Daily

daily@lists.cert.at

1 participants
3199 discussions

Tageszusammenfassung - 02.04.2019
by Daily end-of-shift report 02 Apr '19

02 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Montag 01-04-2019 18:00 − Dienstag 02-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ MXSS: Cross-Site-Scripting in der Google-Suche ∗∗∗ --------------------------------------------- Aufgrund subtiler Unterschiede beim Parsen von HTML-Code gelang es einem Sicherheitsforscher, gängige Filtermechanismen zu umgehen. Betroffen waren zwei Javascript-Bibliotheken und die Google-Suche. --------------------------------------------- https://www.golem.de/news/mxss-cross-site-scripting-in-der-google-suche-190… ∗∗∗ Splitting atoms in XNU ∗∗∗ --------------------------------------------- TL;DR A locking bug in the XNU virtual memory subsystem allowed violation of the preconditions required for the correctness of an optimized virtual memory operation. This was abused to create shared memory where it wasnt expected, allowing the creation of a time-of-check-time-of-use bug where one wouldnt usually exist. This was exploited to cause a heap overflow in XPC, which was used to trigger the execution of a jump-oriented payload which chained [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2019/04/splitting-atoms-in-xnu.html ∗∗∗ Information on open source vulnerabilities is as distributed as the community ∗∗∗ --------------------------------------------- [...] a sizable number of the open source vulnerabilities that we see out there are actually being posted and discussed on a wide range of different security advisories and issue trackers. This means that even for relatively popular projects, these red flags may fly beneath the radar. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/information-on-open-so… ∗∗∗ Studie: Angreifer lieben PowerShell ∗∗∗ --------------------------------------------- Microsofts Skript-Sprache ist die am meisten genutzte Angriffstechnik, warnt die Sicherheitsfirma Red Canary. Bei vielen Firmen besteht da noch Nachholbedarf. --------------------------------------------- http://heise.de/-4357396 ∗∗∗ Malware Actors Using New File Hosting Service to Launch Attacks ∗∗∗ --------------------------------------------- Bad actors are leveraging a new file hosting service in order to launch attack campaigns involving FormBook and other malware. Near the end of March, researchers at Deep Instinct observed a new FormBook attack. The infection chain for this campaign began with a phishing email that contains a malicious attachment. --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/cyber-s… ∗∗∗ Gefälschte card complete Nachricht zu Kreditkartensperre ∗∗∗ --------------------------------------------- Kriminelle versenden eine erfundene Nachricht im card complete Design. Darin informieren Sie die Empfänger/innen über eine angebliche Sperre des Kreditkartenkontos, die durch Aktualisierung der Daten über einen Link in der E-Mail aufgehoben werden kann. Die Anweisungen dürfen nicht befolgt werden! Andernfalls wird Schadsoftware auf dem Smartphone installiert und die Kreditkartendaten landen bei Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-card-complete-nachricht-… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Nutzer des Apache-Webservers können Root-Rechte erlangen ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im Apache-Webserver erlaubt es Nutzern, mit Hilfe von CGI- oder PHP-Skripten Root-Rechte zu erlangen. Ein Update steht bereit. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-nutzer-des-apache-webservers-ko… ∗∗∗ Security Patch: Google beseitigt im April Qualcomm-Sicherheitslücken ∗∗∗ --------------------------------------------- In einer Vorankündigung verweist Google auf ein neues Security Patch Level. Das April-Update schließt viele Lücken und sollte für einige, aber nicht alle aktuellen Android-Geräte erscheinen. Es gibt auch viele Sicherheitslücken, die Qualcomm-basierte Smartphones betreffen. --------------------------------------------- https://www.golem.de/news/security-patch-google-beseitigt-im-april-qualcomm… ∗∗∗ Zero-Day-Lücken in Edge und Internet Explorer – Patches stehen noch aus ∗∗∗ --------------------------------------------- Ein Forscher hat Angriffspunkte für Universal-Cross-Site-Scripting-Attacken in Microsofts Browsern gefunden. Der Konzern scheint desinteressiert. --------------------------------------------- http://heise.de/-4357840 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, libssh2, and thunderbird), Debian (firmware-nonfree, kernel, and libssh2), Fedora (drupal7, flatpak, and mod_auth_mellon), Gentoo (burp, cairo, glusterfs, libical, poppler, subversion, thunderbird, and unbound), openSUSE (yast2-rmt), Red Hat (freerdp), and SUSE (bash, ed, libarchive, ntp, and sqlite3). --------------------------------------------- https://lwn.net/Articles/784665/ ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow which could allow a local malicious user to execute arbitrary code (CVE-2019-4014). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-is-vulnerable… ∗∗∗ IBM Security Bulletin: API Connect is impacted by multiple nodeJS vulnerabilities (CVE-2018-12122 CVE-2018-12121 CVE-2018-12123 CVE-2018-12116) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-impact… ∗∗∗ IBM Security Bulletin: IBM API Connect is impacted by multiple open source software vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-im… ∗∗∗ IBM Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow which could allow a local malicious user to execute arbitrary code (CVE-2018-1936). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-is-vulnerable… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-master… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for cross-site scripting attack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ra… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.04.2019
by Daily end-of-shift report 01 Apr '19

01 Apr '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 29-03-2019 18:00 − Montag 01-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Mira Ransomware Decryptor ∗∗∗ --------------------------------------------- We investigated some recent Ransomware called Mira (Trojan:W32/Ransomware.AN) in order to check if it's feasible to decrypt the encrypted files. Most often, decryption can be very challenging because of missing keys that are needed for decryption. However, in the case of Mira ransomware, it appends all information required to decrypt an encrypted file into the [...] --------------------------------------------- https://labsblog.f-secure.com/2019/04/01/mira-ransomware-decryptor/ ∗∗∗ Zero-Day-Lücke in Smart-Home-Router SR20 von TP-Link ∗∗∗ --------------------------------------------- Unter gewissen Umständen könnte ein Angreifer Schadcode mit Root-Rechten auf dem TP-Link-Router SR20 ausführen. --------------------------------------------- http://heise.de/-4356942 ∗∗∗ Sicherheitsupdates: Nagios XI für vielfältige Angriffe anfällig ∗∗∗ --------------------------------------------- Die Serverüberwachungssoftware Nagios IX ist über mehrere Sicherheitslücken attackierbar. Abgesicherte Ausgaben sind verfügbar. --------------------------------------------- http://heise.de/-4357207 ∗∗∗ Peculiar PHP Present In Popular Pipdig Power Pack (P3) Plugin ∗∗∗ --------------------------------------------- This week, our team was notified of suspicious code present in a plugin offered alongside themes sold by Pipdig, a UK-based web development team. The user, who wishes to remain anonymous, reached out to us with concerns that the plugin's developer can grant themselves administrative access to sites using the plugin, or even delete affected [...] --------------------------------------------- https://www.wordfence.com/blog/2019/03/peculiar-php-present-in-popular-pipd… ∗∗∗ Hilfreiche Infos zu Finanzbetrug der Finanzmarktaufsicht ∗∗∗ --------------------------------------------- Bei Investments, die hohe Gewinne versprechen, ist Vorsicht geboten. Insbesondere im Bereich Bitcoins und Kryptowährungen kursieren zahlreiche betrügerische Angebote im Netz, bei denen Inverstor/innen ihr eingesetztes Geld verlieren. Die Finanzmarktaufsicht Österreich stellt mit ihrem Finanz ABC nun Hilfreiches rund um Finanzen, Geldanlagen sowie dem Erkennen von Finanzbetrug zur Verfügung. --------------------------------------------- https://www.watchlist-internet.at/news/hilfreiche-infos-zu-finanzbetrug-der… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2019-9193: Authenticated Arbitrary Command Execution on PostgreSQL 9.3 > Latest ∗∗∗ --------------------------------------------- PostgreSQL, commonly known as Postgres is one of the largest and most popular database systems in the world. It is the primary database of Mac OSX but also has Linux and Windows versions available. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2019-91… ∗∗∗ Pydio 8 Multiple Vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities were found in Pydio 8 (latest version 8.2.2), which allows an attacker with regular user access to the application and by tricking an administrator account to open a shared URL bookmark through the application, to obtain the victims session identifiers in order to impersonate him/her and to perform actions such as create a new user administrator account. --------------------------------------------- https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, drupal7, gpsd, libav, libdatetime-timezone-perl, php5, rails, thunderbird, twig, tzdata, and wordpress), Fedora (edk2, flatpak, fuse, ghostscript, gnutls, golang-googlecode-go-crypto, grub2, mxml, poppler, and systemd), Mageia (file, kernel, live, mplayer, vlc, openjpeg2, pdns, and poppler), openSUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, runc, kernel, ovmf, and ucode-intel), SUSE (adcli, sssd, GraphicsMagick, [...] --------------------------------------------- https://lwn.net/Articles/784563/ ∗∗∗ Vuln: Redhat Atomic OpenShift CVE-2019-3884 Spoofing Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107649 ∗∗∗ Apple Mac OS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0243%20UPDATE%201 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2019-1559 in OpenSSL affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-201… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Go vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Watson Compare and Comply on IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is affected by an Information Disclosure vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is affected by an Improper Authentication vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2014-7810, CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: XML External Entity Injection Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4043) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-xml-external-entity-i… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.03.2019
by Daily end-of-shift report 29 Mar '19

