[CERT-daily] Tageszusammenfassung - 06.12.2019

Daily end-of-shift report team at cert.at
Fri Dec 6 18:06:51 CET 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 05-12-2019 18:00 − Freitag 06-12-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ 8 common pen testing mistakes and how to avoid them ∗∗∗
---------------------------------------------
One of the most effective ways to uncover flaws and weaknesses in your security posture is to have a third party carry out planned attacks on your system. Penetration testing is all about exposing gaps in your defenses so that they can be plugged before someone with malicious intent can take advantage. There are several different types of pen test designed to target different aspects of your organization.
---------------------------------------------
https://www.csoonline.com/article/3487557/8-common-pen-testing-mistakes-and-how-to-avoid-them.html


∗∗∗ Lazarus Group Goes Fileless ∗∗∗
---------------------------------------------
The rather infamous APT group, "Lazarus", continues to evolve their macOS capabilities. Today, we tear apart their latest 1st-stage implant that supports remote download & in-memory execution of secondary payloads!
---------------------------------------------
https://objective-see.com/blog/blog_0x51.html


∗∗∗ Phishing with a self-contained credentials-stealing webpage ∗∗∗
---------------------------------------------
Phishing e-mails which are used to steal credentials usually depend on user clicking a link which leads to a phishing website that looks like login page for some valid service. Not all credentials-stealing has to be done using a remote website, however. I recently came across an interesting phishing campaign in which the scammers used a rather novel technique.
---------------------------------------------
https://isc.sans.edu/diary/rss/25580


∗∗∗ If theres somethin stored in a secure enclave, who ya gonna call? Membuster! ∗∗∗
---------------------------------------------
Computer scientists from UC Berkeley, Texas A&M, and semiconductor biz SK Hynix have found a way to defeat secure enclave protections by observing memory requests from a CPU to off-chip DRAM through the memory bus.
---------------------------------------------
https://www.theregister.co.uk/2019/12/05/membuster_secure_enclave/


∗∗∗ Nur noch wenige Wochen: Planänderungen beim Support-Ende bei Windows 7 ∗∗∗
---------------------------------------------
Drei Wochen nach Weihnachten will Microsoft zum letzten Mal kostenlose Sicherheits-Updates für Windows 7 spendieren. Bald wird es also Zeit für den Umstieg..
---------------------------------------------
https://heise.de/-4602768



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Unix-artige Systeme: Sicherheitslücke ermöglicht Übernahme von VPN-Verbindung ∗∗∗
---------------------------------------------
Durch eine gezielte Analyse und Manipulation von TCP-Paketen könnten Angreifer eigene Daten in VPN-Verbindungen einschleusen und diese so übernehmen. Betroffen sind fast alle Unix-artigen Systeme sowie auch VPN-Protokolle. Ein Angriff ist in der Praxis wohl aber eher schwierig. (Security, Server)
---------------------------------------------
https://www.golem.de/news/unix-artige-systeme-sicherheitsluecke-ermoeglicht-uebernahme-von-vpn-verbindung-1912-145403-rss.html


∗∗∗ VMware ESXi and Horizon DaaS updates address OpenSLP remote code execution vulnerability (CVE-2019-5544) ∗∗∗
---------------------------------------------
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0022.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libav), Fedora (kernel, libuv, and nodejs), Oracle (firefox), Red Hat (firefox and java-1.7.1-ibm), SUSE (clamav, cloud-init, dnsmasq, dpdk, ffmpeg, munge, opencv, and permissions), and Ubuntu (librabbitmq).
---------------------------------------------
https://lwn.net/Articles/806543/


∗∗∗ Thales DIS SafeNet Sentinel LDK License Manager Runtime ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-339-01


∗∗∗ Security Bulletin: Netcool Operations Insight – Cloud Native Event Analytics is affected by a FasterXML jackson-databind vulnerability (CVE-2019-14439) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-cloud-native-event-analytics-is-affected-by-a-fasterxml-jackson-databind-vulnerability-cve-2019-14439/


∗∗∗ Security Bulletin: ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-2/


∗∗∗ Security Bulletin: ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin/


∗∗∗ Security Bulletin: IBM DataPower Gateway enables default IPMI account ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-enables-default-ipmi-account/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list