[CERT-daily] Tageszusammenfassung - 14.08.2019

Daily end-of-shift report team at cert.at
Wed Aug 14 18:11:55 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 13-08-2019 18:00 − Mittwoch 14-08-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ New Bluetooth KNOB Flaw Lets Attackers Manipulate Traffic ∗∗∗
---------------------------------------------
A new Bluetooth vulnerability named "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-bluetooth-knob-flaw-lets-attackers-manipulate-traffic/


∗∗∗ Dejablue: Erneut Sicherheitslücken im Windows-Remote-Desktop ∗∗∗
---------------------------------------------
Microsoft warnt vor zwei Remote-Code-Execution-Bugs im Remote Desktop Service. Damit lassen sich Windows-Rechner übers Netz kapern, wenn sie die Remoteadministration aktiviert haben. Alle aktuellen Windows-Versionen sind betroffen.
---------------------------------------------
https://www.golem.de/news/dejablue-erneut-sicherheitsluecken-im-windows-remote-deskt-1908-143192-rss.html


∗∗∗ Project Zero: Windows-Texteingabesystem bietet viele Angriffsmöglichkeiten ∗∗∗
---------------------------------------------
Ein Systemdienst für Texteingabemethoden, das es seit Windows XP gibt, wurde offenbar mit wenig Sicherheitsbewusstsein entwickelt. Tavis Ormandy von Google gelang es damit, als Nutzer Systemrechte zu erlangen. Es gibt ein Update von Microsoft, doch das behebt wohl nicht alle Probleme.
---------------------------------------------
https://www.golem.de/news/project-zero-windows-texteingabesystem-bietet-viele-angriffsmoeglichkeiten-1908-143199-rss.html


∗∗∗ Debugging for Malware Analysis ∗∗∗
---------------------------------------------
This article provides an overview of debugging and how to use some of the most commonly used debuggers. We will begin by discussing OllyDbg; using it, we will explore topics such as setting up breakpoints, stepping through the instructions and modifying the flow of execution. We will then discuss WinDbg, which can be used [...]
---------------------------------------------
https://resources.infosecinstitute.com/debugging-for-malware-analysis/


∗∗∗ Nehmen Sie sich vor gefälschten Zahlungsanweisungen in Acht! ∗∗∗
---------------------------------------------
Zahlreiche Unternehmen wenden sich mit erfundenen Überweisungs-Aufforderungen im Namen der Geschäftsführung oder anderer Führungspersonen an uns. Die E-Mails stammen von Kriminellen, die die Mail-Adressen durch „Spoofing“ imitieren und dadurch nichtsahnende Mitarbeiter/innen zu Überweisungen auf fremde Konten bringen wollen.
---------------------------------------------
https://www.watchlist-internet.at/news/nehmen-sie-sich-vor-gefaelschten-zahlungsanweisungen-in-acht/


∗∗∗ This new cryptojacking malware uses a sneaky trick to remain hidden ∗∗∗
---------------------------------------------
Norman cryptomining malware was found to have infected almost every system in one organisation during an investigation by security researchers.
---------------------------------------------
https://www.zdnet.com/article/this-new-cryptojacking-malware-uses-a-sneaky-trick-to-remain-hidden/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Intel Releases Security Updates ∗∗∗
---------------------------------------------
Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates: RAID Web Console 2 Advisory INTEL-SA-00246 NUC Advisory INTEL-SA-00272 [...]
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/08/13/intel-releases-security-updates


∗∗∗ Trend Micro Password Manager - Privilege Escalation to SYSTEM ∗∗∗
---------------------------------------------
SafeBreach Labs discovered a new vulnerability in Trend Micro Password Manager software. In this post, we will demonstrate how this vulnerability could have been used in order to achieve privilege escalation and persistence by loading an arbitrary unsigned DLL into a service that runs as NT AUTHORITY\SYSTEM.
---------------------------------------------
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM


∗∗∗ DoS-Attacken: Viele Web-Server mit HTTP/2 angreifbar ∗∗∗
---------------------------------------------
Forschern zufolge ist ein Großteil von Web-Servern mit HTTP/2 nicht optimal konfiguriert, sodass die Sicherheit gefährdet ist. Patches sind verfügbar.
---------------------------------------------
https://heise.de/-4496647


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel, linux-4.9, otrs2, and tomcat8), Fedora (igraph and jhead), openSUSE (ansible, GraphicsMagick, kconfig, kdelibs4, live555, mumble, phpMyAdmin, proftpd, python-Django, and znc), Oracle (kernel and openssl), Red Hat (kernel, openssl, and rh-mysql80-mysql), Scientific Linux (kernel and openssl), Slackware (kernel), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork and mariadb-100), and Ubuntu (linux, linux-aws, linux-kvm, [...]
---------------------------------------------
https://lwn.net/Articles/796193/


∗∗∗ SAP Patches Highest Number of Critical Flaws Since 2014 ∗∗∗
---------------------------------------------
SAP’s Security Patch Day updates for August 2019 address three new critical vulnerabilities affecting the company’s products. This is the highest number of critical flaws fixed on the same day since 2014.
---------------------------------------------
https://www.securityweek.com/sap-patches-highest-number-critical-flaws-2014


∗∗∗ Mitsubishi Electric smartRTU and INEA ME-RTU ∗∗∗
---------------------------------------------
CISA is aware of a public report of a proof-of-concept (PoC) exploit code vulnerability affecting Mitsubishi Electric smartRTU devices. According to this report, there are multiple vulnerabilities that could result in remote code execution with root privileges. CISA is issuing this alert to provide early notice of the report.
---------------------------------------------
https://www.us-cert.gov/ics/alerts/ics-alert-19-255-01


∗∗∗ Delta Industrial Automation DOPSoft ∗∗∗
---------------------------------------------
This advisory includes mitigations for out-of-bounds read and use after free vulnerabilities reported in Delta Electronics’ Delta Industrial Automation DOPSoft HMI editing software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-225-01


∗∗∗ OSIsoft PI Web API ∗∗∗
---------------------------------------------
This advisory includes mitigations for inclusion of sensitive information in log files and protection mechanism failure vulnerabilities reported in OSIsoft LLC’s OSIsoft PI Web API.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-225-02


∗∗∗ Key Negotiation of Bluetooth Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190813-bluetooth


∗∗∗ Two Denial of Service Vulnerabilities on Some Huawei Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190814-01-mobile-en


∗∗∗ August 13, 2019   TNS-2019-05   [R1] Nessus 8.6.0 Fixes One Vulnerability ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2019-05


∗∗∗ Synology-SA-19:33 HTTP/2 DoS Attacks ∗∗∗
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_33

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list