Daily

daily@lists.cert.at

1 participants
3249 discussions

Tageszusammenfassung - 05.02.2019
by Daily end-of-shift report 05 Feb '19

05 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 04-02-2019 18:00 − Dienstag 05-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Reverse RDP Attack: Code Execution on RDP Clients ∗∗∗ --------------------------------------------- Check Point Research recently discovered multiple critical vulnerabilities in the commonly used Remote Desktop Protocol (RDP) that would allow a malicious actor to reverse the usual direction of communication and infect the IT professional or security research’s computer. --------------------------------------------- https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-cl… ∗∗∗ Crooks Continue to Exploit GoDaddy Hole ∗∗∗ --------------------------------------------- Godaddy.com, the worlds largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddys fix hasnt gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal. --------------------------------------------- https://krebsonsecurity.com/2019/02/crooks-continue-to-exploit-godaddy-hole/ ∗∗∗ Vorsicht bei (zu) günstiger Markenware im Internet! ∗∗∗ --------------------------------------------- Auf der Suche nach dem großen Schnäppchen stoßen Konsument/innen häufig auf betrügerische Online-Shops, die Markenware zu schier unglaublichen Preisen anbieten. Hinter den Websites stecken oftmals Kriminelle, die gefälschte Produkte liefern oder es nur auf die Daten ihrer Opfer abgesehen haben. Hier erhalten Internetuser/innen nützliche Tipps, zum Einkauf im Internet, um Ärgernisse zu vermeiden! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-zu-guenstiger-markenwar… ∗∗∗ Warnung vor Nutresin - Herbapure Ear ∗∗∗ --------------------------------------------- Im Internet bewirbt der Molekularbiologe Prof. Karl Auer seine „makro-molekulare Formel" Nutresin - Herbapure Ear als Wundermittel gegen Hörverlust. Konsument/innen können Nutresin auf der Website yourmarket24.com bestellen. Die medizinische Wirkung der Ohrentropfen ist unklar. Aus diesem Grund ist von einer Bestellung des Mittels Nutresin dringend abzuraten. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-nutresin-herbapure-ear/ ===================== = Vulnerabilities = ===================== ∗∗∗ Kryptographische Schwachstellen in deutscher eGovernment Softwarekomponente ∗∗∗ --------------------------------------------- Die OSCI-Transport Bibliothek ist eine Softwarekomponente, welche von vielen deutschen Behörden eingesetzt wird, um Daten gemäß dem OSCI-Transport Protokoll sicher zu übertragen. Diese Java-Bibliothek war gegen zwei potentielle Angriffe anfällig, welche es einem Angreifer ermöglichten, einige Sicherheitsmaßnahmen zu umgehen. --------------------------------------------- https://www.sec-consult.com/blog/2019/02/kryptographische-schwachstellen-in… ∗∗∗ Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702) ∗∗∗ --------------------------------------------- The Qkr! with MasterPass iOS application (version 5.0.6 and below), does not validate the SSL certificate it receives when connecting to the application login server. --------------------------------------------- https://www.info-sec.ca/advisories/Qkr-MasterCard.html ∗∗∗ Android Security Bulletin - February 2019 ∗∗∗ --------------------------------------------- [...] The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-02-01.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libgd2), Fedora (java-11-openjdk, kernel, and kernel-headers), openSUSE (firefox, mysql-community-server, and pdns-recursor), Oracle (thunderbird), Red Hat (rh-haproxy18-haproxy, systemd, and thunderbird), SUSE (haproxy, spice, and uriparser), and Ubuntu (dovecot, kernel, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2, [...] --------------------------------------------- https://lwn.net/Articles/778507/ ∗∗∗ IBM Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by the use of Local Read Only Cache (LROC) which may result in directory corruption and undetected data corruption in regular files. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-scale-fo… ∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2018-11784, CVE-2018-8034) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-websphere-cast-ir… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by CKEditor (Preview Plugin) vulnerability (CVE-2014-5191) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by Apache POI vulnerability (CVE-2017-12626) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ HPESBHF03904 rev.1 - HPE Service Pack for ProLiant (SPP) Bundled Software, Local Access Restriction Bypass ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03907 rev.1 - HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers, Remote Cross-Site Scripting in HPE iLO 5 Web User Interface ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.02.2019
by Daily end-of-shift report 04 Feb '19

04 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-02-2019 18:00 − Montag 04-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Gute Passwörter erzeugen und sicher verwenden ∗∗∗ --------------------------------------------- Momentan ist das Ändern von Passwörtern wieder in aller Munde. Aber wie erzeugt man gute Passwörter und wie verwahrt man sie sicher? --------------------------------------------- http://heise.de/-4295052 ∗∗∗ Introducing Zombie POODLE and GOLDENDOODLE ∗∗∗ --------------------------------------------- I’m excited to announce that I will be presenting at this year’s Black Hat Asia about my research into detecting and exploiting CBC padding oracles! Zombie POODLE and GOLDENDOODLE are the names I’ve given to the vulnerabilities I’ll be discussing. Similar to ROBOT, DROWN and many other vulnerabilities affecting HTTPS, these issues stem from continued use of cryptographic modes which should have been long ago deprecated and yet are inexplicably still supported in TLSv1.2. In this case, the troublesome feature is that TLSv1.2 supports CBC mode ciphersuites. --------------------------------------------- https://www.tripwire.com/state-of-security/vulnerability-management/zombie-… ∗∗∗ Datendiebe versenden gefälschte upc.at-Mail ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte upc.at-Nachricht. Darin behaupten sie, dass das E-Mailpostfach von Empfänger/innen voll sei. Damit Kund/innen weiterhin Nachrichten empfangen können, sollen sie ihre Zugangsdaten auf einer gefälschten upc.at-Website nennen. Folgen sie der Anweisung, werden sie Opfer eines Datendiebstahls. Kriminelle erlangen Zugriff auf ihr E-Mailkonto und können es für Verbrechen nutzen. --------------------------------------------- https://www.watchlist-internet.at/news/datendiebe-versenden-gefaelschte-upc… ∗∗∗ Security researchers discover new Linux backdoor named SpeakUp ∗∗∗ --------------------------------------------- Named SpeakUp, this malware is currently distributed to Linux servers mainly located in China. The hackers behind this recent wave of attacks are using an exploit for the ThinkPHP framework to infect servers with this new malware strain. --------------------------------------------- https://www.zdnet.com/article/security-researchers-discover-new-linux-backd… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheit: Libreoffice schließt Lücke, Openoffice bleibt verwundbar ∗∗∗ --------------------------------------------- Eine Sicherheitslücke, die die freien Office-Programme Libreoffice und Openoffice betrifft, erlaubt Angreifern das Ausführen von Code mittels einer Skript-Schnittstelle. Von Libreoffice gibt es ein Update, von Openoffice nicht. --------------------------------------------- https://www.golem.de/news/sicherheit-libreoffice-schliesst-luecke-openoffic… ∗∗∗ devolo dLAN 550 duo+ Starter Kit Remote Code Execution ∗∗∗ --------------------------------------------- The devolo firmware has what seems to be a hidden services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the attacker to start services that are deprecated or discontinued and achieve remote arbitrary code execution with root privileges. --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php ∗∗∗ Sicherheitsforscher: Kritische Lücke in macOS erlaubt Auslesen von Passwörtern ∗∗∗ --------------------------------------------- Erneut ist eine schwere Schwachstelle bei dem in macOS integrierten Schlüsselbund bekanntgeworden: Manipulierte Software sei dadurch in der Lage, sämtliche Zugangsdaten des Nutzers aus der lokalen Keychain auszulesen – mitsamt der Passwörter im Klartext, wie der Sicherheitsforscher Linus Henze mitteilte. --------------------------------------------- http://heise.de/-4297437 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind, firefox, GNOME, kernel, systemd, and thunderbird), Debian (debian-security-support, drupal7, libreoffice, libvncserver, phpmyadmin, and rssh), Fedora (binutils and firefox), Mageia (firefox and netatalk), openSUSE (avahi and python-paramiko), Red Hat (Red Hat Gluster Storage Web Administration), Slackware (mariadb), and SUSE (java-11-openjdk, kernel, and python). --------------------------------------------- https://lwn.net/Articles/778407/ ∗∗∗ D-LINK Router DIR-823G: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- Router der Firma D-Link enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Geräte sind hauptsächlich für private Anwender und Kleinunternehmen konzipiert. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in D-LINK Router DIR-823G ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0104 ∗∗∗ Over 485,000 Ubiquiti devices vulnerable to new attack ∗∗∗ --------------------------------------------- Ubiquiti Networks is working on a fix for a newly discovered security issue affecting its devices that attackers have been exploiting since July last year. Attackers are sending small packets of 56 bytes to port 10,001 on Ubiquiti devices, which are reflecting and relaying the packets to a target's IP address amplified to a size of 206 bytes (amplification factor of 3.67). --------------------------------------------- https://www.zdnet.com/article/over-485000-ubiquiti-devices-vulnerable-to-ne… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by a remote code execution vulnerability in Drupal (CVE-2019-6339) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by a vulnerability in Oracle MySQL (CVE-2018-3251) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by access token leak (CVE-2019-4008) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.02.2019
by Daily end-of-shift report 01 Feb '19

01 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 31-01-2019 18:00 − Freitag 01-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sextortion: Follow the Money Part 3 - The cashout begins! ∗∗∗ --------------------------------------------- There hasnt been much to update in the several months since the Sexploitation: Follow the money updates in Diary 1 and Diary 2. For those of you who didnt read those diaries. When the Sextortion email campaign began in July, I asked for ISC reader submissions of the BTC addresses from that campaign so we could attempt to follow the Bitcoins created by the payments from this campaign. --------------------------------------------- https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+ca… ∗∗∗ Pants down: Sicherheitslücke in Server-Fernwartung ∗∗∗ --------------------------------------------- Server und Mainboards mit einigen Fernwartungschips von Aspeed sind angreifbar; auch die offene BMC-Firmware OpenBMC ist betroffen. --------------------------------------------- http://heise.de/-4296144 ∗∗∗ Most Magento shops get compromised via vulnerable extensions ∗∗∗ --------------------------------------------- Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot. "The method is straightforward: attacker uses an extension bug to hack into a Magento store. Once in, they download all of the other installed extensions. The attacker then searches the downloaded code for 0day security issues, such as POI, SQLi and XSS flaws. Once found, the attacker launches a global scan to [...] --------------------------------------------- https://www.helpnetsecurity.com/2019/02/01/magento-vulnerable-extensions/ ∗∗∗ Surviving DNS Flag Day ∗∗∗ --------------------------------------------- DNS Flag Day is here and with it comes new changes that could impact your domain's availability. What do you need to know and how can you quickly identify its impacts on you and your users? Read on for our quick guide to what it's all about and how to avoid disruption to your digital services. --------------------------------------------- https://blog.thousandeyes.com/surviving-dns-flag-day/ ∗∗∗ This smart light bulb could leak your Wi-Fi password ∗∗∗ --------------------------------------------- LIFX smart bulbs contained vulnerabilities which could be exploited with a little ingenuity and the help of a hacksaw. --------------------------------------------- https://www.zdnet.com/article/this-smart-light-bulb-could-leak-your-wi-fi-p… ===================== = Vulnerabilities = ===================== ∗∗∗ IDenticard PremiSys ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for use of hard-coded credentials, use of hard-coded password, and inadequate encryption strength vulnerabilities reported in the IDenticard PremiSys access control system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-031-02 ∗∗∗ Schneider Electric EVLink Parking ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for use of hard-coded credentials, code injection, and SQL injection vulnerabilities reported in Schneider Electric’s EVLink Parking, an electric vehicle charging station. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (agg, golang-1.7, golang-1.8, mariadb-10.0, and postgis), Fedora (kernel, kernel-headers, and kernel-tools), Mageia (gitolite and libvorbis), openSUSE (pdns-recursor and webkit2gtk3), Oracle (firefox, ghostscript, kernel, polkit, spice, and spice-server), Red Hat (etcd, ghostscript, polkit, spice, and spice-server), Scientific Linux (ghostscript, polkit, spice, and spice-server), SUSE (python3), and Ubuntu (libvncserver). --------------------------------------------- https://lwn.net/Articles/778285/ ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletins: There is a security vulnerability in the XLXP-C component which is shipped in IBM Integration Bus and App Connect Enterprise (CVE-2018-1801) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletins-there-is-a-security-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Operations Center (CVE-2018-1553, CVE-2018-1683, CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Linux kernel vulnerability CVE-2018-16658 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K40523020 ∗∗∗ Java SE vulnerability CVE-2018-3183 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95003704 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.01.2019
by Daily end-of-shift report 31 Jan '19

31 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 30-01-2019 18:00 − Donnerstag 31-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mac "CookieMiner" Malware Aims to Gobble Crypto Funds ∗∗∗ --------------------------------------------- A newly discovered malware steals cookies, credentials and more to break into victims cryptocurrency exchange accounts. --------------------------------------------- https://threatpost.com/mac-cookieminer-malware-crypto/141334/ ∗∗∗ The D in SystemD stands for Danger, Will Robinson! Defanged exploit code for security holes now out in the wild ∗∗∗ --------------------------------------------- Capsule8 demos takeover technique to help sysadmins check for vulnerabilities Those who havent already patched a trio of recent vulnerabilities in the Linux worlds SystemD have an added incentive to do so: security biz Capsule8 has published exploit code for the holes. --------------------------------------------- https://www.theregister.co.uk/2019/01/31/systemd_exploit/ ∗∗∗ Tracking Unexpected DNS Changes ∗∗∗ --------------------------------------------- DNS is a key element of the Internet and, regularly, we read new bad stories. One of the last one was the Department of Homeland Security warning[1] about recent DNS hijacking attacks[2]. [...] it's not easy to detect unexpected changes but you can implement your own checks to tracks changes for your most visited websites. But from a website owner or network admin perspective, it is indeed a good practice to ensure that DNS servers authoritative for our domain zones are providing the --------------------------------------------- https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/ ∗∗∗ Top 10 Most Vulnerable WordPress Plugins ∗∗∗ --------------------------------------------- Kept properly updated, WordPress - including its plugins - is one of the most secure CMS available on the web. Provided the plugins are actively updated, most vulnerabilities are discovered and patched without widespread malicious exploitation. [...] In most cases, it's down to the users to make sure they apply the latest security updates to all their plugins. --------------------------------------------- https://www.htbridge.com/blog/top-10-most-vulnerable-wordpress-plugins.html ∗∗∗ IQ-Tests auf testific.com locken in Abo-Falle ∗∗∗ --------------------------------------------- Auf testific.com werden IQ- und Persönlichkeitstests angeboten. Konsument/innen, die an den Testungen teilnehmen, sollen ein Zertifikat erhalten, auf dem der IQ-Wert angegeben ist. Personen die den Intelligenztest durchführen, müssen im Anschluss 2,99 Euro bezahlen, um ihr Ergebnis zu erhalten. Ein versteckter Kostenhinweis zeigt: Es handelt sich um eine Abo-Falle, die 79,99 Euro pro Monat kostet. --------------------------------------------- https://www.watchlist-internet.at/news/iq-tests-auf-testificcom-locken-in-a… ∗∗∗ IoT botnet used in YouTube ad fraud scheme ∗∗∗ --------------------------------------------- TheMoons DDoS days are long gone. The botnet is now a proxy network for other criminal groups. --------------------------------------------- https://www.zdnet.com/article/iot-botnet-used-in-youtube-ad-fraud-scheme/#f… ∗∗∗ New security flaw impacts 5G, 4G, and 3G telephony protocols ∗∗∗ --------------------------------------------- Researchers have reported their findings and fixes should be deployed by the end of 2019. --------------------------------------------- https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-teleph… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitspatch: Dell Networking OS10 anfällig für Lauschattacken ∗∗∗ --------------------------------------------- Ein wichtiges Update schließt eine Sicherheitslücke im Switch-Betriebssystem Networking OS10 von Dell. --------------------------------------------- http://heise.de/-4294467 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (ghostscript), Debian (firefox-esr, libgd2, libvncserver, php-pear, rssh, and spice), Fedora (docker, docker-latest, firefox, moodle, and wireshark), Mageia (bluez, ghostscript, php-tcpdf, phpmyadmin, virtualbox, and zeromq), openSUSE (ghostscript), Red Hat (firefox), Scientific Linux (firefox), Slackware (kernel), and Ubuntu (avahi, firefox, and openjdk-8, openjdk-lts). --------------------------------------------- https://lwn.net/Articles/778107/ ∗∗∗ BlackBerry powered by Android Security Bulletin - January 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory - Authorization Bypass Vulnerability on Some Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190131-… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by a limited code injection vulnerability (CVE-2019-4038) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Manager FastBack (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Tivoli Application Dependency Discovery Manager (TADDM) could expose password hashes stored in system memory on target Windows systems that are discovered by TADDM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-applicatio… ∗∗∗ Linux kernel vulnerability CVE-2018-10901 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K07721343 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.01.2019
by Daily end-of-shift report 30 Jan '19

30 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 29-01-2019 18:00 − Mittwoch 30-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New LockerGoga Ransomware Allegedly Used in Altran Attack ∗∗∗ --------------------------------------------- Hackers have infected the systems of Altran Technologies with malware that spread through the company network, affecting operations in some European countries. To protect client data and its assets, Altran decided to shut down its network and applications. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-al… ∗∗∗ Z1: Zahnarztsoftware installiert lückenhaften Adobe Reader ∗∗∗ --------------------------------------------- Eine Verwaltungssoftware für Zahnarztpraxen installiert beim Update automatisch einen Adobe Reader in einer sehr alten Version, der zahlreiche bekannte Sicherheitslücken hat. Der Hersteller meint, das Problem behoben zu haben, das stimmt aber offenbar nicht. (Adobe Reader, PDF) --------------------------------------------- https://www.golem.de/news/z1-zahnarztsoftware-installiert-lueckenhaften-ado… ∗∗∗ CTF Writeup: Complex Drupal POP Chain ∗∗∗ --------------------------------------------- A recent Capture-The-Flag tournament hosted by Insomnihack challenged participants to craft an attack payload for Drupal 7. This blog post will demonstrate our solution for a PHP Object Injection with a complex POP gadget chain. --------------------------------------------- https://blog.ripstech.com/2019/complex-drupal-pop-chain/ ∗∗∗ Geldverlust und Datendiebstahl statt Traum-Immobilie! ∗∗∗ --------------------------------------------- Kriminelle inserieren günstige Miet- und Eigentumswohnungen, Häuser und Grundstücke auf bekannten Immobilienplattformen. Konsument/innen werden darüber informiert, dass eine Besichtigung über ein Treuhandunternehmen, also eine vertrauenswürdige Mittelsperson abgewickelt wird. Kautionen dürfen nicht bezahlt und Ausweisdokumente nicht übermittelt werden. Geld und Daten landen bei Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/news/geldverlust-und-datendiebstahl-statt… ∗∗∗ Matrix has slowly evolved into a Swiss Army knife of the ransomware world ∗∗∗ --------------------------------------------- The Matrix ransomware is usually deployed after cyber-criminals use unsecured RDP endpoints to compromise companies internal networks. --------------------------------------------- https://www.zdnet.com/article/matrix-has-slowly-evolved-into-a-swiss-army-k… ===================== = Vulnerabilities = ===================== ∗∗∗ Stryker Medical Beds ∗∗∗ --------------------------------------------- This medical device advisory provides mitigation recommendations for a reusing a nonce vulnerability in Strykers medical beds. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-01 ∗∗∗ Yokogawa License Manager Service ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a Unrestricted Upload of Files with Dangerous Type vulnerability reported in the Yokogawa License Manager Service application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-029-01 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5 ∗∗∗ --------------------------------------------- Cisco Talos is disclosing several vulnerabilities in ACD Systems Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX images. TIFF is a raster-based image format used in graphics editing projects, thus making it a very common file format thats used in Canvas Draw. PCX was a popular image format with early computers, and [...] --------------------------------------------- http://feedproxy.google.com/~r/feedburner/Talos/~3/4p-FF_Hp7xY/vulnerabilit… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (subversion), Debian (apache2, firefox-esr, qemu, rssh, and spice), Fedora (lua, mingw-python-qt5, mingw-qt5-qt3d, mingw-qt5-qtactiveqt, mingw-qt5-qtbase, mingw-qt5-qtcharts, mingw-qt5-qtdeclarative, mingw-qt5-qtgraphicaleffects, mingw-qt5-qtimageformats, mingw-qt5-qtlocation, mingw-qt5-qtmultimedia, mingw-qt5-qtquickcontrols, mingw-qt5-qtscript, mingw-qt5-qtsensors, mingw-qt5-qtserialport, mingw-qt5-qtsvg, mingw-qt5-qttools, [...] --------------------------------------------- https://lwn.net/Articles/777950/ ∗∗∗ Security Advisory - Double Free Vulnerability on Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190130-… ∗∗∗ Linux kernel vulnerability CVE-2018-18559 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K28241423 ∗∗∗ IBM Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Perl (CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18311) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-cloud-paks-are… ∗∗∗ IBM Security Bulletin: IBM Navigator for i is affected by CVE-2019-4040 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-navigator-for-i-i… ∗∗∗ IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1851) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-code-execution-vulner… ∗∗∗ IBM Security Bulletin: Bypass security vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2014-7810) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bypass-security-vulne… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ ZDI-19-157: Bitdefender SafePay exec Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-157/ ∗∗∗ ZDI-19-158: Bitdefender SafePay openFile Arbitrary File Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-158/ ∗∗∗ ZDI-19-159: Bitdefender SafePay launch Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-159/ ∗∗∗ ZDI: (0Day) Wecon LeviStudioU Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-143/ http://www.zerodayinitiative.com/advisories/ZDI-19-144/ http://www.zerodayinitiative.com/advisories/ZDI-19-145/ http://www.zerodayinitiative.com/advisories/ZDI-19-146/ http://www.zerodayinitiative.com/advisories/ZDI-19-147/ http://www.zerodayinitiative.com/advisories/ZDI-19-148/ http://www.zerodayinitiative.com/advisories/ZDI-19-149/ http://www.zerodayinitiative.com/advisories/ZDI-19-150/ http://www.zerodayinitiative.com/advisories/ZDI-19-151/ http://www.zerodayinitiative.com/advisories/ZDI-19-152/ http://www.zerodayinitiative.com/advisories/ZDI-19-153/ http://www.zerodayinitiative.com/advisories/ZDI-19-154/ http://www.zerodayinitiative.com/advisories/ZDI-19-155/ http://www.zerodayinitiative.com/advisories/ZDI-19-156/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.01.2019
by Daily end-of-shift report 29 Jan '19

29 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 28-01-2019 18:00 − Dienstag 29-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ A Miner Decline: The Surprising Slowdown of Cryptomining ∗∗∗ --------------------------------------------- This is the first of a three-part report on the state of three malware categories: miners, ransomware and information stealers. In Webroot's 2018 mid-term threat report, we outlined how cryptomining, and particularly cryptojacking, had become popular criminal tactics over the first six months of last year. This relatively novel method of cybercrime gained favour for being [...] --------------------------------------------- https://www.webroot.com/blog/2019/01/28/a-miner-decline-the-surprising-slow… ∗∗∗ FaceTime als Wanze – Apple schaltet Gruppenfunktion des VoIP-Dienstes ab ∗∗∗ --------------------------------------------- Ein Bug in Apples Kommunikationsdienst ermöglicht, das Mikrofon von iPhone und Mac aus der Ferne zu aktivieren. Apple ergreift Notfallmaßnahmen. --------------------------------------------- http://heise.de/-4290587 ∗∗∗ Sicherheitslücken in Microsoft Exchange gewähren Domain-Admin-Berechtigungen ∗∗∗ --------------------------------------------- Schwachstellen in allen Exchange-Server-Versionen machen Angreifer zu Domain-Administratoren. Ein Patch steht noch aus. --------------------------------------------- http://heise.de/-4290574 ∗∗∗ Aktuelle Trojaner-Welle: Emotet lauert in gefälschten Rechnungsmails ∗∗∗ --------------------------------------------- Offensichtlich hat es der Emotet-Schädling nun auf Privatpersonen abgesehen. Derzeit sind gehäuft gefälschte Amazon-, Telekom- und Vodafone-Mails unterwegs. --------------------------------------------- http://heise.de/-4291268 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in coTURN ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing three vulnerabilities in coTURN. coTURN is an open-source implementation of TURN and STUN servers that can be used as a general-purpose networking traffic TURN server. TURN servers are usually deployed in so-called "DMZ" zones - any server reachable from the internet - to provide firewall traversal solutions. --------------------------------------------- https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-multiple… ∗∗∗ Kleinanzeigen-Betrug boomt ∗∗∗ --------------------------------------------- Vorsicht beim Verkauf auf Kleinanzeigenplattformen wie willhaben, eBay, marketplace, quoka oder shpock. Aktuell häufen sich Anfragen von Interessent/innen, die das Geld angeblich einer Bank – die als Zwischenvermittler fungiert - "überweisen". Diese fragwürdige Bank hält den Betrag so lange zurück, bis Sie eine Versandbestätigung oder zu viel überwiesenes Geld übermitteln. Es handelt sich um eine Betrugsmasche! --------------------------------------------- https://www.watchlist-internet.at/news/kleinanzeigen-betrug-boomt/ ∗∗∗ Gefälschte Spar Umfrage: Versteckte Kosten statt gratis Technik! ∗∗∗ --------------------------------------------- Eine erfundene Umfrage wird momentan von Kriminellen massenhaft verschickt. Betroffene Personen, die den Links in der Nachricht folgen und die Umfrage durchführen, sollen mit einem gratis iPhone X, XS, Galaxy S9 oder einem MacBook belohnt werden. Ein versteckter Kostenhinweis bei der Eingabe der Kreditkartendaten zeigt aber: Statt Smartphone oder Laptop gibt's nur monatliche Kosten! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-spar-umfrage-versteckte-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (go-pie), Debian (wireshark), openSUSE (freerdp, libraw, openssh, pdns-recursor, singularity, and systemd), and Ubuntu (kernel, linux-hwe, and spice). --------------------------------------------- https://lwn.net/Articles/777806/ ∗∗∗ IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-has-a… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Check Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an Application Error vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-pa… ∗∗∗ IBM Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-qradar-p… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ The BIG-IP HTTP parser can incorrectly parse a tab character ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18263026 ∗∗∗ A virtual server with a Client SSL profile may accept non-SSL traffic ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21942600 ∗∗∗ BIG-IP APM XSS vulnerability CVE-2019-6591 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32840424 ∗∗∗ BIG-IP TMUI vulnerability CVE-2019-6589 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23566124 ∗∗∗ TMM vulnerability CVE-2019-6590 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55101404 ∗∗∗ The BIG-IP APM PingAccess component caching vulnerability may lead to user impersonation ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01226413 ∗∗∗ The BIG-IP ASM system may redirect a client request to an incorrect URL ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23432927 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.01.2019
by Daily end-of-shift report 28 Jan '19

28 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 25-01-2019 18:00 − Montag 28-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Datenbank: Lange bekannte MySQL-Lücke führt zu Angriffen ∗∗∗ --------------------------------------------- Das MySQL-Protokoll erlaubt es Servern, Daten des Clients auszulesen. Offenbar nutzte die kriminelle Gruppe Magecart dies zuletzt, um mit dem PHP-Datenbankfrontend Adminer Systeme anzugreifen. Auch PhpMyAdmin ist verwundbar. (MySQL, PHP) --------------------------------------------- https://www.golem.de/news/datenbank-lange-bekannte-mysql-luecke-fuehrt-zu-a… ∗∗∗ LabKey Vulnerabilities Threaten Medical Research Data ∗∗∗ --------------------------------------------- LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible. --------------------------------------------- https://threatpost.com/labkey-vulnerabilities-medical-research/141200/ ∗∗∗ NumPy Is Awaiting Fix for Critical Remote Code Execution Bug ∗∗∗ --------------------------------------------- The current version of the popular NumPy library relies on unsafe default usage of a Python module that could lead to remote code execution in the context of the affected application. --------------------------------------------- https://www.bleepingcomputer.com/news/security/numpy-is-awaiting-fix-for-cr… ∗∗∗ Jetzt patchen! Angreifer machen Jagd auf Cisco-Router ∗∗∗ --------------------------------------------- Sicherheitsforscher beobachten vermehrte Scans nach verwundbaren Routern von Cisco. Patches stehen zum Download bereit. --------------------------------------------- http://heise.de/-4289149 ∗∗∗ Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities ∗∗∗ --------------------------------------------- Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and intellectual properties. It allows the users to manage software license via USB key. A third vulnerability is located in userland and can be triggered remotely, as its located in the network [...] --------------------------------------------- https://blog.talosintelligence.com/2019/01/multiple-wibu-system-vulnerabili… ∗∗∗ Warnung vor software-outlet24.de ∗∗∗ --------------------------------------------- Auf software-outlet24.de werden Microsoft Office Pakete sowie Windows 10 und Windows 7 Produkt-Keys angeboten. Die Preise sind sehr günstig und laden zu einem schnellen Kauf ein. Zahlreiche Konsument/innen berichten uns von ausbleibenden Lieferungen und fehlender Rückerstattung. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-software-outlet24de/ ∗∗∗ WordPress sites under attack via zero-day in abandoned plugin ∗∗∗ --------------------------------------------- Developers of Total Donations plugin have gone missing, leaving former customers open to attacks. --------------------------------------------- https://www.zdnet.com/article/wordpress-sites-under-attack-via-zero-day-in-… ===================== = Vulnerabilities = ===================== ∗∗∗ Symantec Ghost Solution Suite DLL Hijack ∗∗∗ --------------------------------------------- Symantec Ghost Solution Suite (GSS) may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application. --------------------------------------------- https://support.symantec.com/en_US/article.SYMSA1474.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (apache, go, haproxy, matrix-synapse, nasm, and powerdns-recursor), Debian (coturn, ghostscript, krb5, policykit-1, and qtbase-opensource-src), Fedora (wireshark), openSUSE (nodejs4, nodejs8, openssh, PackageKit, and wireshark), Oracle (qemu and thunderbird), Scientific Linux (thunderbird), and SUSE (avahi, krb5, and python-paramiko). --------------------------------------------- https://lwn.net/Articles/777688/ ∗∗∗ Security Advisory - Memory Double Free Vulnerability in Image Processing Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190128-… ∗∗∗ IBM Security Bulletin: API Connect V5 is impacted by sensitive information disclosure via a REST API (CVE-2018-1976) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-imp… ∗∗∗ IBM Security Bulletin: Security Bulletin: Vulnerability in IBM Java SDK affects IBM Developer for z Systems (CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-vul… ∗∗∗ phpMyAdmin: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0089 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.01.2019
by Daily end-of-shift report 25 Jan '19

25 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 24-01-2019 18:00 − Freitag 25-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fighting Emotet: lessons from the front line ∗∗∗ --------------------------------------------- Emotet is moving, shape-shifting target for admins and their security software. Heres what weve learned from dealing with outbreaks. --------------------------------------------- https://nakedsecurity.sophos.com/2019/01/25/fighting-emotet-lessons-from-th… ∗∗∗ Youre an admin! Youre an admin! Youre all admins, thanks to this Microsoft Exchange zero-day and exploit ∗∗∗ --------------------------------------------- Easily swapped hashed passwords gives Domain Admin rights via API call. Fix may land next month Microsoft Exchange appears to be currently vulnerable to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/01/25/microsoft_e… ∗∗∗ Magento – RCE & Local File Read with low privilege admin rights ∗∗∗ --------------------------------------------- These vulnerabilities have been responsibly disclosed to Magento team, and received patches in Magento versions 2.3.0, 2.2.7 and 2.1.16 which were released in November 2018. --------------------------------------------- https://blog.scrt.ch/2019/01/24/magento-rce-local-file-read-with-low-privil… ∗∗∗ Mac-Trojaner versteckt sich in Werbebannern ∗∗∗ --------------------------------------------- Die auf macOS abzielende Malware wird in großem Stil per Banner-Werbung ausgeliefert und steganographisch versteckt, warnt eine Sicherheitsfirma. --------------------------------------------- http://heise.de/-4287382 ∗∗∗ Neue Passwort-Leaks: Insgesamt 2,2 Milliarden Accounts betroffen ∗∗∗ --------------------------------------------- Nach der Passwort-Sammlung Collection #1 kursieren nun auch die riesigen Collections #2-5 im Netz. So überprüfen Sie, ob Ihre Accounts betroffen sind. --------------------------------------------- http://heise.de/-4287538 ∗∗∗ Diverse Sicherheitslücken in iTunes für Windows ∗∗∗ --------------------------------------------- Apple hat seiner Mediathek-App auf dem PC ein Update spendiert, das mehr als ein halbes Dutzend Bugs fixt – darunter auch kritische. --------------------------------------------- http://heise.de/-4287940 ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess/SCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper authentication, authentication bypass, and SQL injection vulnerabilities in the WebAccess/SCADA software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01 ∗∗∗ PHOENIX CONTACT FL SWITCH ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for cross-site request forgery, improper restriction of excessive authentication attempts, cleartext transmission of sensitive information, resource exhaustion, incorrectly specified destination in a communication channel, insecure storage of sensitive information, and memory corruption vulnerabilities reported in Phoenix Contacts FL SWITCH ethernet hardware. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mxml, postgresql-9.4, and tmpreaper), Fedora (haproxy and runc), openSUSE (krb5, soundtouch, virtualbox, and zeromq), Oracle (thunderbird), Red Hat (thunderbird), and Ubuntu (subversion and thunderbird). --------------------------------------------- https://lwn.net/Articles/777549/ ∗∗∗ Cross-site scripting in CA Automic Workload Automation Web Interface (formerly Automic Automation Engine) ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-a… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by vulnerabilities in VMWare component (CVE-2018-6981 CVE-2018-6982) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: OpenSSL vunerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vunerability/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (October 2018 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System (July and October 2018 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6974) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: Multiple Foreshadow Spectre Variant vulnerabilities affect IBM OS Image for Red Hat Linux Systems in IBM PureApplication System (CVE-2018-3615 CVE-2018-3620 CVE-2018-3646) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-foreshadow-s… ∗∗∗ IBM SECURITY BULLETIN: IBM QRadar SIEM is vulnerable to Content Spoofing (CVE-2018-1733) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6972) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway appliances are affected by a vulnerability in IPMI (CVE-2018-1668) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability (CVE-2018-3639) pertaining third-party CPU hardware ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.01.2019
by Daily end-of-shift report 24 Jan '19

24 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 23-01-2019 18:00 − Donnerstag 24-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Verschlüsselung: Open SSL 1.1.1 überzeugt im Sicherheitsaudit ∗∗∗ --------------------------------------------- Die Initiativen Ostif und Quarkslab haben OpenSSL 1.1.1 einem Audit unterzogen. Den Fokus legten die Sicherheitsforscher auf die neuen TLS-1.3-Funktionen und die Änderungen am Pseudo Random Number Generator (PRNG). --------------------------------------------- https://www.golem.de/news/verschluesselung-open-ssl-1-1-1-ueberzeugt-im-sic… ∗∗∗ Bit-and-Piece DDoS Method Emerges to Torment ISPs ∗∗∗ --------------------------------------------- Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes. --------------------------------------------- https://threatpost.com/bit-and-piece-ddos-method-emerges-to-torment-isps/14… ∗∗∗ Gefälschte amazon.de-Versandbestätigung im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte amazon.de-Versandbestätigung. Darin schreiben sie, dass das von den Empfänger/innen bei der reBuy reCommerce GmbH bestellte Produkt am Versandweg sei. Weiterführende informationen zu dem Einkauf können Konsument/innen der Datei BESTELLDETAILS_eDATEI.doc entnehmen. Sie verbirgt Schadsoftware, weshalb Kund/innen sie nicht öffnen dürfen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-amazonde-versandbestaeti… ===================== = Vulnerabilities = ===================== ∗∗∗ Panels Breadcrumbs - Moderately critical - Cross site scripting - SA-CONTRIB-2019-007 ∗∗∗ --------------------------------------------- Project: Panels Breadcrumbs Version: 7.x-2.3 Date: 2019-January-23 Description: Panels Breadcrumbs allows you to set your breadcrumbs directly from Panels configuration. This module doesnt properly sanitize custom breadcrumb configuration in all cases, leading to an XSS vulnerability.This vulnerability is mitigated by the fact that an attacker must have permission --------------------------------------------- https://www.drupal.org/sa-contrib-2019-007 ∗∗∗ Preview Link - Moderately critical - Access bypass - SA-CONTRIB-2019-004 ∗∗∗ --------------------------------------------- Project: Preview Link Date: 2019-January-23 Description: The Preview Link module enables you to generate preview links so anonymous users can access unpublished revisions of content.The last release of the module introduced an access bypass allowing users to present invalid tokens but still access unpublished content. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-004 ∗∗∗ Playstation 4, Xbox One, Surface-Laptops: Kritische Schwachstellen im WLAN-Chip ∗∗∗ --------------------------------------------- Jetzt bekannt gewordene Sicherheitslücken erlauben es anscheinend, die Geräte aus dem lokalen WLAN ohne Interaktion des Nutzers zu kapern. --------------------------------------------- http://heise.de/-4286639 ∗∗∗ Böser Bug in PostScript trifft GhostScript und damit viele andere Programme ∗∗∗ --------------------------------------------- Ein Problem in den Tiefen der PostScript-Spezifikation lässt sich ausnutzen, um bösartigen Code auszuführen. --------------------------------------------- http://heise.de/-4286563 ∗∗∗ TLS Padding Oracle Vulnerability in Citrix Application Delivery Controller (ADC) and NetScaler Gateway ∗∗∗ --------------------------------------------- A vulnerability has been identified in the Citrix Application Delivery Controller (ADC) formally known as NetScaler ADC and NetScaler Gateway platforms using hardware acceleration that could allow an attacker to exploit the appliance to decrypt TLS traffic. This vulnerability does not directly allow an attacker to obtain the TLS private key. This vulnerability has been assigned the following CVE: CVE-2019-6485 --------------------------------------------- https://support.citrix.com/article/CTX240139 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (perl), Fedora (anaconda, curl, and poppler), openSUSE (ntpsec), SUSE (ghostscript, kernel, rubygem-activejob-4_2, and webkit2gtk3), and Ubuntu (ghostscript and mysql-5.7). --------------------------------------------- https://lwn.net/Articles/777480/ ∗∗∗ McAfee Total Protection: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- CB-K19/0079: McAfee Total Protection: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0079 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.01.2019
by Daily end-of-shift report 23 Jan '19

23 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 22-01-2019 18:00 − Mittwoch 23-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft’s Cyber Defense Operations Center shares best practices ∗∗∗ --------------------------------------------- You can download the Cyber Defense Operations Center strategy brief to gain more insight into how we work to protect, detect, and respond to cybersecurity threats. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2019/01/23/cdoc-best-practices/ ∗∗∗ Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com ∗∗∗ --------------------------------------------- Two of the most disruptive and widely-received spam email campaigns over the past few months -- including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year -- were made possible thanks to an authentication weakness at GoDaddy.com, the worlds largest domain name registrar, KrebsOnSecurity has learned. Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains tied to GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world’s most trusted corporate names and brands. --------------------------------------------- https://krebsonsecurity.com/2019/01/bomb-threat-sextortion-spammers-abused-… ∗∗∗ Gefälschte Geschäftsführungs-mail zu Kontostand ∗∗∗ --------------------------------------------- Unternehmen aufgepasst: Momentan erreichen uns zahlreiche Meldungen zu Betrugs-E-Mails, in welchen Kriminelle sich als Geschäftsführer/in des jeweiligen Unternehmens ausgeben. Gefragt wird nach dem aktuellen Kontostand. Ist genug Geld am Konto, soll eine Auslandsüberweisung initiiert werden. Das Geld darf nicht überwiesen werden, denn es wäre verloren. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-geschaeftsfuehrungs-mail… ∗∗∗ Rechtliche Folgen für Phishing-Opfer ∗∗∗ --------------------------------------------- Konsument/innen, die auf eine Banken-Phishingmail hereinfallen, übermitteln Kriminelle Daten, die diesen einen Zugriff auf ihr OnlineBanking-Konto ermöglichen. Teilen Kund/innen den Betrüger/innen telefonisch den TAN-Code zur Freigabe einer Überweisung mit, bleiben sie auf ihrem Schaden sitzen. Sie halten keine allgemein bekannten Sicherheitsvorkehrungen ein. --------------------------------------------- https://www.watchlist-internet.at/news/rechtliche-folgen-fuer-phishing-opfe… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-19-121: (0day) Microsoft Windows contact File Insufficient UI Warning Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of CONTACT files. Crafted data in a CONTACT file can cause Windows to display a dangerous hyperlink. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of the current user. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-121/ ∗∗∗ No-Name-Hausautomation: Lücke erlaubt leichten Firmware-Upload ∗∗∗ --------------------------------------------- Viele Geräte für die Hausautomation stammen von der Firma Tuya und haben Sicherheitslücken, die einfache Modifikation zulassen – zum Guten oder zum Schlechten. --------------------------------------------- https://heise.de/-4284783 ∗∗∗ Kritische Sicherheitslücke in Debians Update-Tools ∗∗∗ --------------------------------------------- Debian-basierte Linux-Systeme weisen eine Sicherheitslücke auf, über die Angreifer das System während des Einspielens von Sicherheits-Updates kapern könnten. --------------------------------------------- http://heise.de/-4285012 ∗∗∗ iOS 12.1.3 & Co: Apple stopft gravierende Schwachstellen auf iPhone und Mac ∗∗∗ --------------------------------------------- Mit Updates für alle Betriebssysteme räumt der Konzern Sicherheitslücken aus. Ein Bug erlaubt das Schadcode-Einschleusen per FaceTime-Anruf. --------------------------------------------- http://heise.de/-4285106 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libjpeg-turbo and systemd), Fedora (matrix-synapse, mingw-libjpeg-turbo, and mingw-libvorbis), Mageia (libcaca, libmp4v2, libxml2, pdns-recursor, perl-Email-Address, php-pear-HTML_QuickForm, podofo, and wavpack), openSUSE (webkit2gtk3), Red Hat (qemu-kvm-rhev), Scientific Linux (perl), Slackware (httpd), and Ubuntu (ntp). --------------------------------------------- https://lwn.net/Articles/777385/ ∗∗∗ OpenBMC caught with 'pantsdown' over new security flaw ∗∗∗ --------------------------------------------- A severe vulnerability has been found which impacts multiple Baseboard Management Controller (BMC) firmware stacks and hardware. The bug, CVE-2019-6260, has been nicknamed "pantsdown" ... --------------------------------------------- https://www.zdnet.com/article/bmc-caught-with-pantsdown-over-new-batch-of-s… ∗∗∗ Dräger Infinity Delta ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01 ∗∗∗ Johnson Controls Facility Explorer ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01 ∗∗∗ Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Connected Mobile Experiences Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco AMP Threat Grid API Key Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings Server Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by a vulnerability (CVE-2018-1959) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Server Automation is affected by the following vulnerabilities exposures (CVE-2018-8039, CVE-2018-1683, CVE-2018-1755) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-server-automation-is-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Integration Designer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ PHOENIX CONTACT Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-001 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily