[CERT-daily] Tageszusammenfassung - 09.08.2019

Daily end-of-shift report team at cert.at
Fri Aug 9 18:17:57 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 08-08-2019 18:00 − Freitag 09-08-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Hackerone: Sicherheitslücke in Steam bleibt vorerst ungefixt ∗∗∗
---------------------------------------------
Auf Windows-Systemen, auf denen der Spiele-Launcher Steam installiert ist, können einfache Nutzer Programme mit Systemrechten ausführen. Der Entdecker der Lücke meldete diese über die Plattform Hackerone, dort erklärte man den Bug für ungültig und wollte eine Veröffentlichung verhindern.
---------------------------------------------
https://www.golem.de/news/hackerone-sicherheitsluecke-in-steam-bleibt-vorerst-ungefixt-1908-143110-rss.html


∗∗∗ Protect against BlueKeep ∗∗∗
---------------------------------------------
DART offers steps you can take to protect your network from BlueKeep, the “wormable” vulnerability that can create a large-scale outbreak due to its ability to replicate and propagate.
---------------------------------------------
https://www.microsoft.com/security/blog/2019/08/08/protect-against-bluekeep/


∗∗∗ Hidden Algorithm Flaws Expose Websites to DoS Attacks ∗∗∗
---------------------------------------------
Why throw a bunch of junk traffic at a service, when all it takes to stall it out is just a few bytes?
---------------------------------------------
https://www.wired.com/story/algorithm-dos-attack


∗∗∗ How Safecrackers Can Unlock an ATM in Minutes—Without Leaving a Trace ∗∗∗
---------------------------------------------
At Defcon this week, security researcher Mike Davis will show how he can pick the lock of an ATM safe in no time, thanks to its electric leaks.
---------------------------------------------
https://www.wired.com/story/atm-lock-hack-electric-leaks


∗∗∗ Saefko: A new multi-layered RAT ∗∗∗
---------------------------------------------
Recently, the Zscaler ThreatLabZ team came across a new remote-access trojan (RAT) for sale on the dark web. The RAT, called Saefko, is written in .NET and has multiple functionalities. This blog provides a detailed analysis of this piece of malware, including its HTTP, IRC, and data stealing and spreading module.
---------------------------------------------
https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat


∗∗∗ Are Your Out-of-Office Replies Revealing Too Much? ∗∗∗
---------------------------------------------
Whether you’re traveling for business or pleasure, it’s common practice to create an automatic out-of-office reply for incoming emails. While business continuity is important, it’s critical to remember that some emails that arrive in your inbox will come from people you don’t know - and, in some cases, cybercriminals who wish to do you harm. The details you provide could be used for malicious purposes and expose your organization to attack.
---------------------------------------------
https://www.proofpoint.com/us/security-awareness/post/are-your-out-office-replies-revealing-too-much


∗∗∗ New Windows Process Injection Can Be Useful for Stealthy Malware ∗∗∗
---------------------------------------------
Researchers at SafeBreach, a cybersecurity firm that specializes in breach and attack simulations, have catalogued most known Windows process injection techniques. They also discovered a new method, which they claim is stealthy and can bypass all protections implemented by Microsoft.
---------------------------------------------
https://www.securityweek.com/new-windows-process-injection-can-be-useful-stealthy-malware


∗∗∗ Analyse: Ransomware-Angriffe auf Firmen fast vervierfacht ∗∗∗
---------------------------------------------
Die Zahl der Infektionen mit Ransomware bei Firmen hat im Vergleich zum Vorjahr um 365 Prozent zugenommen. Groß im Geschäft: das Trio Emotet/Trickbot/Ryuk.
---------------------------------------------
https://heise.de/-4492497


∗∗∗ Skype, Slack, VS Code, Atom: Electron-Apps haben eine gefährliche Achilles-Ferse ∗∗∗
---------------------------------------------
Programme, die auf dem Electron Framework basieren, können von lokalen Angreifern trojanisiert und als Angriffsplattform missbraucht werden.
---------------------------------------------
https://heise.de/-4493195


∗∗∗ Hackers Can Use Rogue Engineering Stations to Target Siemens PLCs ∗∗∗
---------------------------------------------
Malicious actors could use rogue engineering workstations to take control of Siemens programmable logic controllers (PLCs), and they can hide the attack from the engineer monitoring the system, researchers from two universities in Israel have demonstrated.
---------------------------------------------
https://www.securityweek.com/hackers-can-use-rogue-engineering-stations-target-siemens-plcs



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Schwerwiegende Sicherheitslücke in Big-IP-Produkten von F5 Networks ∗∗∗
---------------------------------------------
Der finnische Sicherheitsspezialist F-Secure warnt vor einer Sicherheitslücke, die möglicherweise zahlreiche Unternehmen zu Zielen für Cyberangriffe macht. Betroffen sind Big-IP-Produkte von F5 Networks. Der Anbieter dementiert.
---------------------------------------------
https://www.it-business.de/schwerwiegende-sicherheitsluecke-in-big-ip-produkten-von-f5-networks-a-853135/


∗∗∗ Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware ∗∗∗
---------------------------------------------
Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies (source), with products targeting a wide spectrum of customers, from small business and midmarket, to large corporations. As part of the ongoing McAfee Advanced Threat Research effort into researching critical vulnerabilities in widely deployed software [...]
---------------------------------------------
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (postgresql-11, postgresql-9.4, and postgresql-9.6), Fedora (exiv2), openSUSE (python-Django and vlc), Oracle (kernel), Red Hat (qemu-kvm-rhev), SUSE (evince, nodejs10, python, and squid), and Ubuntu (postgresql-10, postgresql-11, postgresql-9.5).
---------------------------------------------
https://lwn.net/Articles/795821/


∗∗∗ D-LINK Router: Schwachstelle ermöglicht Manipulation von Dateien ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0708


∗∗∗ BlackBerry Powered by Android Security Bulletin - August 2019 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000057968


∗∗∗ Security Notice - Statement on Brute Forcing Encrypted Backup Data for Huawei Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2019/huawei-sn-20190809-01-backup-en


∗∗∗ BIG-IP DHCPv6 vulnerability CVE-2019-6643 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K36228121


∗∗∗ iControl REST vulnerability CVE-2019-6646 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K53990093


∗∗∗ F5 Container Ingress Service vulnerability CVE-2019-6648 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K74327432


∗∗∗ iRulesLX debug NodeJS vulnerability CVE-2019-6644 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K75532331


∗∗∗ BIG-IP mcpd vulnerability CVE-2019-6647 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K87920510


∗∗∗ The BIG-IP DNS Configuration utility may erroneously display the TSIG key secret in plain text form ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K03332436


∗∗∗ BIG-IP SSL connection security exposure ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K41515225


∗∗∗ BIG-IP FTP profile vulnerability CVE-2019-6645 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K15759349


∗∗∗ F5 Container Ingress Services vulnerability CVE-2019-6648 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K74327432

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list