[CERT-daily] Tageszusammenfassung - 05.04.2019

Fri Apr 5 18:08:21 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 04-04-2019 18:00 − Freitag 05-04-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================


∗∗∗ This Preinstalled Mobile Security App Delivered Vulnerabilities, Not Protection ∗∗∗
---------------------------------------------
No. 4 global phone maker, Xiaomi, preinstalled a security app called ‘Guard Provider’ that had a major flaw.
---------------------------------------------
https://threatpost.com/this-preinstalled-mobile-security-app-delivered-vulnerabilities-not-protection/143468/


∗∗∗ Spammed PNG file hides LokiBot ∗∗∗
---------------------------------------------
Recently we came across a spam message from our traps that looked truly odd when viewed from our Secure Email Gateway console.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spammed-png-file-hides-lokibot/


∗∗∗ The evolution of phishing kits ∗∗∗
---------------------------------------------
Gone are the days when a phishing page was a single page designed to capture user credentials. Phishing kits have become sophisticated and advanced to evade detection and look more legitimate to the user. In this blog, ..
---------------------------------------------
https://www.zscaler.com/blogs/research/evolution-phishing-kits


∗∗∗ Hiding in Plain Sight ∗∗∗
---------------------------------------------
Cisco Talos is continually working to ensure that our threat intelligence not only accounts for the latest threats but also new versions of old threats, such as spam. This often means pursuing cybercriminals wherever they congregate. However, instead of wheeling-and-dealing using hidden servers on ..
---------------------------------------------
https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html


∗∗∗ Ongoing DNS hijacking campaign targeting consumer routers ∗∗∗
---------------------------------------------
Over the last three months, our honeypots have detected DNS hijacking attacks targeting various types of consumer routers. All exploit attempts have originated from hosts on the network of Google Cloud Platform (AS15169). In this campaign, we’ve identified four distinct rogue DNS servers being used to redirect ..
---------------------------------------------
https://badpackets.net/ongoing-dns-hijacking-campaign-targeting-consumer-routers/


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Omron CX-Programmer ∗∗∗
---------------------------------------------
This advisory includes mitigations for a use after free vulnerability reported in Omrons CX-Programmer PLC software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01


∗∗∗ Rockwell Automation Stratix 5400/5410 and ArmorStratix 5700 ∗∗∗
---------------------------------------------
This advisory includes mitigations for an uncontrolled resource consumption vulnerability reported in Rockwell Automations Stratix and ArmorStratix Ethernet switches.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02


∗∗∗ Rockwell Automation Stratix 5400/5410/5700/8000/8300 and ArmorStratix 5700 ∗∗∗
---------------------------------------------
This advisory includes mitigations for resource management errors and improper input validation vulnerabilities reported in Rockwell Automations Stratix 5400/5410/5700/8000/8300 and ArmorStratix 5700 switches.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03


∗∗∗ Rockwell Automation Stratix 5950 ∗∗∗
---------------------------------------------
This advisory includes mitigations for an improper input validation vulnerability reported in Rockwell Automations Stratix 5950 security appliance products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-094-04


∗∗∗ ZDI-19-341: (0Day) Hewlett Packard Enterprise Intelligent Management Center navigationTo Expression Language Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-341/


∗∗∗ ZDI-19-339: (0Day) Hewlett Packard Enterprise Intelligent Management Center faultStatChooseFaultType Expression Language Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-339/


∗∗∗ ZDI-19-335: (0Day) Hewlett Packard Enterprise Intelligent Management Center perfSelectTask Expression Language Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-335/


∗∗∗ ZDI-19-334: (0Day) Hewlett Packard Enterprise Intelligent Management Center viewBatchTaskResultDetailFact Expression Language Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-334/


∗∗∗ HPESBHF03914 rev.1 - Certain HPE Servers with Intel Server Platform Services (SPS) Firmware, Multiple Local Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03914en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily