===================== = End-of-Day report = =====================
Timeframe: Montag 09-09-2019 18:00 − Dienstag 10-09-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ How to Audit & Cleanup WordPress Plugins & Themes ∗∗∗ --------------------------------------------- In an interview with Smashing Magazine our CoFounder (now Head of Security Products at GoDaddy) Tony Perez was asked the following question. What Makes WordPress Vulnerable? "Here's the simple answer. Old versions of WordPress, along with theme and plugin vulnerabilities, multiplied by the CMS' popularity, with the end user thrown into the mix, make for a vulnerable website." --------------------------------------------- https://blog.sucuri.net/2019/09/wordpress-plugin-audit.html
∗∗∗ IoT Attack Opportunities Seen in the Cybercrime Underground ∗∗∗ --------------------------------------------- We looked into IoT-related discussions from several cybercrime underground communities. We found discussions ranging from tutorials to actual monetization schemes for IoT-related attacks. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/i588EjgxMnI/
∗∗∗ When corporate communications look like a phish ∗∗∗ --------------------------------------------- Before organizations engage in gnashing of teeth over the "ignorant user" and the cost of training, think about how much email users encounter and whether corporate communications look like phishes themselves. --------------------------------------------- https://blog.malwarebytes.com/business-2/2019/09/when-corporate-communicatio...
∗∗∗ Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study ∗∗∗ --------------------------------------------- Executive Summary Malware evasion techniques are widely used to circumvent detection as well as analysis and understanding. One of the dominant categories of evasion is anti-sandbox detection, simply because today’s sandboxes are becoming the fastest and easiest way to have an overview of the threat. --------------------------------------------- https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/evolution-of-mal...
∗∗∗ Achung Phishing: betrügerische Raiffeisen E-Mails im Umlauf ∗∗∗ --------------------------------------------- Kriminelle behaupten Ihre Kreditkarte wäre gesperrt: Mit der neuen EU-Richtlinie als Vorwand, erhalten momentan zahlreiche Bank-Kundinnen und Kunden Phishing-Mails. Laut den E-Mails schreibt die Richtlinie angeblich die Bestätigung Ihrer persönlichen Daten vor. Der angeführte Link führt Sie jedoch auf eine gefälschte Login-Seite. Kriminelle erspähen Ihre Daten. --------------------------------------------- https://www.watchlist-internet.at/news/achung-phishing-betruegerische-raiffe...
===================== = Vulnerabilities = =====================
∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Application Manager (APSB19-45) and Adobe Flash Player (APSB19-46). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided "AS IS" with no warranties and confers no rights. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1785
∗∗∗ Multiple Vulnerabilities in Comba and D-Link Routers ∗∗∗ --------------------------------------------- There are five new credential leaking vulnerabilities discovered and disclosed by Simon Kenin. Two are in a D-Link DSL modem typically installed to connect a home network to an ISP. The other three are in multiple Comba Telecom WiFi devices. All the vulnerabilities involve insecure storage of credentials including three where cleartext credentials available to any user with network access to the device. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-vul...
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (docker.io, icedtea-web, and trafficserver), openSUSE (opera), Red Hat (bind, firefox, go-toolset:rhel8, kernel, nghttp2, and polkit), SUSE (buildah, curl, java-1_7_1-ibm, and skopeo), and Ubuntu (freetype, memcached, python2.7, python3.4, and python2.7, python3.5, python3.6, python3.7). --------------------------------------------- https://lwn.net/Articles/798883/
∗∗∗ MISP 2.4.115 released (aka CVE-2019-16202 and sync speed improvement) ∗∗∗ --------------------------------------------- A new version of MISP (2.4.115) with a major security fix (CVE-2019-16202) and various small improvements has been released. We strongly recommend all MISP users update to this version. --------------------------------------------- https://www.misp-project.org/2019/09/10/MISP.2.4.115.released.html
∗∗∗ SSA-187667 (Last Update: 2019-09-10): DejaBlue Vulnerabilities - Siemens Healthineers Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-187667.pdf
∗∗∗ SSA-189842 (Last Update: 2019-09-10): TCP URGENT/11 Vulnerabilities in RUGGEDCOM Win ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
∗∗∗ SSA-191683 (Last Update: 2019-09-10): Cross-Site Scripting Vulnerability in IE/WSN-PA Link WirelessHART Gateway ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf
∗∗∗ SSA-250618 (Last Update: 2019-09-10): Denial-of-Service Vulnerability in SIMATIC TDC CP51M1 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-250618.pdf
∗∗∗ SSA-462066 (Last Update: 2019-09-10): Vulnerability known as TCP SACK PANIC in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
∗∗∗ SSA-834884 (Last Update: 2019-09-10): Vulnerability in SINETPLAN ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf
∗∗∗ SSA-884497 (Last Update: 2019-09-10): Multiple Vulnerabilities in SINEMA Remote Connect Server ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf
∗∗∗ GnuPG vulnerability CVE-2019-13050 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K08654551
∗∗∗ Wireshark vulnerability CVE-2019-12295 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K06725231