privileged user with‘User Console Only’rights to potentially inject arbitrary JavaScript code on the tickets page. --------------------------------------------- https://kb.cert.org/vuls/id/877837 ∗∗∗ Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Border Gateway Protocol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Sicherheitsupdate: Nvidia Geforce Experience angreifbar ∗∗∗ --------------------------------------------- Ein lokaler Angreifer könnte über Schwachstellen in Nvidia Geforce Experience Schadcode auf Computer schieben. --------------------------------------------- https://heise.de/-4437588 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, and live-media), Debian (doxygen and php5), Fedora (cryptopp, drupal7-context, drupal7-ds, drupal7-module_filter, drupal7-path_breadcrumbs, drupal7-uuid, drupal7-views, drupal7-xmlsitemap, and sleuthkit), openSUSE (axis, chromium, containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, curl, doxygen, GraphicsMagick, [...] --------------------------------------------- https://lwn.net/Articles/790174/ ∗∗∗ Vuln: Apache Hadoop CVE-2018-8029 Remote Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/108518 ∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to denial of service (CVE-2019-0199) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a information disclosure (CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-as-used-in-ib… ∗∗∗ ASP.NET x-up-devcap-post-charset header security exposure ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54150332 ∗∗∗ HPESBMU03923 rev.1 - HPE Smart Update Manager (SUM), Local Unauthorized Elevation of Privilege ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBMU03922 rev.1 - HPE Smart Update Manager (SUM), Remote Unauthorized Access ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily