[CERT-daily] Tageszusammenfassung - 04.12.2019
Daily end-of-shift report
team at cert.at
Wed Dec 4 18:09:15 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 03-12-2019 18:00 − Mittwoch 04-12-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ RSA-240: Faktorisierungserfolg gefährdet RSA nicht ∗∗∗
---------------------------------------------
Forscher haben auf einem Rechencluster eine 795 Bit große Zahl faktorisiert. Das RSA-Verschlüsselungs- und Signaturverfahren basiert darauf, dass Faktorisierung schwierig ist. Für die praktische Sicherheit von RSA mit modernen Schlüssellängen hat dieser Durchbruch heute aber wenig Bedeutung.
---------------------------------------------
https://www.golem.de/news/rsa-240-faktorisierungserfolg-gefaehrdet-rsa-nicht-1912-145359-rss.html
∗∗∗ APT review: what the world’s threat actors got up to in 2019 ∗∗∗
---------------------------------------------
What were the most interesting developments in terms of APT activity during the year and what can we learn from them?
---------------------------------------------
https://securelist.com/ksb-2019-review-of-the-year/95394/
∗∗∗ SEC Xtractor: Extrahieren von Daten aus elektronischen Geräten ∗∗∗
---------------------------------------------
Das SEC Consult Hardware Lab hat ein spezielles Hardware-Analyse-Tool entwickelt, mit dem Security Consultants auf einfache Weise Firmware aus Speicherchips auslesen können. Der sogenannte „SEC Xtractor“ wurde nun als Open-Source-Version veröffentlicht.
---------------------------------------------
https://www.sec-consult.com/blog/2019/12/sec-xtractor-extrahieren-von-daten-aus-elektronischen-geraeten/
∗∗∗ Introducing Password Cracking Manager: CrackQ ∗∗∗
---------------------------------------------
Today we are releasing CrackQ, a queuing system to manage password cracking that Ive been working on for about a year. It is primarily for offensive security teams during red teaming and pentesting engagements. Its an intuitive interface for Hashcat served by a REST API and a JavaScript front-end web application for ease of use.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/introducing-password-cracking-manager-crackq/
∗∗∗ How to Respond to Emotet Infection (FAQ) ∗∗∗
---------------------------------------------
The purpose of this entry is to provide instructions on how to check if you are infected with Emotet and what you can do in case of infection (based on the information available as of December 2019).
---------------------------------------------
https://blogs.jpcert.or.jp/en/2019/12/emotetfaq.html
∗∗∗ Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774) ∗∗∗
---------------------------------------------
As established, the patches for CVE-2017-11774 can be effectively “disabled” by modifying registry keys on an endpoint with no special privileges. The following registry keys and values should be configured via Group Policy to reinforce the recommended configurations in the event that an attacker attempts to reverse the intended security configuration on an endpoint to allow for Outlook home page persistence for malicious purposes.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html
∗∗∗ Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business ∗∗∗
---------------------------------------------
... WHfB keys are tied to a user and a device that has been added to Azure AD, and if the device is removed, the corresponding WHfB key is considered orphaned. However, these orphaned keys are not deleted even when the device it was created on is no longer present. Any authentication to Azure AD using such an orphaned WHfB key will be rejected. However, some of these orphaned keys could lead to the following security issue in Active Directory 2016 or 2019, in either hybrid or on-premises
---------------------------------------------
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190026
∗∗∗ Betrug mit begehrten Champions League Tickets auf Facebook ∗∗∗
---------------------------------------------
Die Lieblings-Band einmal live zu erleben oder den favorisierten Fußballklub in der UEFA Champions League live im Stadion anzufeuern, ist ein einmaliges Erlebnis. In Facebook-Gruppen ausverkaufter Events versuchen verzweifelte Fans, die letzten Tickets zu ergattern. In Privatnachrichten werden ihnen diese Karten auf Facebook gegen Überweisung oder PayPal-Zahlung versprochen. Vorsicht: Dahinter können Kriminelle stecken!
---------------------------------------------
https://www.watchlist-internet.at/news/betrug-mit-begehrten-champions-league-tickets-auf-facebook/
∗∗∗ Two malicious Python libraries removed from PyPI ∗∗∗
---------------------------------------------
One library was available for only two days, but the second was live for nearly a year.
---------------------------------------------
https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/
=====================
= Vulnerabilities =
=====================
∗∗∗ Reliable Controls LicenseManager ∗∗∗
---------------------------------------------
This advisory contains mitigations for an unquoted search path or element vulnerability in the Reliable Controls LicenseManager.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-337-01
∗∗∗ Moxa AWK-3121 ∗∗∗
---------------------------------------------
This advisory contains mitigations for multiple vulnerabilities in Moxa’s AWK-3121 wireless access point/bridge/client.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-337-02
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (389-ds-base, ghostscript, kernel, and tcpdump), Debian (libonig), Fedora (clamav, firefox, and oniguruma), openSUSE (calamares, cloud-init, haproxy, libarchive, libidn2, libxml2, and ucode-intel), Scientific Linux (SDL and tcpdump), Slackware (mozilla), and Ubuntu (haproxy, intel-microcode, and postgresql-common).
---------------------------------------------
https://lwn.net/Articles/806296/
∗∗∗ Security Advisory - Improper Authentication Vulnerability in Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-01-smartphone-en
∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Fastjson ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-01-fastjson-en
∗∗∗ Security Advisory - Out-of-bounds Read Vulnerability in Advanced Packages of Gauss100 OLTP Database ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-01-gauss100-en
∗∗∗ Security Advisory - Denial of Service Vulnerability in some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-03-dos-en
∗∗∗ Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-01-vrp-en
∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-02-dos-en
∗∗∗ Security Advisory - Insufficient Verification of Data Authenticity Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-01-validation-en
∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-04-dos-en
∗∗∗ Security Advisory - Path Traversal Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-03-smartphone-en
∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-02-smartphone-en
∗∗∗ Security Bulletin: : Netcool Operations Insight – Cloud Native Event Analytics is affected by a FasterXML jackson-databind vulnerability (CVE-2019-12814) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-cloud-native-event-analytics-is-affected-by-a-fasterxml-jackson-databind-vulnerability-cve-2019-12814/
∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Cloud Pak System (CVE-2019-1552) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-cloud-pak-system-cve-2019-1552/
∗∗∗ Security Bulletin: Security Vulnerabilities have been identified in IBM Java Runtime as shipped with Tivoli Federated Identity Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-java-runtime-as-shipped-with-tivoli-federated-identity-manager/
∗∗∗ Security Bulletin: A security vulnerability has been identified in Red Hat® Enterprise Linux (RHEL) Server shipped with PurePower Integrated Manager (PPIM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-red-hat-enterprise-linux-rhel-server-shipped-with-purepower-integrated-manager-ppim-2/
∗∗∗ Security Bulletin: Netcool Operations Insight – Cloud Native Event Analytics is affected by an Apache Kafka vulnerability (CVE-2018-17196) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-cloud-native-event-analytics-is-affected-by-an-apache-kafka-vulnerability-cve-2018-17196/
∗∗∗ Security Bulletin: A security vulnerability has been identified in Red Hat® Enterprise Linux (RHEL) Server shipped with PurePower Integrated Manager (PPIM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-red-hat-enterprise-linux-rhel-server-shipped-with-purepower-integrated-manager-ppim/
∗∗∗ Security Bulletin: Netcool Operations Insight – Cloud Native Event Analytics is affected by an Apache Zookeeper vulnerability (CVE-2019-0201) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-cloud-native-event-analytics-is-affected-by-an-apache-zookeeper-vulnerability-cve-2019-0201/
∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2019-2602) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-java-sdk-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products-cve-2019-2602/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list