===================== = End-of-Day report = =====================
Timeframe: Freitag 05-07-2019 18:00 − Montag 08-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a
===================== = News = =====================
∗∗∗ Anubis Android Malware Returns with Over 17,000 Samples ∗∗∗ --------------------------------------------- In mid-January of 2019, we saw Anubis use a plethora of techniques, including the use of motion-based sensors to elude sandbox analysis and overlays to steal personally identifiable information. The latest samples of Anubis (detected by Trend Micro as AndroidOS_AnubisDropper) we recently came across are no different. While tracking Anubis’ activities, we saw two related servers containing 17,490 samples. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence /anubis-android-malware-returns-with-over-17000-samples/
∗∗∗ Godlua, Missverständnisse und der Streit um DNS over HTTPS ∗∗∗ --------------------------------------------- Der Linux-Schadcode Godlua verschlüsselt seinen DNS-Traffic mit HTTPS, benutzt allerdings nicht das DoH-Protokoll. --------------------------------------------- https://heise.de/-4464640
∗∗∗ Malicious Code Planted in strong_password Ruby Gem ∗∗∗ --------------------------------------------- A developer discovered that an update released for the 'strong_password' Ruby gem contained malicious code that allowed an attacker to remotely execute arbitrary code. Developer Tute Costa was updating gems used by a Rails application when he noticed that version 0.0.7 of strong_password was pushed out on RubyGems.org, the Ruby community's gem hosting service, but not on GitHub. --------------------------------------------- https://www.securityweek.com /malicious-code-planted-strongpassword-ruby-gem
===================== = Vulnerabilities = =====================
∗∗∗ ZDI-19-640: (0Day) Google Android Bluetooth hci_len Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows attackers in close proximity to execute arbitrary code on vulnerable installations of Google Android. User interaction is required to exploit this vulnerability in that the target must accept a malicious file transfer. ... 06/07/19 - The vendor replied the fix was not public yet but would soon be included in the next release of a major version --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-640/
∗∗∗ Multiple Vulnerabilities in innovaphone VoIP Products Fixed ∗∗∗ --------------------------------------------- innovaphone fixed several vulnerabilities in two VoIP products that we disclosed a while ago. The affected products are the Linux Application Platform and the IPVA. Unfortunately, the release notes are not public (yet?) and the vendor does not include information about the vulnerabilities for the Linux Application Platform. Therefore, we decided to publish some more technical details for the issues. --------------------------------------------- https://insinuator.net/2019/07 /multiple-vulnerabilities-in-innovaphone-voip-products-fixed/
∗∗∗ ct deckt auf: Tastaturen und Mäuse von Logitech weitreichend angreifbar ∗∗∗ --------------------------------------------- In etlichen Tastaturen, Mäusen und Presentern von Logitech klaffen Sicherheitslücken. ct erklärt, welche Produkte betroffen sind und was Sie jetzt tun sollten. --------------------------------------------- https://heise.de/-4464149
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dosbox, python-django, squid3, and unzip), Fedora (filezilla, libfilezilla, and samba), openSUSE (gvfs), Oracle (kernel), Red Hat (firefox and redhat-virtualization-host), SUSE (bash and libpng16), and Ubuntu (libvirt). --------------------------------------------- https://lwn.net/Articles/793057/
∗∗∗ CVE-2019–13142: Razer Surround 1.1.63.0 EoP ∗∗∗ --------------------------------------------- Version: Razer Surround 1.1.63.0 Operating System tested on: Windows 10 1803 (x64) Vulnerability: Razer Surround Elevation of Privilege through Insecure folder/file permissions --------------------------------------------- https://posts.specterops.io /cve-2019-13142-razer-surround-1-1-63-0-eop-f18c52b8be0c
∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-mozilla-firefox-vulnerability-in-ibm -sonas-2/
∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-mozilla-firefox-vulnerability-in-ibm -sonas/
∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-mozilla-firefox-vulnerabilities-in-i bm-sonas-6/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime- affect-ibm-cloud-transformation-advisor-2/
∗∗∗ IBM Security Bulletin: A vulnerability in IBM Websphere Application Server could affect IBM Cloud App Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt /ibm-security-bulletin-a-vulnerability-in-ibm-websphere-application- server-could-affect-ibm-cloud-app-management/
∗∗∗ HPESBHF03937 rev.1 - HPE UIoT Unauthorized Remote Access and Access to Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public /display?docLocale=en_US&docId=emr_na-hpesbhf03937en_us
∗∗∗ HPESBMU03941 rev.1 - HPE IceWall SSO Agent Option and IceWall MFA Remote Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public /display?docLocale=en_US&docId=emr_na-hpesbmu03941en_us