Daily

daily@lists.cert.at

1 participants
3313 discussions

Tageszusammenfassung - 20.08.2019
by Daily end-of-shift report 20 Aug '19

20 Aug '19

===================== = End-of-Day report = ===================== Timeframe: Montag 19-08-2019 18:00 − Dienstag 20-08-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Kernel: Defekte Dateisysteme bringen Linux zum Stolpern ∗∗∗ --------------------------------------------- In einer Diskussion um die Aufnahme eines neuen Dateisystems in den Linux-Kernel wird klar, dass viele Dateisystemtreiber mit defekten Daten nicht klarkommen. Das kann nicht nur zu Abstürzen führen, sondern auch zu Sicherheitslücken. ... Das Mounten von fremden Dateisystemen ist aber unter den gegebenen Umständen riskant. Wie die Diskussion zeigt, kann man sich nicht darauf verlassen, dass Linux-Dateisystemtreiber mit bösartigen Eingabedaten klarkommen. --------------------------------------------- https://www.golem.de/news/kernel-defekte-dateisysteme-bringen-linux-zum-sto… ∗∗∗ Guildma malware is now accessing Facebook and YouTube to keep up-to-date, (Tue, Aug 20th) ∗∗∗ --------------------------------------------- A new variant of the information stealer Guildma (aka Astaroth) we analyzed last week is accessing Facebook and YouTube to get a fresh list of its C2 servers. The C2 list is encrypted and hosted in two Facebook and three YouTube profiles maintained and constantly updated by the cybercriminals. --------------------------------------------- https://isc.sans.edu/diary/rss/25222 ∗∗∗ GitHub Token Scanning—one billion tokens identified and five new partners ∗∗∗ --------------------------------------------- If you’ve ever accidentally shared a token or credentials in a GitHub repository, or read about someone who has, you know how damaging it could be if a malicious user finds and exploits it. About a year ago, we introduced token scanning to help scan pushed commits and prevent fraudulent use of any credentials that are shared accidentally. --------------------------------------------- https://github.blog/2019-08-19-github-token-scanning-one-billion-tokens-ide… ∗∗∗ GAME OVER: Detecting and Stopping an APT41 Operation ∗∗∗ --------------------------------------------- In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group, APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. APT41 is known to adapt quickly to changes and detections within victim environments, often recompiling malware within hours of incident responder activity. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and… ∗∗∗ Falsche Versionsangaben: Mehrere Security Bulletins zu Apache Struts korrigiert ∗∗∗ --------------------------------------------- Struts-2-Anwender, die sich beim Updaten an offizielle Advisories halten, sollten erneut draufschauen – oder gleich zu Versionen ab 2.3.35 / 2.5.17 wechseln. --------------------------------------------- https://heise.de/-4500834 ∗∗∗ Erpressung mit Pädophilie per E-Mail ignorieren ∗∗∗ --------------------------------------------- Angeblich wurde Ihr Computer gehackt und Sie wurden beim Masturbieren gefilmt. Damit das Video nicht veröffentlicht wird, muss ein Schweigegeld bezahlt werden. Es besteht jedoch kein Grund zur Sorge, es handelt sich um eine Betrugsmasche. Weder wurde Ihre Webcam gehackt, noch wurden intime Videos über Sie angefertigt! Verschieben Sie dieses Mail in den Spam-Ordner. --------------------------------------------- https://www.watchlist-internet.at/news/erpressung-mit-paedophilie-per-e-mai… ===================== = Vulnerabilities = ===================== ∗∗∗ Severe Flaws in Kubernetes Expose All Servers to DoS Attacks ∗∗∗ --------------------------------------------- Two high severity security flaws impacting the Kubernetes open-source system for handling containerized apps can allow an unauthorized attacker to trigger a denial of services state remotely, without user interaction. --------------------------------------------- https://www.bleepingcomputer.com/news/security/severe-flaws-in-kubernetes-e… ∗∗∗ Remote Code Execution: Doppelte Hintertür in Webmin ∗∗∗ --------------------------------------------- In der Systemkonfigurationssoftware Webmin waren offenbar für über ein Jahr Hintertüren, mit denen sich übers Netz Code ausführen lässt. Den Angreifern gelang es dabei offenbar, die Release-Dateien des Projekts zu manipulieren. --------------------------------------------- https://www.golem.de/news/remote-code-execution-doppelte-hintertuer-in-webm… ∗∗∗ iOS 12.4 jailbreak released after Apple ‘accidentally un-patches’ an old flaw ∗∗∗ --------------------------------------------- A fully functional jailbreak has been released for the latest iOS 12.4 on the Internet, making it the first public jailbreak in a long time—thanks to Apple. Dubbed "unc0ver 3.5.0," the jailbreak works with the updated iPhones, iPads and iPod Touches by leveraging a vulnerability that Apple previously patched in iOS 12.3 but accidentally reintroduced in the latest iOS version 12.4. --------------------------------------------- https://thehackernews.com/2019/08/ios-iphone-jailbreak.html ∗∗∗ SphinxSearch 0.0.0.0:9306 (CVE-2019-14511) ∗∗∗ --------------------------------------------- TL;DR: SphinxSearch comes with a insecure default configuration that opens a listener on port 9306. No auth required. Connections using a mysql client are possible. --------------------------------------------- https://blog.wirhabenstil.de/2019/08/19/sphinxsearch-0-0-0-09306-cve-2019-1… ∗∗∗ Security Bulletin VLC 3.0.8 ∗∗∗ --------------------------------------------- If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user. While these issues in themselves are most likely to just crash the player, we can't exclude that they could be combined to leak user informations or remotely execute code. ASLR and DEP help reduce the likelyness of code execution, but may be bypassed. We have not seen exploits performing code execution through these vulnerabilities --------------------------------------------- https://www.videolan.org/security/sb-vlc308.html ∗∗∗ Ruby rest-client 1.6.13 ∗∗∗ --------------------------------------------- It seems that rest-client 1.6.13 is uploaded to rubygems.org. I did review between 1.6.9 and 1.6.13 and it seems that latest version evaluate remote code from pastebin.com and sends information to mironanoru.zzz.com.ua --------------------------------------------- https://github.com/rest-client/rest-client/issues/713 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Aspose APIs ∗∗∗ --------------------------------------------- Cory Duplantis and Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities.Cisco Talos recently discovered multiple remote code execution vulnerabilities in various Aspose APIs. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabilities exist in APIs that help process PDFs, Microsoft Word files and more. --------------------------------------------- https://blog.talosintelligence.com/2019/08/aspose-APIs-RCE-vulns-aug-2019.h… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (flask), openSUSE (clementine, dkgpg, libTMCG, openexr, and zstd), Oracle (kernel, mysql:8.0, redis:5, and subversion:1.10), SUSE (nodejs6, python-Django, and rubygem-rails-html-sanitizer), and Ubuntu (cups, docker, docker-credential-helpers, kconfig, kde4libs, libreoffice, nova, and openldap). --------------------------------------------- https://lwn.net/Articles/796759/ ∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a denial of service attack within the error logging function (CVE-2019-4049) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Websphere Application Server affects IBM Cloud App Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM License Metric Tool v9 (CVE-2019-4046). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM License Key Server Administration & Reporting Tool and Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance affected by an OpenSSH vulnerability (CVE-2019-6110) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-affe… ∗∗∗ IBM Security Bulletin: Information disclosure for IBM Infosphere Global Name Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: Information disclosure for IBM Infosphere Identity Insight ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: Error Message Vulnerabilities Affect IBM Emptoris Sourcing, IBM Emptoris Contract Management and IBM Emptoris Spend Analysis. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-error-message-vulnera… ∗∗∗ IBM Security Bulletin: Cross-site Scripting Affects IBM Emptoris Spend Analysis (CVE-2019-4482) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: SQL Injection Affects IBM Emptoris Spend Analysis and IBM Emptoris Contract Management (CVE-2019-4481, CVE-2019-4483) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-sql-injection-affects… ∗∗∗ IBM Security Bulletin: Multiple IBM MQ Security Vulnerabilities Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-ibm-mq-secur… ∗∗∗ IBM Security Bulletin: API Connect V2018 (ova) is impacted by vulnerabilities in Ubuntu OS (CVE-2019-4504) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-ova… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by a Kubernetes vulnerability(CVE-2019-11246) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: IBM API Connect’s Developer Portal is impacted by a path traversal vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-deve… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2019-6471. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by a information disclosure vulnerability (CVE-2019-4437) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by Linux Kernel security vulnerabilities (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: XML External Entity Injection vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4424) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-xml-external-entity-i… ∗∗∗ IBM Security Bulletin: Reverse tabnabbing vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4425) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-reverse-tabnabbing-vu… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Docker (CVE-2018-15664) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileg… ∗∗∗ IBM Security Bulletin: Vulnerability in NTP affects AIX (CVE-2019-8936) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ntp-… ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2018 – Includes Oracle Jul 2018 CPU affects DB2 Recovery Expert for Linux, Unix and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technolo… ∗∗∗ HTTP/2 Empty Frames Flood vulnerability CVE-2019-9518 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K46011592 ∗∗∗ HTTP/2 Settings Flood vulnerability CVE-2019-9515 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K50233772 ∗∗∗ HTTP/2 Ping Flood vulnerability CVE-2019-9512 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K98053339 ∗∗∗ HTTP/2 Reset Flood vulnerability CVE-2019-9514 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01988340 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.08.2019
by Daily end-of-shift report 19 Aug '19

19 Aug '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-08-2019 18:00 − Montag 19-08-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Router Network Isolation Broken By Covert Data Exfiltration ∗∗∗ --------------------------------------------- Software-based network isolation provided by routers is not as efficient as believed, as hackers can smuggle data between the networks for exfiltration. --------------------------------------------- https://www.bleepingcomputer.com/news/security/router-network-isolation-bro… ∗∗∗ IT threat evolution Q2 2019 ∗∗∗ --------------------------------------------- Targeted attacks, malware campaigns and other security news in Q2 2019. --------------------------------------------- https://securelist.com/it-threat-evolution-q2-2019/91994/ ∗∗∗ The DAA File Format, (Fri, Aug 16th) ∗∗∗ --------------------------------------------- In diary entry "Malicious .DAA Attachments", we extracted a malicious executable from a Direct Access Archive file. --------------------------------------------- https://isc.sans.edu/diary/rss/25246 ∗∗∗ What Hackers Do after Gaining Access to a Website ∗∗∗ --------------------------------------------- A hack or cyber attack is the act of maliciously entering, taking control over, or manipulating by force a web application, server, or file that belongs to someone else. --------------------------------------------- https://blog.sucuri.net/2019/08/what-hackers-do-after-gaining-access-to-a-w… ∗∗∗ Sicherheitspanne: Kernel-Schwachstelle zurück in iOS 12.4, Jailbreak verfügbar ∗∗∗ --------------------------------------------- Zum ersten Mal seit Langem lassen sich Apples Sicherheitsfunktionen in der aktuellen iOS-Version durch einen öffentlich verfügbaren Jailbreak aushebeln. --------------------------------------------- https://heise.de/-4500038 ∗∗∗ QxSearch hijacker fakes failed installs ∗∗∗ --------------------------------------------- QxSearch is a group of search hijackers that try to make the user think the install failed or was incomplete. Is it that they dont want to be found and removed? Or just bad programming? --------------------------------------------- https://blog.malwarebytes.com/pups/2019/08/qxsearch-hijacker-fakes-failed-i… ∗∗∗ Gefälschte "Ihr Jahresabonnemеnt Whatsapp"-Mail im Umlauf ∗∗∗ --------------------------------------------- Konsument/innen erhalten eine angebliche WhatsApp-E-Mail. Darin heißt es, dass sie ihr Abonnement verlängern müssen. Über einen Link in der Nachricht gelangen Nutzer/innen auf eine gefälschte WhatsApp-Website. Darauf sollen sie ihr Jahresabonnement unter Bekanntgabe ihrer Zahlungsdaten verlängern. Kommen Konsument/innen der Aufforderung nach, werden sie Opfer eines Datendiebstahls und verlieren ihr Geld an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-ihr-jahresabonnement-wha… ∗∗∗ Offensive Lateral Movement ∗∗∗ --------------------------------------------- Lateral movement is the process of moving from one compromised host to another. Penetration testers and red teamers alike commonly used to accomplish this by executing powershell.exe to run a base64 encoded command on the remote host, which would return a beacon. The problem with this is that offensive PowerShell is not a new concept anymore and even moderately mature shops will detect on it and shut it down quickly, or any half decent AV product will kill it before a malicious command is ran. --------------------------------------------- https://posts.specterops.io/offensive-lateral-movement-1744ae62b14f ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Drupal ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, Daten zu manipulieren oder Sicherheitsmechanismen zu umgehen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K19-0726 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel and openssl), Debian (ffmpeg, golang-1.11, imagemagick, kde4libs, openldap, and python3.4), Fedora (gradle, hostapd, kdelibs3, and mgetty), Gentoo (adobe-flash, hostapd, mariadb, patch, thunderbird, and vlc), Mageia (elfutils, mariadb, mythtv, postgresql, and redis), openSUSE (chromium, kernel, LibreOffice, and zypper, libzypp and libsolv), Oracle (ghostscript), Red Hat (rh-php71-php), SUSE (bzip2, evince, firefox, glib2, glibc, [...] --------------------------------------------- https://lwn.net/Articles/796640/ ∗∗∗ Cisco Firepower Threat Defense Software HTTP Filtering Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections.The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Threat Defense Software Stream Reassembly Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections.The vulnerability is due to improper reassembly of traffic streams. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections.The vulnerability is due to insufficient normalization of a text-based payload. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Threat Defense Software Nonstandard Protocol Detection Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections.The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Four Remote Code Execution Vulnerabilities in Some Microsoft Windows Systems ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190819-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.08.2019
by Daily end-of-shift report 16 Aug '19

16 Aug '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-08-2019 18:00 − Freitag 16-08-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft Warns of Phishing Attacks Using Custom 404 Pages ∗∗∗ --------------------------------------------- Microsoft security researchers discovered an unusual phishing campaign which employs custom 404 error pages to trick potential victims into handing out their Microsoft credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-… ∗∗∗ Energy Sector Phish Swims Past Microsoft Email Security via Google Drive ∗∗∗ --------------------------------------------- The savvy technique of avoiding malicious links in the email allowed the phishing attack to reach its targets. --------------------------------------------- https://threatpost.com/energy-phish-microsoft-security-google-drive/147397/ ∗∗∗ Analysis of a Spearphishing Maldoc, (Thu, Aug 15th) ∗∗∗ --------------------------------------------- A spearphishing attack with a VBA maldoc on US utility companies was mentioned in SANS NewsBites Vol. 21, Num. 61. I always like to take a look at malicious documents mentioned in the news. Luckily for me, Proofpoint's analysis includes the hashes of the maldocs, and one maldoc can be found on VirusTotal. --------------------------------------------- https://isc.sans.edu/diary/rss/25242 ∗∗∗ VoIP-Sicherheitslücken: Viele Büro-Telefonanlagen grundlegend unsicher ∗∗∗ --------------------------------------------- 33 Geräte von 25 Herstellern lassen sich kapern. Angreifer können spionieren, andere Systeme angreifen oder die Organisation durch einen Totalausfall schwächen. --------------------------------------------- https://heise.de/-4499202 ∗∗∗ MITRE ATT&CK July 2019 Update ∗∗∗ --------------------------------------------- On the last day of July, MITRE released its most recent update to the ATT&CK framework. The ATT&CK framework is a curated knowledge base of tactics, techniques, software, that adversarial groups have leveraged when compromising enterprise systems. The July 2019 update is relatively minor compared to the April 2019 update, which saw a new tactic [...] --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/mitre-a… ∗∗∗ Many Apache Struts Security Advisories Updated Following Review ∗∗∗ --------------------------------------------- Two dozen security advisories for the Apache Struts open source development framework have been updated after researchers determined that they contained incorrect information regarding which versions of the software were impacted by a vulnerability. --------------------------------------------- https://www.securityweek.com/many-apache-struts-security-advisories-updated… ===================== = Vulnerabilities = ===================== ∗∗∗ Lenovo Warns of ThinkPad Bugs, One Unpatched ∗∗∗ --------------------------------------------- The notebook maker is warning users of three separate vulnerabilities. --------------------------------------------- https://threatpost.com/lenovo-warns-bugs-thinkpads/147338/ ∗∗∗ Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again ∗∗∗ --------------------------------------------- If you are using LibreOffice, you need to update it once again. LibreOffice has released the latest version 6.2.6/6.3.0 of its open-source office software to address three new vulnerabilities that could allow attackers to bypass patches for two previously addressed vulnerabilities. --------------------------------------------- https://thehackernews.com/2019/08/libreoffice-patch-update.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (irssi, ledger, libheimdal, libmediainfo, libqb, and libsass) and Slackware (mozilla). --------------------------------------------- https://lwn.net/Articles/796311/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (freetype, libreoffice, and openjdk-7), Fedora (edk2, mariadb, mariadb-connector-c, mariadb-connector-odbc, python-django, and squirrelmail), Gentoo (chromium, cups, firefox, glibc, kconfig, libarchive, libreoffice, oracle-jdk-bin, polkit, proftpd, sqlite, wget, zeromq, and znc), openSUSE (bzip2, chromium, dosbox, evince, gpg2, icedtea-web, java-11-openjdk, java-1_8_0-openjdk, kconfig, kdelibs4, mariadb, mariadb-connector-c, nodejs8, pdns, polkit, [...] --------------------------------------------- https://lwn.net/Articles/796455/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.08.2019
by Daily end-of-shift report 14 Aug '19

14 Aug '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-08-2019 18:00 − Mittwoch 14-08-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Bluetooth KNOB Flaw Lets Attackers Manipulate Traffic ∗∗∗ --------------------------------------------- A new Bluetooth vulnerability named "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-bluetooth-knob-flaw-lets… ∗∗∗ Dejablue: Erneut Sicherheitslücken im Windows-Remote-Desktop ∗∗∗ --------------------------------------------- Microsoft warnt vor zwei Remote-Code-Execution-Bugs im Remote Desktop Service. Damit lassen sich Windows-Rechner übers Netz kapern, wenn sie die Remoteadministration aktiviert haben. Alle aktuellen Windows-Versionen sind betroffen. --------------------------------------------- https://www.golem.de/news/dejablue-erneut-sicherheitsluecken-im-windows-rem… ∗∗∗ Project Zero: Windows-Texteingabesystem bietet viele Angriffsmöglichkeiten ∗∗∗ --------------------------------------------- Ein Systemdienst für Texteingabemethoden, das es seit Windows XP gibt, wurde offenbar mit wenig Sicherheitsbewusstsein entwickelt. Tavis Ormandy von Google gelang es damit, als Nutzer Systemrechte zu erlangen. Es gibt ein Update von Microsoft, doch das behebt wohl nicht alle Probleme. --------------------------------------------- https://www.golem.de/news/project-zero-windows-texteingabesystem-bietet-vie… ∗∗∗ Debugging for Malware Analysis ∗∗∗ --------------------------------------------- This article provides an overview of debugging and how to use some of the most commonly used debuggers. We will begin by discussing OllyDbg; using it, we will explore topics such as setting up breakpoints, stepping through the instructions and modifying the flow of execution. We will then discuss WinDbg, which can be used [...] --------------------------------------------- https://resources.infosecinstitute.com/debugging-for-malware-analysis/ ∗∗∗ Nehmen Sie sich vor gefälschten Zahlungsanweisungen in Acht! ∗∗∗ --------------------------------------------- Zahlreiche Unternehmen wenden sich mit erfundenen Überweisungs-Aufforderungen im Namen der Geschäftsführung oder anderer Führungspersonen an uns. Die E-Mails stammen von Kriminellen, die die Mail-Adressen durch „Spoofing“ imitieren und dadurch nichtsahnende Mitarbeiter/innen zu Überweisungen auf fremde Konten bringen wollen. --------------------------------------------- https://www.watchlist-internet.at/news/nehmen-sie-sich-vor-gefaelschten-zah… ∗∗∗ This new cryptojacking malware uses a sneaky trick to remain hidden ∗∗∗ --------------------------------------------- Norman cryptomining malware was found to have infected almost every system in one organisation during an investigation by security researchers. --------------------------------------------- https://www.zdnet.com/article/this-new-cryptojacking-malware-uses-a-sneaky-… ===================== = Vulnerabilities = ===================== ∗∗∗ Intel Releases Security Updates ∗∗∗ --------------------------------------------- Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates: RAID Web Console 2 Advisory INTEL-SA-00246 NUC Advisory INTEL-SA-00272 [...] --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/08/13/intel-releases-sec… ∗∗∗ Trend Micro Password Manager - Privilege Escalation to SYSTEM ∗∗∗ --------------------------------------------- SafeBreach Labs discovered a new vulnerability in Trend Micro Password Manager software. In this post, we will demonstrate how this vulnerability could have been used in order to achieve privilege escalation and persistence by loading an arbitrary unsigned DLL into a service that runs as NT AUTHORITY\SYSTEM. --------------------------------------------- https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalati… ∗∗∗ DoS-Attacken: Viele Web-Server mit HTTP/2 angreifbar ∗∗∗ --------------------------------------------- Forschern zufolge ist ein Großteil von Web-Servern mit HTTP/2 nicht optimal konfiguriert, sodass die Sicherheit gefährdet ist. Patches sind verfügbar. --------------------------------------------- https://heise.de/-4496647 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel, linux-4.9, otrs2, and tomcat8), Fedora (igraph and jhead), openSUSE (ansible, GraphicsMagick, kconfig, kdelibs4, live555, mumble, phpMyAdmin, proftpd, python-Django, and znc), Oracle (kernel and openssl), Red Hat (kernel, openssl, and rh-mysql80-mysql), Scientific Linux (kernel and openssl), Slackware (kernel), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork and mariadb-100), and Ubuntu (linux, linux-aws, linux-kvm, [...] --------------------------------------------- https://lwn.net/Articles/796193/ ∗∗∗ SAP Patches Highest Number of Critical Flaws Since 2014 ∗∗∗ --------------------------------------------- SAP’s Security Patch Day updates for August 2019 address three new critical vulnerabilities affecting the company’s products. This is the highest number of critical flaws fixed on the same day since 2014. --------------------------------------------- https://www.securityweek.com/sap-patches-highest-number-critical-flaws-2014 ∗∗∗ Mitsubishi Electric smartRTU and INEA ME-RTU ∗∗∗ --------------------------------------------- CISA is aware of a public report of a proof-of-concept (PoC) exploit code vulnerability affecting Mitsubishi Electric smartRTU devices. According to this report, there are multiple vulnerabilities that could result in remote code execution with root privileges. CISA is issuing this alert to provide early notice of the report. --------------------------------------------- https://www.us-cert.gov/ics/alerts/ics-alert-19-255-01 ∗∗∗ Delta Industrial Automation DOPSoft ∗∗∗ --------------------------------------------- This advisory includes mitigations for out-of-bounds read and use after free vulnerabilities reported in Delta Electronics’ Delta Industrial Automation DOPSoft HMI editing software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-225-01 ∗∗∗ OSIsoft PI Web API ∗∗∗ --------------------------------------------- This advisory includes mitigations for inclusion of sensitive information in log files and protection mechanism failure vulnerabilities reported in OSIsoft LLC’s OSIsoft PI Web API. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-19-225-02 ∗∗∗ Key Negotiation of Bluetooth Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Two Denial of Service Vulnerabilities on Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190814-… ∗∗∗ August 13, 2019 TNS-2019-05 [R1] Nessus 8.6.0 Fixes One Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2019-05 ∗∗∗ Synology-SA-19:33 HTTP/2 DoS Attacks ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_33 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.08.2019
by Daily end-of-shift report 13 Aug '19

13 Aug '19

===================== = End-of-Day report = ===================== Timeframe: Montag 12-08-2019 18:00 − Dienstag 13-08-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Steam Security Vulnerability Fixed, Researchers Dont Agree ∗∗∗ --------------------------------------------- Valve has pushed out a fix for a zero-day Steam Client local privilege escalation (LPE) vulnerability, but researchers say there are still other LPE vulnerabilities that are being ignored. --------------------------------------------- https://www.bleepingcomputer.com/news/security/steam-security-vulnerability… ∗∗∗ Troldesh Ransomware Dropper ∗∗∗ --------------------------------------------- Over the past few weeks, we’ve seen an increase in Troldesh ransomware using compromised websites as intermediary malware distributors. The malware often uses a PHP file that acts as a delivery tool for downloading the host malware dropper: hxxp://doolaekhun[.]com/cgi-bin/[redacted].php --------------------------------------------- https://blog.sucuri.net/2019/08/troldesh-ransomware-dropper.html ∗∗∗ Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices ∗∗∗ --------------------------------------------- Within a span of three weeks, our telemetry uncovered three notable malware variants of Neko, Mirai, and Bashlite. On July 22, 2019, we saw and started analyzing a Neko botnet sample, then observed another sample with additional exploits the following week. A Mirai variant that calls itself "Asher" [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/jgzb2S8LB8M/ ∗∗∗ MANRS Observatory: Monitoring the State of Internet Routing Security ∗∗∗ --------------------------------------------- Routing security is vital to the future and stability of the Internet, but it’s under constant threat. Which is why we’ve launched a free online tool so that network operators can see how they’re doing, and what they can improve, while anyone can see the health of the Internet at a glance. --------------------------------------------- https://www.internetsociety.org/blog/2019/08/manrs-observatory-monitoring-t… ∗∗∗ The Twin Journey, Part 3: I’m Not a Twin, Can’t You See my Whitespace at the End? ∗∗∗ --------------------------------------------- In this series of 3 blogs (you can find part 1 here, and part 2 here), so far we have understood the implications of promoting files to “Evil Twins” where they can be created and remain in the system as different entities once case sensitiveness is enabled, and some issues that could be raised by [...] --------------------------------------------- https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/the-twin-journe… ∗∗∗ CEO Cyber Quiz: What’s Your IT Security IQ? ∗∗∗ --------------------------------------------- Every business leader understands that, when it comes to cybersecurity, the stakes are extraordinarily high. CEOs tend to take notice when they read headlines about yet another big-name company being victimized by a massive data breach or about industry forecasts suggesting that the annual cost of crime losses and damage will hit $6 trillion by [...] --------------------------------------------- https://www.tripwire.com/state-of-security/security-awareness/ceo-cyber-sec… ∗∗∗ Datingfalle.at: Kostenlose Hilfe bei Online-Dating-Fallen! ∗∗∗ --------------------------------------------- Auf www.datingfalle.at bietet der Internet Ombudsmann kostenlose Hilfe bei rechtlichen Problemen mit Online-Dating-Plattformen, Erotik-Portalen und Singlebörsen. Neben Infos und Tipps steht eine außergerichtliche Streitschlichtung zur Verfügung. Hier gibt es Hilfestellung bei Abo-Fallen, automatischer Vertragsverlängerung, Kündigungsschwierigkeiten oder Inkasso-Schreiben. --------------------------------------------- https://www.watchlist-internet.at/news/datingfalleat-kostenlose-hilfe-bei-o… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe After Effects CC (APSB19-31), Adobe Character Animator CC (APSB19-32), Adobe Premiere Pro CC (APSB19-33), Adobe Prelude CC (APSB19-35), Adobe Creative Cloud Desktop Application (APSB19-39), Adobe Acrobat and Reader (APSB19-41), Adobe Experience Manager (APSB19-42) and Adobe Photoshop CC (APSB19-44). Adobe recommends users update their product installations to the latest versions using the instructions referenced [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1773 ∗∗∗ [20190801] - Core - Hardening com_contact contact form ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 1.6.2 - 3.9.10 Exploit type: Incorrect Access Control Reported Date: 2019-April-09 Fixed Date: 2019-August-13 CVE Number: CVE-2019-XXXXX Description Inadequate checks in com_contact could allowed mail submission in disabled forms. Affected Installs Joomla! CMS versions 1.6.2 - 3.9.10 Solution Upgrade to version 3.9.11 --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/H1jmq28mUAw/789-20190801-c… ∗∗∗ # SSA-671286: Multiple Vulnerabilities in SCALANCE Products ∗∗∗ --------------------------------------------- The latest update for SCALANCE SC-600 fixes multiple vulnerabilities. The most severe could allow authenticated local users with physical access to the device to execute arbitrary commands on the device under certain conditions. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-671286.txt ∗∗∗ # SSA-530931: Denial-of-Service in Webserver of Industrial Products ∗∗∗ --------------------------------------------- A vulnerability in the affected products could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-530931.txt ∗∗∗ # SSA-232418: Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU families ∗∗∗ --------------------------------------------- Two vulnerabilities have been identified in the SIMATIC S7-1200 and the SIMATIC S7-1500 CPU families. One vulnerability could allow an attacker with network access to affected devices to modify the user program stored on these devices such that the source code differs from the actual running code. The other vulnerability could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-232418.txt ∗∗∗ # SSA-100232: Denial-of-Service vulnerability in SCALANCE X switches ∗∗∗ --------------------------------------------- A vulnerability in the affected devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-100232.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, postgresql, and postgresql-libs), Debian (atril, chromium, evince, ghostscript, jackson-databind, kernel, and php5), Fedora (kf5-kconfig, mingw-sqlite, pam-u2f, and poppler), Mageia (kernel), openSUSE (aubio, chromium, kconfig, kdelibs4, nodejs10, osc, and zstd), Red Hat (ghostscript), and Ubuntu (ghostscript and MariaDB). --------------------------------------------- https://lwn.net/Articles/796075/ ∗∗∗ [remote] Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit) ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/47230 ∗∗∗ [remote] ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit) ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/47229 ∗∗∗ [remote] ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit) ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/47228 ∗∗∗ [remote] ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit) ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/47227 ∗∗∗ Linux kernel vulnerability CVE-2016-7097 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31603170 ∗∗∗ SAP Patchday August: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0714 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.08.2019
by Daily end-of-shift report 12 Aug '19

12 Aug '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-08-2019 18:00 − Montag 12-08-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Beware of Fake Microsoft Account Unusual Sign-in Activity Emails ∗∗∗ --------------------------------------------- In this article we take a look at a phishing campaign that pretends to be an "Unusual sign-in activity" alertfrom Microsoft that could easily trick someone into clicking on the enclosed link. --------------------------------------------- https://www.bleepingcomputer.com/news/security/beware-of-fake-microsoft-acc… ∗∗∗ Malware Analysis and Reverse Engineering ∗∗∗ --------------------------------------------- Introduction This article provides a high-level overview of malware analysis and reverse engineering. If you are planning to get started with malware analysis and reverse engineering, this article can be a good starting point, as it covers a high-level overview of what you need to know before you download that debugger and get your hands [...] --------------------------------------------- https://resources.infosecinstitute.com/malware-analysis-and-reverse-enginee… ∗∗∗ DEF CON 2019: Delta ICS Flaw Allows Total Industrial Takeover ∗∗∗ --------------------------------------------- The bug exists in a controller that oversees HVAC, lighting, sensor and alarm systems, to name a few. --------------------------------------------- https://threatpost.com/def-con-2019-delta-ics-flaw-allows-total-industrial-… ∗∗∗ Inside the Hidden World of Elevator Phone Phreaking ∗∗∗ --------------------------------------------- Eavesdropping, reprogramming, talking to strangers: Welcome to the harmless and not-so-harmless fun of hacking elevator call boxes. --------------------------------------------- https://www.wired.com/story/elevator-phone-phreaking-defcon ∗∗∗ Amazon Web Services: Tausende virtuelle Festplatten frei zugänglich im Netz ∗∗∗ --------------------------------------------- Ein Forscher fand tausendfach offen zugängliche Elastic Block Store-Volumes mit vertraulichen Daten im Netz, wo sie sich beliebig durchsuchen lassen. --------------------------------------------- https://heise.de/-4493402 ∗∗∗ Windows-Treiber von Intel, AMD, Nvidia und vielen Mainboard-Herstellern unsicher ∗∗∗ --------------------------------------------- Über mehr als 40 weit verbreitete Hardware-Treiber können Angreifer sich Kernel-Rechte auf einem System verschaffen. --------------------------------------------- https://heise.de/-4494929 ∗∗∗ Cruise Releases Automated Firmware Security Analyzer to Open Source ∗∗∗ --------------------------------------------- The growth of IoT devices has highlighted the difficulties in ensuring firmware security -- especially where the device and software are initially sourced from third parties, or developed under time pressures in-house. Now a new firmware analyzer has been released to open source on GitHub. --------------------------------------------- https://www.securityweek.com/gm-cruise-releases-automated-firmware-security… ∗∗∗ Hotellerie-Betriebe: Vorsicht vor kriminellen Buchungs- & Stornierungsversuchen! ∗∗∗ --------------------------------------------- Vermeintliche Interessent/innen kontaktieren gezielt Hotels, Pensionen, Apartments und sonstige Unterkünfte für eine Buchung. Kurz nach einer (ungültigen) Zahlung per Kreditkarte folgen schreckliche Nachrichten: Aufgrund tragischer Ereignisse bei den geplanten Gästen muss die Buchung storniert und das Geld zurücküberwiesen werden. Hotellerie-Betriebe dürfen den Aufforderungen nicht nachkommen! --------------------------------------------- https://www.watchlist-internet.at/news/hotellerie-betriebe-vorsicht-vor-kri… ∗∗∗ Hunting the Public Cloud for Exposed Hosts and Misconfigurations ∗∗∗ --------------------------------------------- This research explores the security landscape of the Internet-facing services hosted in Amazon AWS, Microsoft Azure and Google Cloud Platform. --------------------------------------------- https://unit42.paloaltonetworks.com/hunting-the-public-cloud-for-exposed-ho… ∗∗∗ Clever attack uses SQLite databases to hack other apps, malware servers ∗∗∗ --------------------------------------------- Tainted SQLite database can run malicious code inside other apps, such as web apps or Apples iMessage. --------------------------------------------- https://www.zdnet.com/article/clever-attack-uses-sqlite-databases-to-hack-o… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (fusiondirectory, gosa, kconfig, kernel, pango1.0, and python-django), Fedora (aubio, icedtea-web, java-1.8.0-openjdk, kernel, kernel-headers, kernel-tools, libslirp, openqa, os-autoinst, and upx), Gentoo (JasPer, libvncserver, and redis), Mageia (cyrus-imapd and php), Oracle (kernel), Red Hat (chromium-browser, cockpit-ovirt, Red Hat Virtualization, and rhvm-appliance), SUSE (ImageMagick, libvirt, python, and wireshark), and Ubuntu (poppler). --------------------------------------------- https://lwn.net/Articles/795963/ ∗∗∗ PPOM for WooCommerce <= 18.3 - Authenticated Stored XSS ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9502 ∗∗∗ ZDI-19-701: (0Day) EZAutomation EZPLC EZC File Parsing Memory Corruption Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-701/ ∗∗∗ ZDI-19-700: (0Day) EZAutomation EZTouch Editor EZP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-700/ ∗∗∗ iControl REST and tmsh vulnerability CVE-2019-6621 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20541896 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.08.2019
by Daily end-of-shift report 09 Aug '19

09 Aug '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 08-08-2019 18:00 − Freitag 09-08-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackerone: Sicherheitslücke in Steam bleibt vorerst ungefixt ∗∗∗ --------------------------------------------- Auf Windows-Systemen, auf denen der Spiele-Launcher Steam installiert ist, können einfache Nutzer Programme mit Systemrechten ausführen. Der Entdecker der Lücke meldete diese über die Plattform Hackerone, dort erklärte man den Bug für ungültig und wollte eine Veröffentlichung verhindern. --------------------------------------------- https://www.golem.de/news/hackerone-sicherheitsluecke-in-steam-bleibt-vorer… ∗∗∗ Protect against BlueKeep ∗∗∗ --------------------------------------------- DART offers steps you can take to protect your network from BlueKeep, the “wormable” vulnerability that can create a large-scale outbreak due to its ability to replicate and propagate. --------------------------------------------- https://www.microsoft.com/security/blog/2019/08/08/protect-against-bluekeep/ ∗∗∗ Hidden Algorithm Flaws Expose Websites to DoS Attacks ∗∗∗ --------------------------------------------- Why throw a bunch of junk traffic at a service, when all it takes to stall it out is just a few bytes? --------------------------------------------- https://www.wired.com/story/algorithm-dos-attack ∗∗∗ How Safecrackers Can Unlock an ATM in Minutes—Without Leaving a Trace ∗∗∗ --------------------------------------------- At Defcon this week, security researcher Mike Davis will show how he can pick the lock of an ATM safe in no time, thanks to its electric leaks. --------------------------------------------- https://www.wired.com/story/atm-lock-hack-electric-leaks ∗∗∗ Saefko: A new multi-layered RAT ∗∗∗ --------------------------------------------- Recently, the Zscaler ThreatLabZ team came across a new remote-access trojan (RAT) for sale on the dark web. The RAT, called Saefko, is written in .NET and has multiple functionalities. This blog provides a detailed analysis of this piece of malware, including its HTTP, IRC, and data stealing and spreading module. --------------------------------------------- https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat ∗∗∗ Are Your Out-of-Office Replies Revealing Too Much? ∗∗∗ --------------------------------------------- Whether you’re traveling for business or pleasure, it’s common practice to create an automatic out-of-office reply for incoming emails. While business continuity is important, it’s critical to remember that some emails that arrive in your inbox will come from people you don’t know - and, in some cases, cybercriminals who wish to do you harm. The details you provide could be used for malicious purposes and expose your organization to attack. --------------------------------------------- https://www.proofpoint.com/us/security-awareness/post/are-your-out-office-r… ∗∗∗ New Windows Process Injection Can Be Useful for Stealthy Malware ∗∗∗ --------------------------------------------- Researchers at SafeBreach, a cybersecurity firm that specializes in breach and attack simulations, have catalogued most known Windows process injection techniques. They also discovered a new method, which they claim is stealthy and can bypass all protections implemented by Microsoft. --------------------------------------------- https://www.securityweek.com/new-windows-process-injection-can-be-useful-st… ∗∗∗ Analyse: Ransomware-Angriffe auf Firmen fast vervierfacht ∗∗∗ --------------------------------------------- Die Zahl der Infektionen mit Ransomware bei Firmen hat im Vergleich zum Vorjahr um 365 Prozent zugenommen. Groß im Geschäft: das Trio Emotet/Trickbot/Ryuk. --------------------------------------------- https://heise.de/-4492497 ∗∗∗ Skype, Slack, VS Code, Atom: Electron-Apps haben eine gefährliche Achilles-Ferse ∗∗∗ --------------------------------------------- Programme, die auf dem Electron Framework basieren, können von lokalen Angreifern trojanisiert und als Angriffsplattform missbraucht werden. --------------------------------------------- https://heise.de/-4493195 ∗∗∗ Hackers Can Use Rogue Engineering Stations to Target Siemens PLCs ∗∗∗ --------------------------------------------- Malicious actors could use rogue engineering workstations to take control of Siemens programmable logic controllers (PLCs), and they can hide the attack from the engineer monitoring the system, researchers from two universities in Israel have demonstrated. --------------------------------------------- https://www.securityweek.com/hackers-can-use-rogue-engineering-stations-tar… ===================== = Vulnerabilities = ===================== ∗∗∗ Schwerwiegende Sicherheitslücke in Big-IP-Produkten von F5 Networks ∗∗∗ --------------------------------------------- Der finnische Sicherheitsspezialist F-Secure warnt vor einer Sicherheitslücke, die möglicherweise zahlreiche Unternehmen zu Zielen für Cyberangriffe macht. Betroffen sind Big-IP-Produkte von F5 Networks. Der Anbieter dementiert. --------------------------------------------- https://www.it-business.de/schwerwiegende-sicherheitsluecke-in-big-ip-produ… ∗∗∗ Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware ∗∗∗ --------------------------------------------- Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies (source), with products targeting a wide spectrum of customers, from small business and midmarket, to large corporations. As part of the ongoing McAfee Advanced Threat Research effort into researching critical vulnerabilities in widely deployed software [...] --------------------------------------------- https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (postgresql-11, postgresql-9.4, and postgresql-9.6), Fedora (exiv2), openSUSE (python-Django and vlc), Oracle (kernel), Red Hat (qemu-kvm-rhev), SUSE (evince, nodejs10, python, and squid), and Ubuntu (postgresql-10, postgresql-11, postgresql-9.5). --------------------------------------------- https://lwn.net/Articles/795821/ ∗∗∗ D-LINK Router: Schwachstelle ermöglicht Manipulation von Dateien ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0708 ∗∗∗ BlackBerry Powered by Android Security Bulletin - August 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Notice - Statement on Brute Forcing Encrypted Backup Data for Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2019/huawei-sn-20190809-01-… ∗∗∗ BIG-IP DHCPv6 vulnerability CVE-2019-6643 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K36228121 ∗∗∗ iControl REST vulnerability CVE-2019-6646 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K53990093 ∗∗∗ F5 Container Ingress Service vulnerability CVE-2019-6648 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K74327432 ∗∗∗ iRulesLX debug NodeJS vulnerability CVE-2019-6644 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K75532331 ∗∗∗ BIG-IP mcpd vulnerability CVE-2019-6647 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K87920510 ∗∗∗ The BIG-IP DNS Configuration utility may erroneously display the TSIG key secret in plain text form ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K03332436 ∗∗∗ BIG-IP SSL connection security exposure ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41515225 ∗∗∗ BIG-IP FTP profile vulnerability CVE-2019-6645 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15759349 ∗∗∗ F5 Container Ingress Services vulnerability CVE-2019-6648 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K74327432 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.08.2019
by Daily end-of-shift report 08 Aug '19

08 Aug '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-08-2019 18:00 − Donnerstag 08-08-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ The Fully Remote Attack Surface of the iPhone ∗∗∗ --------------------------------------------- While there have been several rumours and reports of fully remote vulnerabilities affecting the iPhone being used by attackers in the last couple of years, limited information is available about the technical details of these vulnerabilities, as well as the underlying attack surface they occur in. I investigated the remote, interaction-less attack surface of the iPhone, and found several serious vulnerabilities. --------------------------------------------- https://googleprojectzero.blogspot.com/2019/08/the-fully-remote-attack-surf… ∗∗∗ [Guest Diary] The good, the bad and the non-functional, or "how not to do an attack campaign", (Thu, Aug 8th) ∗∗∗ --------------------------------------------- https://isc.sans.edu/diary/rss/25218 ∗∗∗ Magento Skimmers: From Atob to Alibaba ∗∗∗ --------------------------------------------- Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this: It uses the JavaScript atob function to decode base64-encoded domain names and URL patterns. In the sample above, it’s hxxps://livegetpay[.]com/pay.js?v=2.2.9 and “onepage”, respectively. The campaign used a variety of different domain names and targeted all sorts of payment processing systems, which is well described in the Group IB’s report. --------------------------------------------- https://blog.sucuri.net/2019/08/magento-skimmers-from-atob-to-alibaba.html ∗∗∗ Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V ∗∗∗ --------------------------------------------- Remember the Reverse RDP Attack? Earlier this year, researchers disclosed clipboard hijacking and path-traversal issues in Microsofts Windows built-in RDP client that could allow a malicious RDP server to compromise a client computer, reversely. --------------------------------------------- https://thehackernews.com/2019/08/reverse-rdp-windows-hyper-v.html ∗∗∗ ACSC Releases Advisory on Password Spraying Attacks ∗∗∗ --------------------------------------------- Original release date: August 8, 2019The Australian Cyber Security Centre (ACSC) has released an advisory on password spraying attacks. Password spraying is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts. The ACSC provides recommendations for organizations to detect and --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/08/08/acsc-releases-advi… ∗∗∗ Erpressungsversuche mit Masturbations-Video! ∗∗∗ --------------------------------------------- Die Wahrscheinlichkeit betrügerische Erpressungs-E-Mails im eigenen Posteingang zu finden, ist momentan äußerst hoch. Kriminelle behaupten, die Systeme ihrer Opfer mit Schadsoftware infiziert, Zugriff auf Webcam und Kontakte erhalten zu haben und nun in Besitz eines Masturbations-Videos zu sein. Betroffene dürfen nichts bezahlen. Die Nachrichten von „Anonymer Hacker“ sind erfunden! --------------------------------------------- https://www.watchlist-internet.at/news/erpressungsversuche-mit-masturbation… ===================== = Vulnerabilities = ===================== ∗∗∗ Fortinet FortiRecorder 2.7.3 Hardcoded Password ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2019080028 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (exim, python-django, python2-django, and sdl2), Debian (proftpd-dfsg), Fedora (php and sqlite), openSUSE (proftpd), Red Hat (kernel), Slackware (kdelibs), SUSE (nodejs10, squid, and tcpdump), and Ubuntu (php5 and ruby-rack). --------------------------------------------- https://lwn.net/Articles/795725/ ∗∗∗ Synology-SA-19:32 SWAPGS Spectre Side-Channel Attack ∗∗∗ --------------------------------------------- The vulnerability allows local users to obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM) running on an Intel CPU or even if in Virtual Machine Manager. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_32 ∗∗∗ Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings Server Open Redirection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SPA112 2-Port Phone Adapter Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Packet Filtering Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Cross-site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Arbitrary File Read Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Password Recovery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Threat Defense Software File Policy Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Header Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.08.2019
by Daily end-of-shift report 07 Aug '19

07 Aug '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-08-2019 18:00 − Mittwoch 07-08-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Smominru Cryptominer Scrapes Credentials for Half-Million Machines ∗∗∗ --------------------------------------------- The adversaries have retooled with EternalBlue and credential theft to add a new "access mining" revenue stream. --------------------------------------------- https://threatpost.com/smominru-cryptominer-scrapes-credentials-half-millio… ∗∗∗ Autoloaded Server-Side Swiper ∗∗∗ --------------------------------------------- Front-end JavaScript-based credit card stealing malware has garnered a lot of attention within the security community. This makes sense, since the “swipers” can be easily detected by simply scanning the web pages of e-commerce sites. However, this isn’t the only way to steal payment details and sensitive user information from compromised sites. Server-side swipers are almost as prevalent as client-side ones, and [...] --------------------------------------------- https://blog.sucuri.net/2019/08/autoloaded-server-side-swiper.html ∗∗∗ Vorsicht bei zu günstigen Angeboten auf Amazon ∗∗∗ --------------------------------------------- Vermehrt erreichen uns Meldungen von Konsument/innen, die auf unseriöse Amazon Marketplace Shops gestoßen sind. Die extrem günstigen Angebote locken zu einem schnellen Kauf. Im späteren Nachrichtenverlauf werden die Opfer über „Fehler 2045“ informiert und aufgefordert, das Geld auf externe Konten zu überweisen. Wer dies tut, verliert den Betrag und erhält keine Waren! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-zu-guenstigen-angeboten… ===================== = Vulnerabilities = ===================== ∗∗∗ SWAPGSAttack: Seitenkanal-Schwachstelle trifft wieder nur Intel ∗∗∗ --------------------------------------------- Mit der Spectre-ähnlichen SWAPGSAttack kann auf eigentlich geschützte Speicherbereiche zugegriffen werden, indem die spekulative Ausführung des Befehls ausgenutzt wird. Betroffen sind alle Intel-CPUs seit Ivy Bridge von 2012, von Microsoft gibt es bereits Patches für Windows 10. --------------------------------------------- https://www.golem.de/news/swapgsattack-seitenkanal-schwachstelle-trifft-wie… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (hostapd), openSUSE (aubio and spamassassin), Oracle (kernel), Red Hat (augeas, kernel-rt, libssh2, perl, procps-ng, redis:5, and systemd), SUSE (bzip2, evince, kernel, linux-azure, nodejs4, nodejs8, osc, python, python-Twisted, and python3), and Ubuntu (BWA and Mercurial). --------------------------------------------- https://lwn.net/Articles/795626/ ∗∗∗ Security Advisory - Double Free Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190807-… ∗∗∗ Security Advisory - Information Leak Vulnerability on Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190807-… ∗∗∗ HPESBST03938 rev.1 - Command View Advanced Edition (CVAE) Products, Local and Remote Access Restriction Bypass ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.08.2019
by Daily end-of-shift report 06 Aug '19

06 Aug '19

===================== = End-of-Day report = ===================== Timeframe: Montag 05-08-2019 18:00 − Dienstag 06-08-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Mass Spoofing Campaign Takes Aim at Walmart ∗∗∗ --------------------------------------------- The sites are targeting job-seekers, movie aficionados and shoppers in hopes of harvesting their personal information. --------------------------------------------- https://threatpost.com/mass-spoofing-campaign-walmart/146994/ ∗∗∗ LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks ∗∗∗ --------------------------------------------- First advertised as an information stealer and keylogger when it first appeared in underground forums, LokiBot has added various capabilities over the years. Recent activity has seen the malware family abusing Windows Installer for its installation and introducing a new delivery method that involves spam mails containing malicious ISO file attachments. Our analysis of a new LokiBot variant shows that it has improved its capabilities [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/_k1Sozs3GX4/ ∗∗∗ Malicious Plugin Used to Encrypt WordPress Posts ∗∗∗ --------------------------------------------- During a recent cleanup, we found an interesting malicious WordPress plugin, "WP Security", that was being used to encrypt blog post content. The website owner complained of a newly installed and activated plugin on their website that was rendering their original content unreadable. --------------------------------------------- https://blog.sucuri.net/2019/08/malicious-plugin-used-to-encrypt-wordpress-… ∗∗∗ Code-Signed malware: Whats all the buzz about? Looking at the "Ryuk" ransomware as an example. ∗∗∗ --------------------------------------------- Certificates are an established method for verifying the legitimacy of an application. If malicious actors succeed in undermining a certificate authority (CA) by either stealing a valid certificate or compromising the CA, the entire model unravels. We have taken a look at a case where this has happened. --------------------------------------------- https://www.gdatasoftware.com/blog/2019/08/35046-whats-all-the-buzz-about-l… ∗∗∗ Erstmals gezielte Spionage-Angriffe über "intelligente Dinge" dokumentiert ∗∗∗ --------------------------------------------- Die Hacker, die in den Bundestag einbrachen, haben eine neue Angriffstechnik im Repertoire: Sie steigen über Drucker oder VoIP-Phones in Firmennetze ein. --------------------------------------------- https://heise.de/-4489325 ∗∗∗ Hinter dem Shop sportfroger.com steckt Betrug ∗∗∗ --------------------------------------------- sportfroger.com bietet ein breites Sortiment an Sportgeräten. Ob Ergometer, Hantelsets oder Laufband – hier finden Konsument/innen was sie suchen. Nach einer Zahlung per Vorkasse folgt der Schock, denn die bestellte Ware wird nie geliefert und das Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/hinter-dem-shop-sportfrogercom-steck… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Google sichert Android gegen "QualPwn" und andere kritische Lücken ab ∗∗∗ --------------------------------------------- Auch diesen Monat weist Google auf beseitigte Android-Lücken hin. Mit dabei: eine Exploit-Chain aus teils kritischen Qualcomm-Lücken namens QualPwn. --------------------------------------------- https://heise.de/-4489232 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium), Debian (glib2.0 and python-django), Fedora (gvfs, kernel, kernel-headers, kernel-tools, and subversion), Oracle (icedtea-web, nss and nspr, and ruby:2.5), Red Hat (advancecomp, bind, binutils, blktrace, compat-libtiff3, curl, dhcp, elfutils, exempi, exiv2, fence-agents, freerdp and vinagre, ghostscript, glibc, gvfs, http-parser, httpd, kde-workspace, keepalived, kernel, kernel-rt, keycloak-httpd-client-install, libarchive, libcgroup, [...] --------------------------------------------- https://lwn.net/Articles/795506/ ∗∗∗ Cisco Small Business 220 Series Smart Switches Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily