===================== = End-of-Day report = =====================
Timeframe: Donnerstag 06-06-2019 18:00 − Freitag 07-06-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ SandboxEscaper Debuts ByeBear Windows Patch Bypass ∗∗∗ --------------------------------------------- SandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch. --------------------------------------------- https://threatpost.com/sandboxescaper-byebear-windows-bypass/145470/
∗∗∗ Keep an Eye on Your WMI Logs, (Thu, Jun 6th) ∗∗∗ --------------------------------------------- WMI ("Windows Management Instrumentation")[1] is, like Microsoft says, "the infrastructure for management data and operations on Windows-based operating systems". Personally, I like to make a (very) rough comparison between WMI and SNMP: You can query information about a system (read) but also alter it (write). WMI is present on Windows systems since the version Windows 2000. As you can imagine, when a tool is available by default on all systems, [...] --------------------------------------------- https://isc.sans.edu/diary/rss/25012
∗∗∗ The EU Cybersecurity Act: a new Era dawns on ENISA ∗∗∗ --------------------------------------------- Today, 7th June 2019, the EU Cybersecurity Act was published in the Official Journal of the European Union. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/the-eu-cybersecurity-act-a-new-e...
∗∗∗ Bloodhound walkthrough. A Tool for Many Tradecrafts ∗∗∗ --------------------------------------------- A walkthrough on how to set up and use BloodHound BloodHound (https://github.com/BloodHoundAD/BloodHound) is an application used to visualize active directory environments. The front-end is built on electron and the back-end is a Neo4j database, the data leveraged is pulled from a series of data collectors also referred to as ingestors which come in PowerShell and [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/bloodhound-walkthrough-a-tool-...
∗∗∗ New Mirai Variant Adds 8 New Exploits, Targets Additional IoT Devices ∗∗∗ --------------------------------------------- Palo Alto Networks Unit 42 has been tracking the evolution of the Mirai malware, known for targeting embedded devices with the primary intent of launching DDoS attacks and self-propagation, since 2016 when it took down several notable targets. As part of this ongoing research, we’ve recently discovered a new variant of Mirai that[...] --------------------------------------------- https://unit42.paloaltonetworks.com/new-mirai-variant-adds-8-new-exploits-ta...
∗∗∗ A botnet is brute-forcing over 1.5 million RDP servers all over the world ∗∗∗ --------------------------------------------- Furthermore, statistics show that despite BlueKeep, most RDP attacks today are brute-force attempts. --------------------------------------------- https://www.zdnet.com/article/a-botnet-is-brute-forcing-over-1-5-million-rdp...
===================== = Vulnerabilities = =====================
∗∗∗ Optergy Proton Enterprise Building Management System ∗∗∗ --------------------------------------------- This advisory includes mitigations for information exposure, cross-site request forgery, unrestricted upload of file with dangerous type, open redirect, hidden functionality, exposed dangerous method or function, and use of hard-coded credentials vulnerabilities reported in Optergy’s Proton/Enterprise Building Management System. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-157-01
∗∗∗ Panasonic Control FPWIN Pro ∗∗∗ --------------------------------------------- This advisory includes mitigations for heap-based buffer overflow and type confusion vulnerabilities reported in Panasonics Control FPWIN Pro PLC programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (evolution and qemu), Fedora (cyrus-imapd and hostapd), Gentoo (exim), openSUSE (exim), Red Hat (qpid-proton), SUSE (bind, libvirt, mariadb, mariadb-connector-c, python, and rubygem-rack), and Ubuntu (firefox, jinja2, and linux-lts-xenial, linux-aws). --------------------------------------------- https://lwn.net/Articles/790647/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabiliti...
∗∗∗ IBM Security Bulletin: IBM API Connect’s Developer Portal is impacted by vulnerabilities in PHP (CVE-2019-11035 CVE-2019-11034) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-devel...
∗∗∗ IBM Security Bulletin: Secure Gateway is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-secure-gateway-is-affe...
∗∗∗ IBM Security Bulletin: IBM API Connect V5 is impacted by Cross Site Scripting vulnerability (CVE-2016-10531 CVE-2018-3721 CVE-2017-0268) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is-...
∗∗∗ Intel UEFI vulnerability CVE-2019-0119 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K85585101
∗∗∗ Intel Xeon access control vulnerability CVE-2019-0126 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37428370