===================== = End-of-Day report = =====================
Timeframe: Donnerstag 24-01-2019 18:00 − Freitag 25-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Fighting Emotet: lessons from the front line ∗∗∗ --------------------------------------------- Emotet is moving, shape-shifting target for admins and their security software. Heres what weve learned from dealing with outbreaks. --------------------------------------------- https://nakedsecurity.sophos.com/2019/01/25/fighting-emotet-lessons-from-the...
∗∗∗ Youre an admin! Youre an admin! Youre all admins, thanks to this Microsoft Exchange zero-day and exploit ∗∗∗ --------------------------------------------- Easily swapped hashed passwords gives Domain Admin rights via API call. Fix may land next month Microsoft Exchange appears to be currently vulnerable to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/01/25/microsoft_ex...
∗∗∗ Magento – RCE & Local File Read with low privilege admin rights ∗∗∗ --------------------------------------------- These vulnerabilities have been responsibly disclosed to Magento team, and received patches in Magento versions 2.3.0, 2.2.7 and 2.1.16 which were released in November 2018. --------------------------------------------- https://blog.scrt.ch/2019/01/24/magento-rce-local-file-read-with-low-privile...
∗∗∗ Mac-Trojaner versteckt sich in Werbebannern ∗∗∗ --------------------------------------------- Die auf macOS abzielende Malware wird in großem Stil per Banner-Werbung ausgeliefert und steganographisch versteckt, warnt eine Sicherheitsfirma. --------------------------------------------- http://heise.de/-4287382
∗∗∗ Neue Passwort-Leaks: Insgesamt 2,2 Milliarden Accounts betroffen ∗∗∗ --------------------------------------------- Nach der Passwort-Sammlung Collection #1 kursieren nun auch die riesigen Collections #2-5 im Netz. So überprüfen Sie, ob Ihre Accounts betroffen sind. --------------------------------------------- http://heise.de/-4287538
∗∗∗ Diverse Sicherheitslücken in iTunes für Windows ∗∗∗ --------------------------------------------- Apple hat seiner Mediathek-App auf dem PC ein Update spendiert, das mehr als ein halbes Dutzend Bugs fixt – darunter auch kritische. --------------------------------------------- http://heise.de/-4287940
===================== = Vulnerabilities = =====================
∗∗∗ Advantech WebAccess/SCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper authentication, authentication bypass, and SQL injection vulnerabilities in the WebAccess/SCADA software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01
∗∗∗ PHOENIX CONTACT FL SWITCH ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for cross-site request forgery, improper restriction of excessive authentication attempts, cleartext transmission of sensitive information, resource exhaustion, incorrectly specified destination in a communication channel, insecure storage of sensitive information, and memory corruption vulnerabilities reported in Phoenix Contacts FL SWITCH ethernet hardware. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mxml, postgresql-9.4, and tmpreaper), Fedora (haproxy and runc), openSUSE (krb5, soundtouch, virtualbox, and zeromq), Oracle (thunderbird), Red Hat (thunderbird), and Ubuntu (subversion and thunderbird). --------------------------------------------- https://lwn.net/Articles/777549/
∗∗∗ Cross-site scripting in CA Automic Workload Automation Web Interface (formerly Automic Automation Engine) ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-au...
∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by vulnerabilities in VMWare component (CVE-2018-6981 CVE-2018-6982) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-sy...
∗∗∗ IBM Security Bulletin: OpenSSL vunerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vunerability/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (October 2018 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabiliti...
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System (July and October 2018 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabiliti...
∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6974) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-sy...
∗∗∗ IBM Security Bulletin: Multiple Foreshadow Spectre Variant vulnerabilities affect IBM OS Image for Red Hat Linux Systems in IBM PureApplication System (CVE-2018-3615 CVE-2018-3620 CVE-2018-3646) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-foreshadow-sp...
∗∗∗ IBM SECURITY BULLETIN: IBM QRadar SIEM is vulnerable to Content Spoofing (CVE-2018-1733) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vul...
∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6972) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-sy...
∗∗∗ IBM Security Bulletin: IBM DataPower Gateway appliances are affected by a vulnerability in IPMI (CVE-2018-1668) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway-...
∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability (CVE-2018-3639) pertaining third-party CPU hardware ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-sy...