29 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-03-2019 18:00 − Freitag 29-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Schwere Sicherheitslücke in SSL/TLS-Bibliothek axTLS ∗∗∗ --------------------------------------------- Webserver, die die Transportverschlüsselung über axTLS realisieren, sind für Angriffe empfänglich. --------------------------------------------- http://heise.de/-4355704 ∗∗∗ World Backup Day: Is your data in safe hands? ∗∗∗ --------------------------------------------- World Backup Day is a reminder that organizations and individuals need to make data backup and protection a priority --------------------------------------------- https://www.welivesecurity.com/2019/03/29/world-backup-day-data-safe-hands/ ∗∗∗ TLS CBC Padding Oracles in 2019 ∗∗∗ --------------------------------------------- Since August, I've spent countless hours studying CBC padding oracle attacks toward the development of a new scan tool called padcheck. Using this tool, I was able to identify thousands of popular domains which could be targeted by an active network adversary (i.e. MiTM) to hijack authenticated HTTPS sessions. The underlying vulnerabilities break down into [...] --------------------------------------------- https://www.tripwire.com/state-of-security/vert/tls-cbc-padding-oracles/ ∗∗∗ Researchers discover and abuse new undocumented feature in Intel chipsets ∗∗∗ --------------------------------------------- Researchers find new Intel VISA (Visualization of Internal Signals Architecture) debugging technology. --------------------------------------------- https://www.zdnet.com/article/researchers-discover-and-abuse-new-undocument… ∗∗∗ Researchers publish list of MAC addresses targeted in ASUS hack ∗∗∗ --------------------------------------------- Most of the targeted MAC addresses are used by ASUStek, Intel, and AzureWave devices. --------------------------------------------- https://www.zdnet.com/article/researchers-publish-list-of-mac-addresses-tar… ===================== = Vulnerabilities = ===================== ∗∗∗ Rockwell Automation PowerFlex 525 AC Drives ∗∗∗ --------------------------------------------- This advisory includes mitigations for a resource exhaustion vulnerability reported in Rockwell Automations PowerFlex 525 AC drive. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-087-01 ∗∗∗ Magento 2.3.1, 2.2.8 and 2.1.17 Security Update ∗∗∗ --------------------------------------------- Magento Commerce and Open Source 2.3.1, 2.2.8 and 2.1.17 contain multiple security enhancements that help close Remote Code Execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities. --------------------------------------------- https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-securit… ∗∗∗ VMSA-2019-0004 ∗∗∗ --------------------------------------------- VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0004.html ∗∗∗ VMSA-2019-0005 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation and Fusion updates address multiple security issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0005.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dovecot and imagemagick), Debian (dovecot, libraw, pdns, and ruby2.1), Fedora (mingw-podofo, openwsman, podofo, qemu, and svgsalamander), openSUSE (chromium, ffmpeg-4, firefox, libssh2_org, nodejs4, and qemu), Red Hat (libssh2), Scientific Linux (libssh2 and thunderbird), SUSE (kernel, liblouis, ntp, openssl-1_1, and tiff), and Ubuntu (firefox, freeimage, libapache2-mod-auth-mellon, and thunderbird). --------------------------------------------- https://lwn.net/Articles/784370/ ∗∗∗ Vuln: Apache HBase CVE-2019-0212 Authorization Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107624 ∗∗∗ Vuln: Apache ActiveMQ CVE-2019-0222 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107622 ∗∗∗ GnuTLS: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0253 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by vulnerabilities in the shipped Node runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2019-0190; CVE-2018-17189; CVE-2018-17199) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-build-forge-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Alpine vulnerability CVE-2018-1000849 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by gettext vulnerability CVE-2018-18751 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.03.2019
by Daily end-of-shift report 28 Mar '19

28 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-03-2019 18:00 − Donnerstag 28-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Analysis of LockerGoga Ransomware ∗∗∗ --------------------------------------------- We recently observed a new ransomware variant (which our products detect as Trojan.TR/LockerGoga.qnfzd) circulating in the wild. In this post, we’ll provide some technical details of the new variant’s functionalities, as well as some Indicators of Compromise (IOCs). Overview Compared to other ransomware variants that use Window’s CRT library functions, this new variant relies heavily […] --------------------------------------------- https://labsblog.f-secure.com/2019/03/27/analysis-of-lockergoga-ransomware/ ∗∗∗ [SANS ISC] Running your Own Passive DNS Service ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: “Running your Own Passive DNS Service“: Passive DNS is not new but remains a very interesting component to have in your hunting arsenal. As defined by CIRCL, a passive DNS is “a database storing historical DNS records from various resources. --------------------------------------------- https://blog.rootshell.be/2019/03/28/sans-isc-running-your-own-passive-dns-… ∗∗∗ Unseriöse Installateur- und Elektrodienste erkennen ∗∗∗ --------------------------------------------- Bei Problemen mit verstopften Abflüssen, kaputten Heizungen oder anfälligen Wartungen wenden Sie sich besser nicht an sanitaerhilfe.at oder installateur-top1.at. Es handelt sich um unseriöse Unternehmen, die sich weder an ihre Versprechungen halten noch Schäden beheben. Obendrein wird ein überteuerter Betrag kassiert. --------------------------------------------- https://www.watchlist-internet.at/news/unserioese-installateur-und-elektrod… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Botches Fix for RV320, RV325 Routers, Just Blocks curl User Agent ∗∗∗ --------------------------------------------- Ciscos RV320 and RV325 router models for small offices and small businesses remain vulnerable to two high-severity flaws two months after the vendor announced the availability of patches. The fixes failed their purpose and attackers can still chain the bugs to take control of the devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisco-botches-fix-for-rv320-… ∗∗∗ Multiple "0day" Verwundbarkeiten in HPE Intelligent Management Center ∗∗∗ --------------------------------------------- Die Zero Day Iniative (ZDI) hat heute über mehrere ungepatchte Verwundbarkeiten in HPE Intelligent Management Center berichtet. Es wird empfohlen, Kommunikation mit HPE Intelligent Management Center entsprechend nur von vertrauenswürdigen Geräten aus zu ermöglichen. --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-19-294/ https://www.zerodayinitiative.com/advisories/ZDI-19-295/ https://www.zerodayinitiative.com/advisories/ZDI-19-296/ https://www.zerodayinitiative.com/advisories/ZDI-19-297/ https://www.zerodayinitiative.com/advisories/ZDI-19-298/ https://www.zerodayinitiative.com/advisories/ZDI-19-299/ https://www.zerodayinitiative.com/advisories/ZDI-19-300/ https://www.zerodayinitiative.com/advisories/ZDI-19-301/ https://www.zerodayinitiative.com/advisories/ZDI-19-302/ https://www.zerodayinitiative.com/advisories/ZDI-19-303/ ∗∗∗ Apple watchOS 5.2 ∗∗∗ --------------------------------------------- This document describes the security content of watchOS 5.2. --------------------------------------------- https://support.apple.com/kb/HT209602 ∗∗∗ Sicherheitsupdates: Kritische Lücken in Onlineshop-Software Magento ∗∗∗ --------------------------------------------- Viele Magento-Versionen weisen Schlupflöcher für Schadcode auf und gefährden so Onlineshops. Abgesicherte Ausgaben schließen die Schwachstellen. --------------------------------------------- http://heise.de/-4354925 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel and wpa), Fedora (firefox and pdns), Gentoo (apache, cabextract, chromium, gd, nasm, sdl2-image, and zeromq), openSUSE (GraphicsMagick and lftp), Red Hat (thunderbird), Scientific Linux (firefox), Slackware (gnutls), and SUSE (ImageMagick). --------------------------------------------- https://lwn.net/Articles/784251/ ∗∗∗ ZDI-19-293: Advantech WebAccess Node tv_enua Improper Access Control Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-293/ ∗∗∗ ZDI-19-292: Advantech WebAccess Node spchapi Improper Access Control Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-292/ ∗∗∗ IBM Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench affected by Spring vulnerability (CVE-2018-15756) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-test-control… ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2018-19591) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventi… ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventi… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventi… ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventi… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.03.2019
by Daily end-of-shift report 27 Mar '19

27 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 26-03-2019 18:00 − Mittwoch 27-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ UC Browser for Android, Desktop Exposes 500+ Million Users to MiTM Attacks ∗∗∗ --------------------------------------------- The extremely popular UC Browser and UC Browser Mini Android applications with a total of over 600 million installs expose their users to MiTM attacks by downloading and installing extra modules from their own servers using unprotected channels and bypassing Google Plays servers altogether. --------------------------------------------- https://www.bleepingcomputer.com/news/security/uc-browser-for-android-deskt… ∗∗∗ Abuse of hidden "well-known" directory in HTTPS sites ∗∗∗ --------------------------------------------- WordPress and Joomla are among the most popular Content Management Systems (CMSs). They have also become popular for malicious actors, as cybercriminals target sites on these platforms for hacking and injecting malicious content. During the past few weeks, ThreatLabZ researchers have detected several WordPress and Joomla sites that were serving Shade/Troldesh ransomware, backdoors, redirectors, and a variety of phishing pages. --------------------------------------------- https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-ht… ∗∗∗ Sicherheitsforscher entdecken 36 neue Sicherheitslücken im LTE-Standard ∗∗∗ --------------------------------------------- Aufgrund von Lücken sollen Angreifer in der Lage sein, Verbindungen im LTE-Netz zu stören oder sogar zu manipulieren. Das geht aber mit viel Aufwand einher. --------------------------------------------- http://heise.de/-4352711 ∗∗∗ What Is Access Control? A Key Component Of Data Security ∗∗∗ --------------------------------------------- Who should be able to access a company's data? Under what circumstances do organisations deny access to a user with access privileges? To adequately protect data, an organisation's access control [...] --------------------------------------------- https://blog.schneider-electric.com/building-management/2019/03/27/what-is-… ∗∗∗ Rechnungen betrügerischer Streaming-Websites nicht bezahlen! ∗∗∗ --------------------------------------------- Die Welle betrügerischer Streaming-Plattformen mit Namen wie nolistream.de, someflix.de, daftstream.de oder savaflix.de reißt nicht ab. Die Websites verfolgen nur ein Ziel: Internetuser/innen zu unberechtigten Zahlungen zu drängen. Durch gefälschte Rechnungen, Mahnungen und Inkassoschreiben sollen Betroffene eingeschüchtert werden. Die geforderten 358,80, 359,88 oder 479,16 Euro dürfen nicht bezahlt werden! --------------------------------------------- https://www.watchlist-internet.at/news/rechnungen-betruegerischer-streaming… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SCALANCE X ∗∗∗ --------------------------------------------- This advisory includes mitigations for an expected behavior violation vulnerability reported in the Siemens SCALANCE X products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-085-01 ∗∗∗ ENTTEC Lighting Controllers ∗∗∗ --------------------------------------------- This advisory includes mitigations for a missing authentication for critical function vulnerability reported in ENTTEC’s lighting controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-085-03-0 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openjdk-7), Fedora (cfitsio, firefox, librsvg2, and pdns), openSUSE (firefox), Red Hat (firefox), Scientific Linux (firefox), SUSE (gd, grub2, ImageMagick, kernel, libcaca, libmspack, ntp, ovmf, w3m, and wavpack), and Ubuntu (php7.0, php7.2, qemu, and xmltooling). --------------------------------------------- https://lwn.net/Articles/784114/ ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-71135 https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml ∗∗∗ XML vulnerability CVE-2017-9233 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K03244804 ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei AP Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190327-… ∗∗∗ IBM Security Bulletin: Potential denial of service in WebSphere Application Server Admin Console (CVE-2019-4080) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in xorg-x11-libX11 (CVE-2018-14598 CVE-2018-14599 CVE-2018-14600) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in GNU C Library (CVE-2015-5180 CVE-2017-15670 CVE-2017-15804) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in cURL (CVE-2018-14618 CVE-2018-16840 CVE-2018-16842) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY IBM WebSphere Application Server Deserialization ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2018-17082 CVE-2018-14883 CVE-2018-14851 CVE-2017-9118) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY CSRF and OOB-XXE Vulnerabilities in WebSphere Web Application Server’s Integrated Solutions Console 9.0.0.8, 8.5.5.13, and 8.5.5.9 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2017-6464, CVE-2017-6463, CVE-2017-6462, CVE-2015-3331, CVE-2014-2523) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Manager Virtual Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.03.2019
by Daily end-of-shift report 26 Mar '19

26 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Montag 25-03-2019 18:00 − Dienstag 26-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitslücken: Abus Alarmanlage kann per Funk ausgeschaltet werden ∗∗∗ --------------------------------------------- Gleich drei Sicherheitslücken erlauben verschiedene Angriffe auf die Funkalarmanlage Secvest von Abus. Ein Sicherheitsupdate gibt es nicht. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-abus-alarmanlage-kann-per-funk… ∗∗∗ Coding Error Could Enable Users to Halt LockerGoga Ransomware ∗∗∗ --------------------------------------------- Users could potentially use a coding error in some variants of LockerGoga to halt the ransomware's encryption routine in its tracks. In its analysis of LockerGoga, Alert Logic Threat Research found that the ransomware performs an initial reconnaissance scan through which it collects file lists once it's infected a machine. The malware may come in [...] --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/coding-… ∗∗∗ Business banking fraud. Keep your eggs in TWO baskets. Here’s why… ∗∗∗ --------------------------------------------- This post has a cautionary tale all about spreading your business banking fraud risk. So, does your business have two bank accounts, with different banks? No? Then you would be well advised to do so, or risk being left unable to trade. WHY? --------------------------------------------- https://www.pentestpartners.com/security-blog/business-banking-fraud-keep-y… ∗∗∗ Amazon Phishing-Mails mit betrügerischem Inhalt ∗∗∗ --------------------------------------------- Unzählige Internetnutzer/innen finden momentan gefälschte Amazon-Mails im Posteingang. Sie werden darin informiert, dass das Amazon-Konto vorläufig deaktiviert wurde. Um es wieder freizuschalten, sollen die Empfänger/innen ihre Daten über den angegeben Link verifizieren. Der Aufforderung darf nicht gefolgt werden! Die eingegebenen Daten gelangen in die Hände Krimineller und das Amazon-Konto wurde nie gesperrt. --------------------------------------------- https://www.watchlist-internet.at/news/amazon-phishing-mails-mit-betruegeri… ===================== = Vulnerabilities = ===================== ∗∗∗ Betriebssysteme und iTunes: Apple schließt viele Sicherheitslücken ∗∗∗ --------------------------------------------- Mit der Veröffentlichung von iOS 12.2, Mojave 10.14.4 sowie der neuen iTunes-Version für Windows schließt Apple zahlreiche Sicherheitslücken. Einige davon sind kritisch, da sie Angriffe mit Kernelprivilegien oder hohen Rechten ermöglichen. --------------------------------------------- https://www.golem.de/news/betriebssysteme-und-itunes-apple-schliesst-viele-… ∗∗∗ ASUS Releases Security Update for Live Update Software ∗∗∗ --------------------------------------------- ASUS has released Live Update version 3.6.8. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. These vulnerabilities were detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ASUS article for more information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/03/26/ASUS-Releases-Secu… ∗∗∗ rt-sa-2019-007 ∗∗∗ --------------------------------------------- Code Execution via Insecure Shell Function getopt_simple --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2019-007.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript), Debian (libssh2 and wireshark), openSUSE (aubio, blueman, and kauth), Red Hat (kernel-rt and openwsman), Scientific Linux (openwsman), Slackware (mozilla), and SUSE (ovmf and ucode-intel). --------------------------------------------- https://lwn.net/Articles/784031/ ∗∗∗ Synology-SA-19:13 Drupal ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Drupal. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_13 ∗∗∗ IBM Security Bulletin: Incorrect permissions on restored files and directories using IBM Spectrum Protect Backup-Archive Client web user interface on Windows (CVE-2019-4093) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-incorrect-permissions… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by OpenSSL vulnerabilities (CVE-2018-0732 and CVE-2018-0739) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2018-14647 in Python affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-201… ∗∗∗ IBM Security Bulletin: Apache Axis as used in IBM QRadar SIEM is vulnerable to a possible man in the middle attack. (CVE-2012-5784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-axis-as-used-i… ∗∗∗ Binutils vulnerabilities CVE-2018-20002 and CVE-2018-20657 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62602089 ∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0240 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0244 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.03.2019
by Daily end-of-shift report 25 Mar '19

25 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-03-2019 18:00 − Montag 25-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers ∗∗∗ --------------------------------------------- The Taiwan-based tech giant ASUS is believed to have pushed the malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the companys server and used it to push the malware to machines. --------------------------------------------- https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-sof… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, libssh2, and powerdns), Debian (bash, firefox-esr, libapache2-mod-auth-mellon, ntfs-3g, openssh, passenger, rsync, and wireshark), Fedora (filezilla, libarchive, libssh2, mxml, php-twig, php-twig2, qemu, and tcpreplay), Slackware (mozilla), SUSE (ghostscript, kernel, libgxps, libjpeg-turbo, libqt5-qtimageformats, libqt5-qtsvg, openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas, [...] --------------------------------------------- https://lwn.net/Articles/783953/ ∗∗∗ PHOENIX CONTACT command injection on RAD-80211-XD(/HP-BUS) ∗∗∗ --------------------------------------------- A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-007 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A security vulnerability in IBM Java Runtime affects IBM Rational ClearQuest (CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ GNU C Library vulnerability CVE-2009-5155 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K64119434 ∗∗∗ xpdf: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0236 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.03.2019
by Daily end-of-shift report 22 Mar '19

22 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-03-2019 18:00 − Freitag 22-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Analysis of SeroMiner Trojan, combine multiple anti-analytic techniques ∗∗∗ --------------------------------------------- Foreword Recently, 360 security brain intercepted a mining Trojan 'SeroMiner'. The Trojan behavior is too concealed to be discovered its mining behavior from the security [...] --------------------------------------------- https://blog.360totalsecurity.com/en/analysis-of-serominer-trojan-combine-m… ∗∗∗ SigSpoof 4: Bypassing signature verification in Yarn package manager (CVE-2018-12556) ∗∗∗ --------------------------------------------- This attack on GnuPG signature verification is specific to yarn, thepackage manager. It can give a powerful attacker the ability toreplace the Yarn installation with arbitrary code. There areadditional protections in place, so if you are using Yarn, youprobably do not need to worry too much about it. --------------------------------------------- https://neopg.io/blog/yarn-signature-bypass/ ∗∗∗ Over 100,000 GitHub repos have leaked API or cryptographic keys ∗∗∗ --------------------------------------------- Thousands of new API or cryptographic keys leak via GitHub projects every day. --------------------------------------------- https://www.zdnet.com/article/over-100000-github-repos-have-leaked-api-or-c… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (cron and ntfs-3g), Fedora (firefox, ghostscript, libzip, python2-django1.11, PyYAML, tcpflow, and xen), Mageia (ansible, firefox, and ImageMagick/GraphicsMagick), Red Hat (ghostscript), Scientific Linux (firefox and ghostscript), SUSE (libxml2, unzip, and wireshark), and Ubuntu (firefox, ghostscript, libsolv, ntfs-3g, p7zip, and snapd). --------------------------------------------- https://lwn.net/Articles/783757/ ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Potential denial of service in Liberty for Java for IBM Cloud (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ ICMP PMTU messages are forwarded to the server side when the TCP proxy-mss setting is enabled in the associated profile ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52510343 ∗∗∗ The BIG-IP SMTPS virtual server may fail to properly restrict I/O buffering, allowing attackers to insert commands into encrypted SMTP sessions ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23284054 ∗∗∗ BIG-IP SNMPD vulnerability CVE-2019-6608 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K12139752 ∗∗∗ REST Framework vulnerability CVE-2019-6602 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11818407 ∗∗∗ BIG-IP snmpd vulnerability CVE-2019-6606 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35209601 ∗∗∗ TMM vulnerability CVE-2019-6603 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K14632915 ∗∗∗ When authentication is set to require, the Client SSL or Server SSL profile does not report an error when it has an associated invalid CRL ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15732489 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.03.2019
by Daily end-of-shift report 21 Mar '19

21 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-03-2019 18:00 − Donnerstag 21-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mac-Focused Malvertising Campaign Abuses Google Firebase DBs ∗∗∗ --------------------------------------------- Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan. --------------------------------------------- https://threatpost.com/mac-focused-malvertising-campaign-abuses-google-fire… ∗∗∗ Kritische Lücken im Git-Client Sourcetree gefährden Computer ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Sourcetree von Atlassian. MacOS- und Windows-Nutzer sollten die abgesicherten Ausgaben zügig installieren. --------------------------------------------- http://heise.de/-4341489 ∗∗∗ D-Link wappnet ältere NAS-Systeme gegen Erpressungstrojaner Cr1ptTor ∗∗∗ --------------------------------------------- D-Link hat Sicherheitsupdates für NAS-Systeme angekündigt. Bis zur Veröffentlichung sollten sie nicht online sein. Für einige Geräte gibt es schon Patches. --------------------------------------------- http://heise.de/-4341586 ∗∗∗ Ransomware or Wiper? LockerGoga Straddles the Line ∗∗∗ --------------------------------------------- Executive SummaryRansomware attacks have been in the news with increased frequency over the past few years. This type of malware can be extremely disruptive and even cause operational impacts in critical systems that may be infected. LockerGoga is yet another example of this sort of malware. It is a ransomware variant that, while lacking in sophistication, can still cause extensive damage when leveraged against organizations or individuals. --------------------------------------------- https://blog.talosintelligence.com/2019/03/lockergoga.html ∗∗∗ Many Vulnerabilities Found in Oracles Java Card Technology ∗∗∗ --------------------------------------------- Poland-based cybersecurity research firm Security Explorations claims to have identified nearly 20 vulnerabilities in Oracle’s Java Card, including flaws that could be exploited to compromise the security of chips using this technology. --------------------------------------------- https://www.securityweek.com/many-vulnerabilities-found-oracles-java-card-t… ∗∗∗ Remote command injection through an endpoint security product ∗∗∗ --------------------------------------------- TL;DR? We discovered command injection in a popular endpoint security product, Heimdal Thor. By using the product, customers PCs were exposed to compromise. Irony++ Heimdal fixed the issue quickly and responded well, but it appears that the vulnerability had been present in ~650,000 PCs for around one year! Heimdal blogged about it today, but er... [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/remote-command-injection-thro… ∗∗∗ Gefälschte Apple-Rechnungen im Umlauf ∗∗∗ --------------------------------------------- Internetnutzer/innen finden vermehrt gefälschte Apple-Rechnungen in ihrem E-Mail-Postfach. Angeblich wurde etwas im App-Store per Kreditkartenzahlung gekauft. Für weitere Details werden Empfänger/innen aufgefordert, einem Link zu folgen oder eine Datei herunterzuladen. Folgen Sie nicht dem Link oder laden Anhänge herunter, denn es handelt sich um einen Phishing-Versuch! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-apple-rechnungen-im-umla… ∗∗∗ Zero-day in WordPress SMTP plugin abused by two hacker groups ∗∗∗ --------------------------------------------- Hacker groups are creating backdoor admin accounts on vulnerable sites and redirecting users to tech support scams. --------------------------------------------- https://www.zdnet.com/article/zero-day-in-wordpress-smtp-plugin-abused-by-t… ===================== = Vulnerabilities = ===================== ∗∗∗ Medtronic Conexus Radio Frequency Telemetry Protocol ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper access control and cleartext transmission of sensitive information vulnerabilities reported in Medtronics proprietary Conexus telemetry system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01 ∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004 ∗∗∗ --------------------------------------------- Project: Drupal coreDate: 2019-March-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.Solution: If you are using Drupal 8.6, update to Drupal 8.6.13.If you are using Drupal 8.5 or earlier, update to Drupal 8.5.14.If you are using Drupal 7, [...] --------------------------------------------- https://www.drupal.org/sa-core-2019-004 ∗∗∗ RESTful - Critical - Remote code execution - SA-CONTRIB-2019-041 ∗∗∗ --------------------------------------------- Project: RESTfulVersion: 7.x-2.x-dev7.x-1.x-devDate: 2019-March-20Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Remote code executionDescription: This resolves issues described in SA-CORE-2019-003 for this module.Solution: If you use the RESTful module for Drupal 7.x, upgrade to RESTful 7.x-1.10 or RESTful 7.x-2.17 [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2019-041 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7, firefox-esr, and openjdk-8), Fedora (ghostscript, python2-django1.11, and SDL), Red Hat (firefox), Scientific Linux (firefox), SUSE (nodejs4 and openssl-1_1), and Ubuntu (gdk-pixbuf). --------------------------------------------- https://lwn.net/Articles/783652/ ∗∗∗ IBM Security Bulletin: Vulnerability in Python affects IBM OS Images for Red Hat Linux Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-pyth… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by information leak (CVE-2019-4052) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a spoofing vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH (CVE-2018-15473 CVE-2018-15919) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in NTP (CVE-2018-12327) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.03.2019
by Daily end-of-shift report 20 Mar '19

20 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-03-2019 18:00 − Mittwoch 20-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Videos für mehr Cyber-Sicherheit: BSI startet YouTube-Kanal ∗∗∗ --------------------------------------------- Ab sofort ist das BSI auch bei der Videoplattform YouTube zu finden. Unter dem Namen "Bundesamt für Sicherheit in der Informationstechnik" finden Interessierte zunächst Tipps und Hinweise für Privatanwender sowie spannende Karriereinformationen oder Neuigkeiten über das BSI. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Youtube-200319.ht… https://www.youtube.com/channel/UC_VgLyJQsChxKfDJcdI-Tcg ∗∗∗ SilkETW: Because Free Telemetry is...Free! ∗∗∗ --------------------------------------------- In the following example, we will collect process event data from the Kernel provider and use image loads to identify Mimikatz execution. We can collect the required data with this command: SilkETW.exe -t kernel -kk ImageLoad -ot file -p C:\Users\b33f\Desktop\mimikatz.json With data in hand it is easy to sort, grep and filter for the properties we are interested in (Figure 2). --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/03/silketw-because-free-te… ∗∗∗ Fake-Shop btckraken.de stielt Daten und liefert nicht! ∗∗∗ --------------------------------------------- Die Suche nach günstiger Technik führt manche Konsument/innen zu btckraken.de. Aus angeblichen Sicherheitsgründen werden bei einer Bestellung Ausweisdokumente verlangt. Eine Zahlung erfolgt vorab. Hier darf nicht bestellt werden: Es handelt sich um schweren Identitätsdiebstahl für weitere Verbrechen unter fremden Namen und die Waren werden nie geliefert! --------------------------------------------- https://www.watchlist-internet.at/news/fake-shop-btckrakende-stielt-daten-u… ∗∗∗ Ransomware is not dead - a light analysis of LockerGoga ∗∗∗ --------------------------------------------- Despite many reports saying that the number of Ransomware samples is on the decrease, we see again and again big multinational companies suffering from these attacks.Just two days ago, Norway based Norsk Hydro - one of the Worlds largest Aluminium producers - was hit by a severe Ransomware attack: [...] --------------------------------------------- http://blog.joesecurity.org/2019/03/ransomware-is-not-dead-light-analysis.h… ∗∗∗ Severe security bug found in popular PHP library for creating PDF files ∗∗∗ --------------------------------------------- Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years. --------------------------------------------- https://www.zdnet.com/article/severe-security-bug-found-in-popular-php-libr… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IP Phone 7800 Series and 8800 Series Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libelf and wordpress), CentOS (cloud-init, cockpit, openssl, and tomcat), Gentoo (openssh), openSUSE (ovmf), Scientific Linux (cloud-init), and SUSE (go1.11, ldb, lftp, libssh2_org, and openwsman). --------------------------------------------- https://lwn.net/Articles/783566/ ∗∗∗ Security Advisory - Digital Signature Verification Bypass Vulnerability in Some Huawei Routers ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-… ∗∗∗ Security Advisory - Signature Verification Bypass Vulnerability in Some Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-… ∗∗∗ OpenSSL vulnerability CVE-2019-1559 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18549143 ∗∗∗ HPESBST03915 rev.1 - HPE CVAE products, and Hitachi Infrastructure Analytics Advisor(HIAA) using JDK, Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ IBM Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cloudant-local-apache… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE 2018-1992 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator (CVE-2018-2800, CVE-2018-2783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in deserialization of openid connect cookie ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-de… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache CXF ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Vulnerabilities in WAS traditional and liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-wa… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM SDK, Java Technology Edition Quarterly CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in 3RD PARTY XSS in IBM WebSphere CacheMonitor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-3r… ∗∗∗ IBM Security Bulletin: Publicly Disclosed Vulnerability Found By vFinder (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily