[CERT-daily] Tageszusammenfassung - 12.08.2019
Daily end-of-shift report
team at cert.at
Mon Aug 12 18:15:29 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 09-08-2019 18:00 − Montag 12-08-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Beware of Fake Microsoft Account Unusual Sign-in Activity Emails ∗∗∗
---------------------------------------------
In this article we take a look at a phishing campaign that pretends to be an "Unusual sign-in activity" alertfrom Microsoft that could easily trick someone into clicking on the enclosed link.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/beware-of-fake-microsoft-account-unusual-sign-in-activity-emails/
∗∗∗ Malware Analysis and Reverse Engineering ∗∗∗
---------------------------------------------
Introduction This article provides a high-level overview of malware analysis and reverse engineering. If you are planning to get started with malware analysis and reverse engineering, this article can be a good starting point, as it covers a high-level overview of what you need to know before you download that debugger and get your hands [...]
---------------------------------------------
https://resources.infosecinstitute.com/malware-analysis-and-reverse-engineering/
∗∗∗ DEF CON 2019: Delta ICS Flaw Allows Total Industrial Takeover ∗∗∗
---------------------------------------------
The bug exists in a controller that oversees HVAC, lighting, sensor and alarm systems, to name a few.
---------------------------------------------
https://threatpost.com/def-con-2019-delta-ics-flaw-allows-total-industrial-takeover/147142/
∗∗∗ Inside the Hidden World of Elevator Phone Phreaking ∗∗∗
---------------------------------------------
Eavesdropping, reprogramming, talking to strangers: Welcome to the harmless and not-so-harmless fun of hacking elevator call boxes.
---------------------------------------------
https://www.wired.com/story/elevator-phone-phreaking-defcon
∗∗∗ Amazon Web Services: Tausende virtuelle Festplatten frei zugänglich im Netz ∗∗∗
---------------------------------------------
Ein Forscher fand tausendfach offen zugängliche Elastic Block Store-Volumes mit vertraulichen Daten im Netz, wo sie sich beliebig durchsuchen lassen.
---------------------------------------------
https://heise.de/-4493402
∗∗∗ Windows-Treiber von Intel, AMD, Nvidia und vielen Mainboard-Herstellern unsicher ∗∗∗
---------------------------------------------
Über mehr als 40 weit verbreitete Hardware-Treiber können Angreifer sich Kernel-Rechte auf einem System verschaffen.
---------------------------------------------
https://heise.de/-4494929
∗∗∗ Cruise Releases Automated Firmware Security Analyzer to Open Source ∗∗∗
---------------------------------------------
The growth of IoT devices has highlighted the difficulties in ensuring firmware security -- especially where the device and software are initially sourced from third parties, or developed under time pressures in-house. Now a new firmware analyzer has been released to open source on GitHub.
---------------------------------------------
https://www.securityweek.com/gm-cruise-releases-automated-firmware-security-analyzer-open-source
∗∗∗ Hotellerie-Betriebe: Vorsicht vor kriminellen Buchungs- & Stornierungsversuchen! ∗∗∗
---------------------------------------------
Vermeintliche Interessent/innen kontaktieren gezielt Hotels, Pensionen, Apartments und sonstige Unterkünfte für eine Buchung. Kurz nach einer (ungültigen) Zahlung per Kreditkarte folgen schreckliche Nachrichten: Aufgrund tragischer Ereignisse bei den geplanten Gästen muss die Buchung storniert und das Geld zurücküberwiesen werden. Hotellerie-Betriebe dürfen den Aufforderungen nicht nachkommen!
---------------------------------------------
https://www.watchlist-internet.at/news/hotellerie-betriebe-vorsicht-vor-kriminellen-buchungs-stornierungsversuchen/
∗∗∗ Hunting the Public Cloud for Exposed Hosts and Misconfigurations ∗∗∗
---------------------------------------------
This research explores the security landscape of the Internet-facing services hosted in Amazon AWS, Microsoft Azure and Google Cloud Platform.
---------------------------------------------
https://unit42.paloaltonetworks.com/hunting-the-public-cloud-for-exposed-hosts-and-misconfigurations/
∗∗∗ Clever attack uses SQLite databases to hack other apps, malware servers ∗∗∗
---------------------------------------------
Tainted SQLite database can run malicious code inside other apps, such as web apps or Apples iMessage.
---------------------------------------------
https://www.zdnet.com/article/clever-attack-uses-sqlite-databases-to-hack-other-apps-malware-servers/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (fusiondirectory, gosa, kconfig, kernel, pango1.0, and python-django), Fedora (aubio, icedtea-web, java-1.8.0-openjdk, kernel, kernel-headers, kernel-tools, libslirp, openqa, os-autoinst, and upx), Gentoo (JasPer, libvncserver, and redis), Mageia (cyrus-imapd and php), Oracle (kernel), Red Hat (chromium-browser, cockpit-ovirt, Red Hat Virtualization, and rhvm-appliance), SUSE (ImageMagick, libvirt, python, and wireshark), and Ubuntu (poppler).
---------------------------------------------
https://lwn.net/Articles/795963/
∗∗∗ PPOM for WooCommerce <= 18.3 - Authenticated Stored XSS ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/9502
∗∗∗ ZDI-19-701: (0Day) EZAutomation EZPLC EZC File Parsing Memory Corruption Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-701/
∗∗∗ ZDI-19-700: (0Day) EZAutomation EZTouch Editor EZP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-700/
∗∗∗ iControl REST and tmsh vulnerability CVE-2019-6621 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K20541896
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list