[CERT-daily] Tageszusammenfassung - 28.08.2019

Daily end-of-shift report team at cert.at
Wed Aug 28 18:29:37 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 27-08-2019 18:00 − Mittwoch 28-08-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Dangerous Cryptomining Worm Racks Up 850K Infections, Self-Destructs ∗∗∗
---------------------------------------------
Law enforcement takedown causes Retadup malware to eat itself.
---------------------------------------------
https://threatpost.com/cryptomining-worm-infections-self-destructs/147767/


∗∗∗ [Guest Diary] Open Redirect: A Small But Very Common Vulnerability, (Wed, Aug 28th) ∗∗∗
---------------------------------------------
This is a guest diary submitted by Jan Kopriva. Jan is working for Alef Nula (http://www.alef.com) and you can follow him on Twitter at @jk0pr
---------------------------------------------
https://isc.sans.edu/diary/rss/25276


∗∗∗ Extracting Certificates From the Windows Registry ∗∗∗
---------------------------------------------
I helped a colleague with a forensic analysis by extracting certificates from the Windows registry. In this blog post, we explain how to do this.
---------------------------------------------
https://blog.nviso.be/2019/08/28/extracting-certificates-from-the-windows-registry/


∗∗∗ RAT Ratatouille: Backdooring PCs with leaked RATs ∗∗∗
---------------------------------------------
Orcus RAT and RevengeRAT are two of the most popular remote access trojans (RATs) in use across the threat landscape. Since its emergence in 2016, various adversaries used RevengeRAT to attack organizations and individuals around the world. The source code associated with RevengeRAT was previously released to the public, allowing attackers to leverage it for their own malicious purposes.
---------------------------------------------
https://blog.talosintelligence.com/2019/08/rat-ratatouille-revrat-orcus.html


∗∗∗ Identitätsdiebstahl mit gefälschten Airbnb-Mails ∗∗∗
---------------------------------------------
Achtung: Kriminelle versenden erfundene Mails im Namen von Airbnb an zahlreiche Kundinnen und Kunden. Darin behaupten sie, dass das Konto gesperrt wurde und nun Kopien des Personalausweises, Selfies mit dem Ausweis neben dem Gesicht sowie eine handschriftliche Notiz zur Freischaltung notwendig wären. Die Nachricht muss ignoriert werden, andernfalls kommt es zu Identitätsmissbrauch!
---------------------------------------------
https://www.watchlist-internet.at/news/identitaetsdiebstahl-mit-gefaelschten-airbnb-mails/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Delta Controls enteliBUS Controllers ∗∗∗
---------------------------------------------
This advisory contains mitigations for a buffer overflow vulnerability in Delta Controllers enteliBUS Controllers industrial control systems.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-239-01


∗∗∗ Datalogic AV7000 Linear Barcode Scanner ∗∗∗
---------------------------------------------
This advisory contains mitigations for an authentication bypass using an alternate path vulnerability in Datalogics AV7000 Linear Barcode Scanners.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-239-02


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dovecot), Fedora (docker and nghttp2), Oracle (pango), SUSE (apache2, fontforge, ghostscript-library, libreoffice, libvirt, podman, slirp4netns and libcontainers-common, postgresql10, and slurm), and Ubuntu (dovecot).
---------------------------------------------
https://lwn.net/Articles/797579/


∗∗∗ DLL Hijacking Flaw Patched in Check Point Endpoint Security ∗∗∗
---------------------------------------------
Researchers at SafeBreach discovered that Check Point’s Endpoint Security product is affected by a DLL hijacking vulnerability that can be exploited for privilege escalation and other purposes. read more
---------------------------------------------
https://www.securityweek.com/dll-hijacking-flaw-patched-check-point-endpoint-security


∗∗∗ CVE-2019-13609 - CRLF Vulnerability in Citrix License Server for Windows and VPX ∗∗∗
---------------------------------------------
A Carriage Return Line Feed (CRLF) injection vulnerability has been identified in Citrix License Server for Windows and VPX that could allow an unauthenticated attacker to bypass authentication and allow a malicious website to read or modify license server [...]
---------------------------------------------
https://support.citrix.com/article/CTX257644


∗∗∗ Realtek Managed Switch Controller RTL83xx Stack Overflow ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2019080138


∗∗∗ Security Advisory - Key Negotiation of Bluetooth (KNOB) Vulnerability ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190828-01-knob-en


∗∗∗ IBM Security Bulletin: IBM Cloud Automation Manager is affected by a insecure Content-Security-Policy header vulnerability CVE-2019-4133 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-automation-manager-is-affected-by-a-insecure-content-security-policy-header-vulnerability-cve-2019-4133/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list