[CERT-daily] Tageszusammenfassung - 30.08.2019

Daily end-of-shift report team at cert.at
Fri Aug 30 18:48:59 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 29-08-2019 18:00 − Freitag 30-08-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Windows 7: Update-Blockade für Symantec-Nutzer aufgehoben ∗∗∗
---------------------------------------------
Microsoft hat Windows-Updates wieder für Nutzer von Symantec Endpoint Protection freigegeben.
---------------------------------------------
https://heise.de/-4509981


∗∗∗ CERT-Bund warnt vor offenen Smarthome-Systemen ∗∗∗
---------------------------------------------
Fast 3000 Homematic-Systeme sind offenbar aus dem Internet erreichbar -- die meisten davon lassen sich beliebig fernsteuern.
---------------------------------------------
https://heise.de/-4509977


∗∗∗ It Saved Our Community: 16 Realistic Ransomware Defenses for Cities ∗∗∗
---------------------------------------------
Practical steps municipal governments can take to better prevent and respond to ransomware infections.
---------------------------------------------
https://www.darkreading.com/edge/theedge/it-saved-our-community-16-realistic-ransomware-defenses-for-cities/b/d-id/1335685


∗∗∗ A very deep dive into iOS Exploit chains found in the wild ∗∗∗
---------------------------------------------
Posted by Ian Beer, Project ZeroProject Zero’s mission is to make 0-day hard. We often work with other companies to find and report security vulnerabilities, with the ultimate goal of advocating for structural security improvements in popular systems to help protect people everywhere. Earlier this year Googles Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using [...]
---------------------------------------------
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html


∗∗∗ Scalable infrastructure for investigations and incident response ∗∗∗
---------------------------------------------
Traditional computer forensics and cyber investigations are as relevant in the cloud as they are in on-premise environments, but the methods in which to access and perform such investigations differ. This post will describe some of the challenges of bringing on-premises forensics techniques to the cloud and show one solution to overcome these challenges, using [...]
---------------------------------------------
https://msrc-blog.microsoft.com:443/2019/08/30/scalable-infrastructure-for-investigations-and-incident-response/


∗∗∗ [SANS ISC] Malware Dropping a Local Node.js Instance ∗∗∗
---------------------------------------------
I published the following diary on isc.sans.edu: “Malware Dropping a Local Node.js Instance“: Yesterday, I wrote a diary about misused Microsoft tools[1]. I just found another interesting piece of code. This time the malware is using Node.js[2].
---------------------------------------------
https://blog.rootshell.be/2019/08/30/sans-isc-malware-dropping-a-local-node-js-instance/


∗∗∗ Definitive Dossier of Devilish Debug Details – Part One: PDB Paths and Malware ∗∗∗
---------------------------------------------
Have you ever wondered what goes through the mind of a malware author? How they build their tools? How they organize their development projects? What kind of computers and software they use? We took a stab and answering some of those questions by exploring malware debug information. We find that malware developers give descriptive names to their folders and code projects, often describing the capabilities of the malware in development.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Change Healthcare McKesson and Horizon Cardiology ∗∗∗
---------------------------------------------
This advisory contains mitigations for an incorrect default permissions vulnerability in Change Healthcares cardiology devices.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-19-241-01


∗∗∗ Philips HDI 4000 Ultrasound ∗∗∗
---------------------------------------------
This advisory contains mitigations for a use of obsolete function vulnerability in Philips HDI 4000 Ultrasound Systems diagnostic tool.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-19-241-02


∗∗∗ Cisco Firepower 4100 and 9300 Security Appliance Local Management Filtering Bypass Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the process for creating default IP blocks during device initialization for Cisco Firepower 4100 Series and Firepower 9300 Security Appliances running Cisco FXOS Software could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower1


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (dovecot, gettext, go, go-pie, libnghttp2, and pigeonhole), Debian (djvulibre, dovecot, and subversion), Fedora (sleuthkit and wireshark), openSUSE (containerd, docker, docker-runc, and qbittorrent), Oracle (pango), SUSE (kernel, nodejs10, and python-SQLAlchemy), and Ubuntu (apache2).
---------------------------------------------
https://lwn.net/Articles/797938/


∗∗∗ Linux kernel vulnerability CVE-2019-10639 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K32804955


∗∗∗ Avira Optimizer Local Privilege Escalation ∗∗∗
---------------------------------------------
https://posts.specterops.io/avira-optimizer-local-privilege-escalation-af109b7df5b1


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-collaboration-and-deployment-services-4/


∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-za ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-za/


∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-z ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-z/


∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-websphere-cast-iron-solution-app-connect-professional-is-affected-by-apache-tomcat-vulnerabilities/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list