[CERT-daily] Tageszusammenfassung - 26.04.2019

Daily end-of-shift report team at cert.at
Fri Apr 26 18:14:15 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 25-04-2019 18:00 − Freitag 26-04-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Getting in the Zone: dumping Active Directory DNS using adidnsdump ∗∗∗
---------------------------------------------
Zone transfers are a classical way of performing reconnaissance in networks (or even from the internet). They require an insecurely configured DNS server that allows anonymous users to transfer all records and gather information about host in the network. What not many people know however is that if Active Directory integrated DNS is used, any [...]
---------------------------------------------
https://blog.fox-it.com/2019/04/25/getting-in-the-zone-dumping-active-directory-dns-using-adidnsdump/


∗∗∗ Service Accounts Redux - Collecting Service Accounts with PowerShell ∗∗∗
---------------------------------------------
Back in 2015 I wrote up a "find the service accounts" story - https://isc.sans.edu/forums/diary/Windows+Service+Accounts+Why+Theyre+Evil+and+Why+Pentesters+Love+them/20029/ (yes, it really has been that long). The approach I wrote up then used WMIC. Those scripts saw a lot of use back in the day, but dont reflect the fastest or most efficient way to collect this information - I thought today was a good day to cover how to do this much quicker in PowerShell.
---------------------------------------------
https://isc.sans.edu/forums/diary/Service+Accounts+Redux+Collecting+Service+Accounts+with+PowerShell/24882/


∗∗∗ Statistik: Deutlich mehr Malware für den Mac ∗∗∗
---------------------------------------------
Laut Angaben des Sicherheitsunternehmens Malwarebytes nehmen die Angriffe auf macOS-User zu. Besonders Adware wird zum Problem.
---------------------------------------------
https://heise.de/-4408038


∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450 ∗∗∗
---------------------------------------------
Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws present a number of attack vectors for a malicious actor, and could allow them to remotely execute code on the victim machine, change the administrator's password and expose user credentials, among [...]
---------------------------------------------
https://blog.talosintelligence.com/2019/04/vulnerability-sierra-airlink.html


∗∗∗ Vorsicht vor Betrugs-Mails mit vermeintlichen Rechnungen ∗∗∗
---------------------------------------------
Konsument/innen und Unternehmen erhalten E-Mails, die auf Links zu angeblichen Rechnungen verweisen. Die Betroffenen werden beispielsweise aufgefordert die Rechnungen zu bezahlen oder deren Inhalt zu überprüfen. Wer den Links folgt landet auf betrügerischen Websites, die versuchen, Systeme mit Schadsoftware zu infizieren.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-betrugs-mails-mit-vermeintlichen-rechnungen/


∗∗∗ An inside look at how credential stuffing operations work ∗∗∗
---------------------------------------------
Data breaches, custom software, proxies, IoT botnets, and hacking forums -- all play a role.
---------------------------------------------
https://www.zdnet.com/article/an-inside-look-at-how-credential-stuffing-operations-work/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension ∗∗∗
---------------------------------------------
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company - called "Plugin Vulnerabilities" - that recently gone rogue in order to protest against moderators of the WordPress's official support forum has once [...]
---------------------------------------------
https://thehackernews.com/2019/04/wordpress-woocommerce-security.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gpac and mercurial), Fedora (kernel-headers and kernel-tools), openSUSE (GraphicsMagick, kauth, lxc, lxcfs, python, qemu, and xmltooling), SUSE (freeradius-server, ImageMagick, libvirt, samba, and wireshark), and Ubuntu (bind9).
---------------------------------------------
https://lwn.net/Articles/786884/


∗∗∗ Synology-SA-19:20 ISC BIND ∗∗∗
---------------------------------------------
CVE-2018-5743 allows remote attackers to conduct denial-of-service attacks via a susceptible version of DNS Server.DNS Server is not affected by CVE-2019-6947 and CVE-2019-6948 as these vulnerabilities only affect ISC BIND 9.10.5 and later.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_20


∗∗∗ Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190424-01-frp-en


∗∗∗ IBM Cognos Business Intelligence: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0354


∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2019 – Includes Oracle Jan 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2019-includes-oracle-jan-2019-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM® Java Runtime and Liberty affect IBM BigFix Remote Control ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-and-liberty-affect-ibm-bigfix-remote-control/


∗∗∗ IBM Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2018-20346) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2018-20346/


∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability GNU C Library (CVE-2018-16429) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-analysis-dsa-preboot-is-affected-by-vulnerability-gnu-c-library-cve-2018-16429/


∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-analysis-dsa-preboot-is-affected-by-vulnerabilities-in-libtiff-2/


∗∗∗ IBM Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0734) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-manager-with-openstack-is-affected-by-a-openssl-vulnerabilities-cve-2018-0734/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-manager-with-openstack-3/


∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libtirpc (CVE-2018-14622 CVE-2018-14621) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-analysis-dsa-preboot-is-affected-by-vulnerabilities-in-libtirpc-cve-2018-14622-cve-2018-14621/


∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSH ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-analysis-dsa-preboot-is-affected-by-vulnerabilities-in-openssh/


∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSL (CVE-2018-0732 CVE-2018-0737) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-dynamic-system-analysis-dsa-preboot-is-affected-by-vulnerabilities-in-openssl-cve-2018-0732-cve-2018-0737/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list