Daily

daily@lists.cert.at

1 participants
3210 discussions

Tageszusammenfassung - 23.01.2019
by Daily end-of-shift report 23 Jan '19

23 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 22-01-2019 18:00 − Mittwoch 23-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft’s Cyber Defense Operations Center shares best practices ∗∗∗ --------------------------------------------- You can download the Cyber Defense Operations Center strategy brief to gain more insight into how we work to protect, detect, and respond to cybersecurity threats. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2019/01/23/cdoc-best-practices/ ∗∗∗ Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com ∗∗∗ --------------------------------------------- Two of the most disruptive and widely-received spam email campaigns over the past few months -- including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year -- were made possible thanks to an authentication weakness at GoDaddy.com, the worlds largest domain name registrar, KrebsOnSecurity has learned. Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains tied to GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world’s most trusted corporate names and brands. --------------------------------------------- https://krebsonsecurity.com/2019/01/bomb-threat-sextortion-spammers-abused-… ∗∗∗ Gefälschte Geschäftsführungs-mail zu Kontostand ∗∗∗ --------------------------------------------- Unternehmen aufgepasst: Momentan erreichen uns zahlreiche Meldungen zu Betrugs-E-Mails, in welchen Kriminelle sich als Geschäftsführer/in des jeweiligen Unternehmens ausgeben. Gefragt wird nach dem aktuellen Kontostand. Ist genug Geld am Konto, soll eine Auslandsüberweisung initiiert werden. Das Geld darf nicht überwiesen werden, denn es wäre verloren. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-geschaeftsfuehrungs-mail… ∗∗∗ Rechtliche Folgen für Phishing-Opfer ∗∗∗ --------------------------------------------- Konsument/innen, die auf eine Banken-Phishingmail hereinfallen, übermitteln Kriminelle Daten, die diesen einen Zugriff auf ihr OnlineBanking-Konto ermöglichen. Teilen Kund/innen den Betrüger/innen telefonisch den TAN-Code zur Freigabe einer Überweisung mit, bleiben sie auf ihrem Schaden sitzen. Sie halten keine allgemein bekannten Sicherheitsvorkehrungen ein. --------------------------------------------- https://www.watchlist-internet.at/news/rechtliche-folgen-fuer-phishing-opfe… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-19-121: (0day) Microsoft Windows contact File Insufficient UI Warning Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of CONTACT files. Crafted data in a CONTACT file can cause Windows to display a dangerous hyperlink. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of the current user. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-121/ ∗∗∗ No-Name-Hausautomation: Lücke erlaubt leichten Firmware-Upload ∗∗∗ --------------------------------------------- Viele Geräte für die Hausautomation stammen von der Firma Tuya und haben Sicherheitslücken, die einfache Modifikation zulassen – zum Guten oder zum Schlechten. --------------------------------------------- https://heise.de/-4284783 ∗∗∗ Kritische Sicherheitslücke in Debians Update-Tools ∗∗∗ --------------------------------------------- Debian-basierte Linux-Systeme weisen eine Sicherheitslücke auf, über die Angreifer das System während des Einspielens von Sicherheits-Updates kapern könnten. --------------------------------------------- http://heise.de/-4285012 ∗∗∗ iOS 12.1.3 & Co: Apple stopft gravierende Schwachstellen auf iPhone und Mac ∗∗∗ --------------------------------------------- Mit Updates für alle Betriebssysteme räumt der Konzern Sicherheitslücken aus. Ein Bug erlaubt das Schadcode-Einschleusen per FaceTime-Anruf. --------------------------------------------- http://heise.de/-4285106 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libjpeg-turbo and systemd), Fedora (matrix-synapse, mingw-libjpeg-turbo, and mingw-libvorbis), Mageia (libcaca, libmp4v2, libxml2, pdns-recursor, perl-Email-Address, php-pear-HTML_QuickForm, podofo, and wavpack), openSUSE (webkit2gtk3), Red Hat (qemu-kvm-rhev), Scientific Linux (perl), Slackware (httpd), and Ubuntu (ntp). --------------------------------------------- https://lwn.net/Articles/777385/ ∗∗∗ OpenBMC caught with 'pantsdown' over new security flaw ∗∗∗ --------------------------------------------- A severe vulnerability has been found which impacts multiple Baseboard Management Controller (BMC) firmware stacks and hardware. The bug, CVE-2019-6260, has been nicknamed "pantsdown" ... --------------------------------------------- https://www.zdnet.com/article/bmc-caught-with-pantsdown-over-new-batch-of-s… ∗∗∗ Dräger Infinity Delta ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01 ∗∗∗ Johnson Controls Facility Explorer ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01 ∗∗∗ Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Connected Mobile Experiences Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco AMP Threat Grid API Key Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings Server Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by a vulnerability (CVE-2018-1959) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Server Automation is affected by the following vulnerabilities exposures (CVE-2018-8039, CVE-2018-1683, CVE-2018-1755) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-server-automation-is-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Integration Designer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ PHOENIX CONTACT Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-001 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.01.2019
by Daily end-of-shift report 22 Jan '19

22 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 21-01-2019 18:00 − Dienstag 22-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Remote Code Execution Bug Patched in APT Linux Package Manager ∗∗∗ --------------------------------------------- A remote code execution bug was discovered by security contractor Max Justicz in the APT high level package manager used by Debian, Ubuntu, and other related Linux distributions. The bug has been fixed today in the latest versions of APT. --------------------------------------------- https://www.bleepingcomputer.com/news/security/remote-code-execution-bug-pa… ∗∗∗ Sicherheitsupdates: Adobe Experience Manager könnte Daten leaken ∗∗∗ --------------------------------------------- Adobe hat wichtige Patches für Experience Manager und Experience Manager Forms veröffentlicht. Keine Sicherheitslücke gilt als kritisch. --------------------------------------------- http://heise.de/-4284723 ∗∗∗ Gefälschte Apple Pay E-Mails im Umlauf ∗∗∗ --------------------------------------------- Internetnutzer/innen erhalten Rechnungen von Apple Pay. Darin werden Käufe aufgelistet, die nie stattgefunden haben. Um ein Problem zu melden, sollen Betroffene einem Link folgen, der auf eine gefälschte Support-Seite führt. Konsument/innen dürfen hier keine Daten angeben! Kriminelle versuchen fremde Apple-IDs zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-apple-pay-e-mails-im-uml… ∗∗∗ Kein Geld von Spar Kredit ∗∗∗ --------------------------------------------- Konsument/innen, die auf sparkredit.net einen Kredit beantragen, müssen dem Unternehmen persönliche Daten nennen und einen Meldezettel samt Personalausweis übermitteln. Sie erfahren, dass sie Vorschusszahlungen an Spar Kredit leisten müssen, bevor es zu einer Kreditauszahlung kommt. In Wahrheit erhalten Konsument/innen kein Geld und werden Opfer eines Identitätsdiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/kein-geld-von-spar-kredit/ ∗∗∗ DNS Flag Day am 01.02.2019 ∗∗∗ --------------------------------------------- Am Freitag, 01.02.2019 ist DNS Flag Day. Aber um welche "Flag" geht es hier? Ab diesem Tag wird eine Reihe großer DNS-Anbieter, darunter Google und Cloudflare, und alle großen Anbieter von opensource rekursiver DNS Software, darunter BIND und unbound, aufhören Workarounds einzusetzen, um mit Domains kommunizieren zu können, die den EDNS0 Standard (RFC 6891) nicht erfüllen. --------------------------------------------- http://www.cert.at/services/blog/20190122154001-2371.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apt and aria2), Fedora (kernel-headers, kernel-tools, and openssh), openSUSE (webkit2gtk3), Oracle (perl), Red Hat (perl), SUSE (freerdp, python-urllib3, systemd, and wireshark), and Ubuntu (apt, poppler, and tiff). --------------------------------------------- https://lwn.net/Articles/777315/ ∗∗∗ TYPO3 9.5.4 and 8.7.23 security releases published ∗∗∗ --------------------------------------------- https://typo3.org/article/typo3-954-and-8723-security-releases-published/ ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-is-a… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM MessageSight is affected by an IBM WebSphere Liberty expression language vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-ibm… ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager uses Less Secure Algorithms ( CVE-2018-1751) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-life… ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-0732, CVE-2018-0737, CVE-2018-14618, CVE-2018-1000301) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-5-x… ∗∗∗ TYPO3-PSA-2019-001: Possible Arbitrary Code Execution in CommandUtility API ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-001/ ∗∗∗ TYPO3-PSA-2019-002: Username and Email Address Enumeration ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-002/ ∗∗∗ TYPO3-PSA-2019-003: Cross-Site Scripting in Flash component (ELTS) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-003/ ∗∗∗ TYPO3-EXT-SA-2019-004: Object Injection in extension "mkmailer" (mkmailer) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2019-004/ ∗∗∗ TYPO3-EXT-SA-2019-003: Multiple vulnerabilities in extension "femanager" (femanager) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2019-003/ ∗∗∗ TYPO3-EXT-SA-2019-002: Multiple vulnerabilities in extension "typo3_forum" (typo3_forum) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2019-002/ ∗∗∗ Linux kernel vulnerability CVE-2018-18710 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11165942 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.01.2019
by Daily end-of-shift report 21 Jan '19

21 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 18-01-2019 18:00 − Montag 21-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Beware the man in the cloud: How to protect against a new breed of cyberattack ∗∗∗ --------------------------------------------- One malicious tactic that has become quite prevalent in recent years is known as a ‘man in the cloud’ (MitC) attack. This attack aims to access victims’ accounts without the need to obtain compromised user credentials beforehand. Below, this article explains the anatomy of MitC attacks and offers practical advice about what can be done to defend against them. What is MitC attack? --------------------------------------------- https://www.helpnetsecurity.com/2019/01/21/mitc-attack/ ∗∗∗ Warnung vor angeblichen Microsoft-Anrufen ∗∗∗ --------------------------------------------- Vermehrt gehen Meldungen zu Anrufen angeblicher Microsoft-Mitarbeiter/innen bei der Watchlist Internet ein. Die Betrüger/innen behaupten, Probleme am Computer der Betroffenen gefunden zu haben. Die angebotene Hilfe entpuppt sich schlussendlich als Datendiebstahl! Wer einen derartigen Anruf erhält, darf den Anweisungen nicht folgen und sollte umgehend auflegen. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-angeblichen-microsoft-an… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open ∗∗∗ --------------------------------------------- A default configuration allows full admin access to unauthenticated attackers. --------------------------------------------- https://threatpost.com/critical-unpatched-cisco-flaw/141010/ ∗∗∗ Xen Security Advisory 289 v2 - Spectre V1 gadgets exploitable with L1TF ∗∗∗ --------------------------------------------- A number of specific exploitable gadgets have been identified. There are no new vulnerabilities. There is only new information about existing vulnerabilities: specifically, confirmation that existing, previously disclosed, vulnerabilities, can be exploited in specific ways. ... As discussed in XSA-273, disabling SMT / hyperthreading will avoid the L1TF vulnerability. It will therefore prevent the use of the exploitable code patterns discussed in this advisory. --------------------------------------------- https://lists.xenproject.org/archives/html/xen-announce/2019-01/msg00006.ht… ∗∗∗ [Pdns-announce] PowerDNS Recursor 4.1.9 Released ∗∗∗ --------------------------------------------- This release fixes the following security issues: - PowerDNS Security Advisory 2019-01 (CVE-2019-3806): Lua hooks are not called over TCP - PowerDNS Security Advisory 2019-02 (CVE-2019-3807): DNSSEC validation is not performed for AA=0 responses --------------------------------------------- https://mailman.powerdns.com/pipermail/pdns-announce/2019-January/001101.ht… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (gitolite3, gvfs, php, radare2, and syslog-ng), Mageia (libssh, php, python-django16, and rdesktop), openSUSE (podofo), and SUSE (libraw, openssh, PackageKit, and wireshark). --------------------------------------------- https://lwn.net/Articles/777250/ ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services: Information Leakage in configuration listing (CVE-2018-1670) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.01.2019
by Daily end-of-shift report 18 Jan '19

18 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 17-01-2019 18:00 − Freitag 18-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows Zero-Day Bug that Overwrites Files Gets Interim Fix ∗∗∗ --------------------------------------------- A micropatch has been released today for a vulnerability in Windows that allows overwriting files, even system one, with arbitrary data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-zero-day-bug-that-ov… ∗∗∗ Hosting malicious sites on legitimate servers: How do threat actors get away with it? ∗∗∗ --------------------------------------------- Is money all hosting providers care about when it comes to allowing malicious sites on their servers? Or is there more at play? We embark on an investigation to discover their motives. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/malware/2019/01/hosting-malicious-… ∗∗∗ Datendiebstahl bei Umfragen auf gremski.org ∗∗∗ --------------------------------------------- Gremski.org gibt an, ein Marktforschungsinstitut zu sein, auf dem Konsument/innen bis zu 100 Euro pro abgeschlossener Umfrage verdienen können. Bei der Anmeldung müssen Interessent/innen auch ihre Ausweisdokumente wie Personalausweis oder Pass hochladen. Im Rahmen der ersten vermeintlichen Umfrage sollen sie plötzlich ein Konto bei der N26 Bank eröffnen. Achtung: es handelt sich um Identitätsdiebstahl! --------------------------------------------- https://www.watchlist-internet.at/news/datendiebstahl-bei-umfragen-auf-grem… ∗∗∗ This malware spreading tool is back with some new tricks ∗∗∗ --------------------------------------------- The Fallout exploit kit is back delivering GandCrab ransomware after a brief hiatus. --------------------------------------------- https://www.zdnet.com/article/this-malware-spreading-tool-is-back-with-some… ===================== = Vulnerabilities = ===================== ∗∗∗ Omron CX-Supervisor ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for code injection, command injection, use after free, and type confusion vulnerabilities in Omrons CX-Supervisor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01 ∗∗∗ ABB CP400 Panel Builder TextEditor 2.0 ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper input validation vulnerability in ABBs CP400 Panel Builder TextEditor 2.0. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-017-02 ∗∗∗ ControlByWeb X-320M ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for improper authentication and cross-site scripting vulnerabilities in the ControlByWeb X-320M, a web-enabled weather station. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-017-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7), Fedora (electrum and perl-Email-Address), Mageia (gthumb), openSUSE (gitolite, kernel, krb5, libunwind, LibVNCServer, live555, mutt, wget, and zeromq), SUSE (krb5, mariadb, nodejs4, nodejs8, soundtouch, and zeromq), and Ubuntu (irssi). --------------------------------------------- https://lwn.net/Articles/777134/ ∗∗∗ Security Advisory - Two Vulnerabilities in Huawei PCManager Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-… ∗∗∗ IBM Security Bulletin: APIC is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apic-is-affected-by-a… ∗∗∗ IBM Security Bulletin: PowerVC is affected by an Openstack Keystone vulnerability that could allow a remote authenticated attacker to discover restricted projects (CVE-2018-14432) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-powervc-is-affected-b… ∗∗∗ January 2019 OpenSSH security vulnerabilities ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31781390 ∗∗∗ OTRS: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0062 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.01.2019
by Daily end-of-shift report 17 Jan '19

17 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 16-01-2019 18:00 − Donnerstag 17-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Over 140 International Airlines Affected by Major Security Breach ∗∗∗ --------------------------------------------- Potential attackers could view and change private information in flight bookings made by millions of customers of major international airlines because of a security issue in the Amadeus online booking system --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-140-international-airli… ∗∗∗ Forest for the trees: an IoT security standards gap analysis ∗∗∗ --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/forest-for-the-trees-an-iot-sec… ∗∗∗ Passwort-Sammlung mit 773 Millionen Online-Konten im Netz aufgetaucht ∗∗∗ --------------------------------------------- Eine riesige Sammlung mit Zugangsdaten zu Online-Diensten zirkuliert in Untergrund-Foren. Die Passwörter von Millionen Nutzern sind betroffen. --------------------------------------------- https://heise.de/-4279375 ∗∗∗ New Year’s resolutions: Routing done right ∗∗∗ --------------------------------------------- As another thing to improve this year, you may want to route your focus on a device that is the nerve center of your network and, if poorly secured, the epicenter of much potential trouble [...] --------------------------------------------- https://www.welivesecurity.com/2019/01/17/new-years-resolutions-routing-don… ∗∗∗ thermenservice-24.at ist unseriös ∗∗∗ --------------------------------------------- Bei thermenservice-24.at handelt es sich um einen Installateur, der 24 Stunden erreichbar ist. Die sogenannten „Thermenprofis“, sind bei jeder Tages- und Nachtzeit verfügbar, schnell vor Ort und locken mit günstigen Preisen. Es handelt sich jedoch um einen unseriösen Anbieter, der das Problem nicht behebt und nicht erfolgte Leistung überteuert verrechnet! --------------------------------------------- https://www.watchlist-internet.at/news/thermenservice-24at-ist-unserioes/ ∗∗∗ Betrügerischer Apple-Shop ios-world.de! ∗∗∗ --------------------------------------------- Auf ios-world.de werden Apple-Produkte wie iPhones, Apple Watch, MacBooks und iMacs angeboten. Die Preise liegen weit unter Marktwert und laden zu einem schnellen Kauf ein. Doch Vorsicht: Konsument/innen dürfen hier nichts kaufen! Es handelt sich um einen Fake-Shop, bei dem Sie per Vorkasse zahlen und keine Ware erhalten. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerischer-apple-shop-ios-world… ∗∗∗ Malware Used by "Rocke" Group Evolves to Evade Detection by Cloud Security Products ∗∗∗ --------------------------------------------- Palo Alto Networks Unit 42 recently captured and investigated new samples of the Linux coin mining malware used by the Rocke group. The family was suspected to be developed by the Iron cybercrime group and it’s also associated with the Xbash malware we reported on in September of 2018. The threat actor Rocke was originallyThe post Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal Releases Security Updates ∗∗∗ --------------------------------------------- Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. A remote attacker could exploit these vulnerabilities to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/01/16/Drupal-Releases-Se… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libvncserver), Debian (sssd), Fedora (kernel and kernel-headers), Red Hat (ansible, openvswitch, pyOpenSSL, python-django, and redis), and Ubuntu (policykit-1). --------------------------------------------- https://lwn.net/Articles/777010/ ∗∗∗ IBM Security Bulletin: Publicly disclosed vulnerability in Oracle Outside In Technology used by IBM FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vu… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by Apache Tomcat vulnerability CVE-2018-8034 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… ∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager affected by Apache HttpClient security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-filenet-content-m… ∗∗∗ IBM Security Bulletin: B2B Advanced Communications is Affected by Multiple Vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-b2b-advanced-communic… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.01.2019
by Daily end-of-shift report 16 Jan '19

16 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 15-01-2019 18:00 − Mittwoch 16-01-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fortnite Hacked Via Insecure Single Sign-On ∗∗∗ --------------------------------------------- Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts. --------------------------------------------- https://threatpost.com/fortnite-hacked-via-insecure-single-sign-on/140913/ ∗∗∗ OWASP Top 10 Security Risks – Part V ∗∗∗ --------------------------------------------- To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. --------------------------------------------- https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html ∗∗∗ Critical Patch Update: Oracle startet das Jahr mit 284 Sicherheitsupdates ∗∗∗ --------------------------------------------- In seinem Quartalsupdate veröffentlicht Oracle quer durch sein Software-Portfolio abgesicherte Versionen. Viele Lücken gelten als kritisch. --------------------------------------------- http://heise.de/-4277705 ∗∗∗ IDenticard PremiSys: Gebäude-Überwachungssystem mit eingebauten Hintertüren ∗∗∗ --------------------------------------------- Zero-Day-Lücken in einer verbreiteten Software für Gebäude-Sicherheit erlauben es Einbrechern, sich eigene Zugangskarten auszustellen. --------------------------------------------- http://heise.de/-4277935 ∗∗∗ Warnung vor Maxi Size Gel ∗∗∗ --------------------------------------------- Im Internet findet sich Werbung für das Penisvergrößerungsmittel Maxi Size Gel. Interessenten können es auf the-maxisizeelb.com bestellen. Von einer Bestellung des Maxi Size Gels raten wir ab, denn es ist fraglich, welche Wirkung das Mittel hat und unklar, wie die unbekannten Vertreiber/innen mit den persönlichen Daten ihrer Kunden umgehen. Beides birgt ein hohes Risko --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-maxi-size-gel/ ∗∗∗ iPhones nicht auf iPhoneIMEI.net entsperren! ∗∗∗ --------------------------------------------- iphoneimei.net verspricht, iPhones aller Generationen freischalten zu können und somit für alle Netze zu öffnen. Verlangt werden dafür 28 US-Dollar. iPhoneuser, die Dienste von iphoneimei.net in Anspruch nehmen wollen, werden enttäuscht, denn statt freigeschalteter iPhones erhalten sie weitere Zahlungsaufforderungen. Die versprochene Leistung erfolgt nie. --------------------------------------------- https://www.watchlist-internet.at/news/iphones-nicht-auf-iphoneimeinet-ents… ∗∗∗ Advertising network compromised to deliver credit card stealing code ∗∗∗ --------------------------------------------- Hundreds of online stores confirmed to be impacted, thousands of more under investigation. --------------------------------------------- https://www.zdnet.com/article/advertising-network-compromised-to-deliver-cr… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (systemd and wireshark), Fedora (openssh, php-horde-Horde-Form, and unrtf), Mageia (aria2, libvncserver, x11vnc, and nss), Oracle (kernel and libvncserver), Scientific Linux (libvncserver), SUSE (kernel, soundtouch, webkit2gtk3, and wget), and Ubuntu (libcaca and policykit-1). --------------------------------------------- https://lwn.net/Articles/776894/ ∗∗∗ Synology-SA-19:05 Moments ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to upload arbitrary files via a susceptible version of Moments. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_05 ∗∗∗ Security Advisory - Race Condition Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190116-… ∗∗∗ Microsoft Skype for Business: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0059 ∗∗∗ Microsoft Team Foundation Server: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0055 ∗∗∗ SCP in mehreren Produkten: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0058 ∗∗∗ IBM Security Bulletin: WAS traditional and liberty vulnerable to CVE-2014-7810 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-was-traditional-and-l… ∗∗∗ IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by Eclipse Jetty vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-netcool-agile-ser… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.01.2019
by Daily end-of-shift report 15 Jan '19

15 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 14-01-2019 18:00 − Dienstag 15-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Schwer ausnutzbar: Die ungefixten Sicherheitslücken ∗∗∗ --------------------------------------------- Sicherheitslücken wie Spectre, Rowhammer und Heist lassen sich kaum vollständig beheben, ohne gravierende Performance-Einbußen zu akzeptieren. Daher bleiben sie ungefixt. Trotzdem werden sie bisher kaum ausgenutzt. --------------------------------------------- https://www.golem.de/news/schwer-ausnutzbar-die-ungefixten-sicherheitslueck… ∗∗∗ Sicherheitslücken: Bauarbeitern die Maschinen weghacken ∗∗∗ --------------------------------------------- Bergbaumaschinen, Kräne und andere Industriegeräte lassen sich fernsteuern oder durch einen DoS-Angriff unbenutzbar machen. Das ist laut einer Studie nicht nur gefährlich, sondern auch vergleichsweise einfach. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-bauarbeitern-die-maschinen-weg… ∗∗∗ Erpressungs-Mail von ‚Anonymer Hacker‘ ignorieren ∗∗∗ --------------------------------------------- Konsument/innen erhalten E-Mails von Kriminellen, die sich als „Anonymer Hacker“ ausgeben. Man erpresst Empfänger/innen damit, dass intimes Videomaterial veröffentlicht wird, wenn keine Bitcoins im Wert von 2000 Euro überwiesen werden. Wer die Nachricht empfangen hat, darf nichts bezahlen und kann sie getrost ignorieren, denn ein Masturbationsvideo existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/erpressungs-mail-von-anonymer-hacker… ∗∗∗ Kein Geld an Credit Management Europe zahlen ∗∗∗ --------------------------------------------- Credit Management Europe versendet eine Zahlungsaufforderung in Höhe von 292,13 Euro an Unternehmen. Darin heißt es, dass Empfänger/innen eine offene Rechnung bei Internet Domain Services Austria (IDSA) haben. Bezahlen Empfänger/innen diese nicht, kommt es zur Einleitung rechtlicher Schritte. Unternehmen können die Androhung ignorieren und müssen keine Zahlung leisten, denn das Schreiben ist betrügerisch. --------------------------------------------- https://www.watchlist-internet.at/news/kein-geld-an-credit-management-europ… ∗∗∗ Gefälschte DHL Express-Mail enthält Schadsoftware ∗∗∗ --------------------------------------------- Internetnutzer/innen erhalten gefälschte Nachrichten vom DHL-Kundendienst. Darin werden sie über einen angeblichen Lieferversuch benachrichtigt und aufgefordert einen Dateianhang zu öffnen. Achtung: Der Inhalt ist frei erfunden und der Anhang darf nicht geöffnet werden. Er enthält Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-dhl-express-mail-enthael… ===================== = Vulnerabilities = ===================== ∗∗∗ OpenSSH & Putty: Sicherheitlücke in SCP ermöglicht Dateiaustausch ∗∗∗ --------------------------------------------- Ein bösartiger Server kann Dateien austauschen, die mittels SCP über SSH heruntergeladen werden - im schlimmsten Fall Schadcode. Die insgesamt fünf Sicherheitslücken klaffen in den aktuellen Versionen von OpenSSH, Putty und WinSCP. --------------------------------------------- https://www.golem.de/news/openssh-putty-sicherheitluecke-in-scp-ermoeglicht… ∗∗∗ [20190104] - Core - Stored XSS issue in the Global Configuration help url ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-i… ∗∗∗ [20190103] - Core - Stored XSS issue in the Global Configuration textfilter settings ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-i… ∗∗∗ [20190102] - Core - Stored XSS in com_contact ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate escaping in com_contact leads to a stored XSS vulnerability Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-i… ∗∗∗ [20190101] - Core - Stored XSS in mod_banners ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate escaping in mod_banners leads to a stored XSS vulnerability. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/760-20190101-core-stored-xss-i… ∗∗∗ Sicherheitsforscher brechen aus Docker-Container aus ∗∗∗ --------------------------------------------- Forschern ist es gelungen, aus einem Container der Docker-Testumgebung "Play with Docker" auf das darunterliegende System zuzugreifen und Code auszuführen. --------------------------------------------- http://heise.de/-4276108 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (irssi and systemd), CentOS (systemd), Debian (xen and zeromq3), Fedora (gnutls, kernel, kernel-headers, kernel-tools, and nbdkit), Oracle (libvncserver and systemd), Red Hat (libvncserver), and Ubuntu (haproxy, libarchive, and php-pear). --------------------------------------------- https://lwn.net/Articles/776771/ ∗∗∗ Synology-SA-19:04 Calendar ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Calendar. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_04 ∗∗∗ Synology-SA-19:03 Surveillance Station ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Surveillance Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_03 ∗∗∗ Synology-SA-19:02 VS960HD ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of VS960HD. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_02 ∗∗∗ Vuln: Identicard Premisys Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106552 ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Asset Analyzer (RAA) is affected by an Apache CXF vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-asset-analyzer-raa-is… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities affect IBM Sterling External Authentication Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.01.2019
by Daily end-of-shift report 14 Jan '19

14 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 11-01-2019 18:00 − Montag 14-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Nicht bestellen auf thaisawadee.de ∗∗∗ --------------------------------------------- Auf thaisawadee.de werden Konsument/innen asiatische Kunst, Schmuck, Spezialitäten und Salben angeboten. Der Shop hat seinen Sitz in Thailand und eine Bezahlung ist nur per Vorkasse möglich. Berichten zufolge bleibt die Lieferung häufig aus und bezahltes Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bestellen-auf-thaisawadeede/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (python-django and python2-django), Debian (sqlite3, systemd, and vlc), Fedora (mingw-nettle and polkit), Mageia (graphicsmagick, python-django, spice-vdagent, and to), openSUSE (aria2, discount, gpg2, GraphicsMagick, gthumb, haproxy, irssi, java-1_7_0-openjdk, java-1_8_0-openjdk, libgit2, LibVNCServer, and sssd), Red Hat (systemd), Scientific Linux (systemd), Slackware (irssi and zsh), SUSE (LibVNCServer and sssd), and Ubuntu (gnome-bluetooth and systemd). --------------------------------------------- https://lwn.net/Articles/776685/ ∗∗∗ VideoLAN VLC Media Player: Schwachstelle ermöglicht Denial of Service und Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VideoLAN VLC Media Player ausnutzen, um einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0042 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM® SPSS Analytic Server is vulnerable to Cross-Site Scripting (CVE-2018-1772) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spss-analytic-ser… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by WAS is susceptible to TLS downgrade if using FIPS and JVM property if using non WAS keystore/truststore ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.01.2019
by Daily end-of-shift report 11 Jan '19

11 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 10-01-2019 18:00 − Freitag 11-01-2019 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Datenleak - mal ganz ohne Hype ∗∗∗ --------------------------------------------- Datenleak - mal ganz ohne Hype11. Jänner 2019Man hätte sich in den letzten Tagen enorm anstrengen müssen, um der Berichterstattung zu dem vor knapp einer Woche in Deutschland bekannt gewordenen Datenleak zu entgehen.Um es trotzdem nochmal kurz zusammenzufassen: Unbekannte Täter veröffentlichten im Laufe des Dezembers Dokumente und persönliche Informationen hunderter deutscher Politiker und anderer Personen des öffentlichen Lebens in Form eines bizarren --------------------------------------------- http://www.cert.at/services/blog/20190111135415-2348.html ∗∗∗ Vivy & Co.: Gesundheitsapps kranken an der Sicherheit ∗∗∗ --------------------------------------------- Mit Sicherheitsversprechen geizen die Hersteller von Gesundheitsapps wahrlich nicht. Doch wie ist es wirklich darum bestellt? (Medizin, Gesundheitskarte) --------------------------------------------- https://www.golem.de/news/vivy-co-gesundheitsapps-kranken-an-der-sicherheit… ∗∗∗ Using Wireshark – Display Filter Expressions ∗∗∗ --------------------------------------------- As a Threat Intelligence Analyst for Palo Alto Networks Unit 42, I often use Wireshark to review packet captures (pcaps) of network traffic generated by malware samples. To better accomplish this work, I use a customized Wireshark column display as described my previous blog about using Wireshark. Today’s post provides more tips for analysts toThe post Using Wireshark – Display Filter Expressions appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressi… ∗∗∗ Windows 10 Experts Guide: Everything you need to know about BitLocker ∗∗∗ --------------------------------------------- Encrypting every bit of data on a Windows 10 PC is a crucial security precaution. Every edition of Windows 10 includes strong encryption options, with business editions having the best set of management tools. Heres a hands-on guide. --------------------------------------------- https://www.zdnet.com/article/windows-10-experts-guide-everything-you-need-… ===================== = Vulnerabilities = ===================== ∗∗∗ Emerson DeltaV ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an authentication bypass vulnerability in Emersons DeltaV distributed control system workstation products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01 ∗∗∗ Omron CX-One CX-Protocol ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a type confusion vulnerability in Omrons CX-Protocol within the CX-One software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-02 ∗∗∗ Pilz PNOZmulti Configurator ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a clear-text storage of sensitive information vulnerability in the Pilz PNOZmulti Configurator, a safety circuit configuration tool. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03 ∗∗∗ Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 ∗∗∗ --------------------------------------------- This advisory was originally posted to the HSIN ICS-CERT library on November 29, 2018, and is now being released to the NCCIC/ICS-CERT website. This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in the Tridium Niagara Enterprise Security, the Niagara AX, and the Niagara 4 products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02 ∗∗∗ USN-3855-1: systemd vulnerabilities ∗∗∗ --------------------------------------------- systemd vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 18.10Ubuntu 18.04 LTSUbuntu 16.04 LTSSummarySeveral security issues were fixed in systemd.Software Descriptionsystemd - system and service managerDetailsIt was discovered that systemd-journald allocated variable-length buffersfor certain message fields on the stack. A local attacker couldpotentially exploit this to cause a denial of service, or executearbitrary code. --------------------------------------------- https://usn.ubuntu.com/3855-1/ ∗∗∗ Sicherheitslücken (teils kritisch) in Juniper ATP, Junos OS und Space OS Software - Patches verfügbar ∗∗∗ --------------------------------------------- Sicherheitslücken (teils kritisch) in Juniper ATP, Junos OS und Space OS Software - Patches verfügbar 11. Jänner 2019 Beschreibung Der Netzwerkausrüster Juniper hat mehrere Security Advisories zu teils kritischen Sicherheitslücken in Juniper Space OS, Junos OS und ATP Software veröffentlicht. Zwei der Schwachstellen in Juniper ATP werden mit dem höchstmöglichen CVSS3 Score von 10 als kritisch eingestuft: CVE-2019-0020, CVE-2019-0022 [...] --------------------------------------------- http://www.cert.at/warnings/all/20190111.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (systemd and wireshark-cli), Debian (libsndfile and tmpreaper), Fedora (beep, electrum, gnutls, haproxy, krb5, mupdf, php-horde-Horde-Image, python-django, and wget), Mageia (libarchive and terminology), openSUSE (libraw, polkit, and singularity), SUSE (haproxy, java-1_8_0-openjdk, LibVNCServer, and webkit2gtk3), and Ubuntu (exiv2, gnupg2, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/776518/ ∗∗∗ ZDI-19-013: (0day) Microsoft Windows vcf File Insufficient UI Warning Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-013/ ∗∗∗ Format String Vulnerability in SSH username ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-018 ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by an IBM WebSphere Application Server vulnerability(CVE-2017-1788) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by multiple vulnerabilities (CVE-2018-1956, CVE-2018-1969, CVE-2018-1967 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1904) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-remote-code… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.01.2019
by Daily end-of-shift report 10 Jan '19

10 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-01-2019 18:00 − Donnerstag 10-01-2019 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ WordPress-Related Vulnerabilities Tripled in 2018 ∗∗∗ --------------------------------------------- WordPress-related vulnerabilities have seen a 300% increase in 2018 compared to the previous year, a recent study has found. Most of the bugs were in the plugins that extend the functionality of WordPress websites. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-related-vulnerabil… ∗∗∗ Global DNS Hijacking Campaign: DNS Record Manipulation at Scale ∗∗∗ --------------------------------------------- Introduction FireEye’s Mandiant Incident Response and Intelligence teams have identified a wave of DNS hijacking that has affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-ca… ∗∗∗ North Korea APT(?) and recent Ryuk Ransomware attacks ∗∗∗ --------------------------------------------- Our Threat Intelligence team has been tracking the Emotet botnet throughout 2018. In our previous post we reported a large scale Emotet campaign focused on e-mail content exfiltration.Today, we review the evidence gathered from our Telltale Threat Intelligence Service, which suggests the involvement of Emotet as the delivery mechanism for the latest wave of Ryuk ransomware attacks being dubbed as North Korean state-sponsored cyber-attacks.The evidence from the dataset completes the missing --------------------------------------------- https://blog.kryptoslogic.com/malware/2019/01/10/dprk-emotet.html ∗∗∗ E-Mail von mir selbst-erklärt ∗∗∗ --------------------------------------------- Sie erhalten vermeintlich von sich selbst eine E-Mail und fragen sich, wie das möglich ist? Die Antwort darauf ist, dass Kriminelle eine E-Mail so verändern können, dass die Absender/innen- mit der Empfänger/innen-Adresse ident ist. Das bedeutet jedoch nicht, dass Unbekannte Zugriff auf Ihr Konto haben und über dieses betrügerische Nachrichten an Sie versenden. --------------------------------------------- https://www.watchlist-internet.at/news/erklaerung-fuer-e-mail-von-mir-selbs… ∗∗∗ Gehälter durch Datenklau bei Wohnungssuche gestohlen! ∗∗∗ --------------------------------------------- Konsument/innen, die auf Mietwohnungssuche sind, stoßen mitunter auf gefälschte Wohnungsinserate. Bei Interesse an einer Immobilie senden sie, wie üblich, ihre Gehaltsabrechnungen der letzten Monate an die angeblichen Vermieter/innen. Kriminelle nutzen die Daten, um die Arbeitgeber/innen der Wohnungssuchenden über einen Kontowechsel zu informieren und Gehälter abzuzweigen! --------------------------------------------- https://www.watchlist-internet.at/news/gehaelter-durch-datenklau-bei-wohnun… ===================== = Vulnerabilities = ===================== ∗∗∗ Phone Field - Critical - SQL Injection - SA-CONTRIB-2019-001 ∗∗∗ --------------------------------------------- Description: This module provides a phone field for Drupal 7 that supports the HTML5 tel:-schema. In an API function that is not used by the module, the name for the phone field is not sufficiently sanitised when using it in database queries. This vulnerability is mitigated by the fact that it affects an unused function. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-001 ∗∗∗ Sicherheitslücken mit Höchstwertung in Juniper ATP ∗∗∗ --------------------------------------------- Angreifer könnten mit vergleichsweise wenig Aufwand die volle Kontrolle über das Schutzprodukt Advanced Threat Prevention (ATP) übernehmen. Darüber hinaus sind verschiedene Versionen des Betriebssystems Junos OS und die Management-Plattform für Netzwerke Junos Space angreifbar. Zwei Lücken (CVE-2019-0022, CVE-2019-0025) sind mit dem höchstmöglichen CVSS 3 Score 10 von 10 eingestuft. --------------------------------------------- http://heise.de/-4271009 ∗∗∗ Multiple Vulnerabilities in Cisco VOIP Phones, e.g. models 88XX ∗∗∗ --------------------------------------------- SEC Consult was able to identify a JavaScript like code injection in the Cisco VoIP Phone 8800 Series via the built-in T9 keyboard. Moreover, multiple outdated libraries and hard coded credentials got identified by conducting a static firmware analysis using the IoT Inspector platform. Patches are already available by Cisco. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/vulnerabilities-in-cisco-voi… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libcaca), Fedora (beep and libgxps), Mageia (krb5, live, ffmpeg, mplayer, and vlc, and mbedtls), SUSE (helm-mirror, java-1_7_0-openjdk, and systemd), and Ubuntu (nss and python-django). --------------------------------------------- https://lwn.net/Articles/776397/ ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily