[CERT-daily] Tageszusammenfassung - 12.12.2019

Thu Dec 12 18:29:11 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 11-12-2019 18:00 − Donnerstag 12-12-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ (Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing ∗∗∗
---------------------------------------------
Cryptocurrencies values are increasing again, which may explain why the number of stealthy techniques to deliver them have also increased this year. We found another campaign using process hollowing and a dropper component to evade detection and analysis, and can potentially be used for other malware payloads.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/wSpVXlrw0Ok/


∗∗∗ Code & Data Reuse in the Malware Ecosystem ∗∗∗
---------------------------------------------
In the past, I already had the opportunity to give some "security awareness" sessions to developers. One topic that was always debated is the reuse of existing code. Indeed, for a developer, its tempting to not reinvent the wheel when somebody already wrote a piece of code that achieves the expected results. From a gain of time perspective, its a win for the developers who can focus on other code. Of course, this can have side effects and introduce bugs, backdoors, etc...
---------------------------------------------
https://isc.sans.edu/forums/diary/Code+Data+Reuse+in+the+Malware+Ecosystem/25598/


∗∗∗ Winbox in the Wild ∗∗∗
---------------------------------------------
I’ve written, ad nauseam, about MikroTik routers. I’ve detailed vulnerabilities, post exploitation, and the protocol used by Winbox to communicate to the router on port 8291: [...]
---------------------------------------------
https://medium.com/tenable-techblog/winbox-in-the-wild-9a2ee4946add?source=rss----68728ef06732---4


∗∗∗ The little-known ways mobile device sensors can be exploited by cybercriminals ∗∗∗
---------------------------------------------
Mobile device sensors offer great utility to users—from taking pictures and commanding voice assistants to determining which direction to flip your screen. However, they harbor little-known vulnerabilities that could be exploited by crafty cybercriminals.
---------------------------------------------
https://blog.malwarebytes.com/iot/2019/12/the-little-known-ways-mobile-device-sensors-can-be-exploited-by-cybercriminals/


∗∗∗ Gefälschte Post-SMS zur Zahlung für wartende Pakete ∗∗∗
---------------------------------------------
Warten Sie gerade auf ein Paket? In der Weihnachtszeit ist das nicht unwahrscheinlich! Kriminelle nützen das und versenden gefälschte SMS mit dem Absendenamen „PST“ oder „POST“. Sie sollen eine Zahlung über 2,99 Euro bestätigen indem Sie einem Link folgen. Sie landen auf einer gefälschten Post-Website. Geben Sie Ihre Daten hier nicht ein – man versucht sie Ihnen zu stehlen!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-post-sms-zur-zahlung-fuer-wartende-pakete/


∗∗∗ What I Learned from Reverse Engineering Windows Containers ∗∗∗
---------------------------------------------
Our researcher provides an overview on containers - starting with their Linux history - and shows the different implementations of containers in Windows, how they work, the security pitfalls that may occur, as well as the internal implementation of objects that are necessary for Containers in Windows.
---------------------------------------------
https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/


∗∗∗ Microsoft details the most clever phishing techniques it saw in 2019 ∗∗∗
---------------------------------------------
This years most clever phishing tricks include hijacking Google search results and abusing 404 error pages.
---------------------------------------------
https://www.zdnet.com/article/microsoft-details-the-most-clever-phishing-techniques-it-saw-in-2019/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox and nss-softokn), Fedora (samba), Oracle (nss, nss-softokn, nss-util, nss-softokn, and thunderbird), Scientific Linux (thunderbird), SUSE (firefox), and Ubuntu (librabbitmq and samba).
---------------------------------------------
https://lwn.net/Articles/807186/


∗∗∗ Synology-SA-19:40 Samba AD DC ∗∗∗
---------------------------------------------
CVE-2019-14861 and CVE-2019-11479 allow remote authenticated users to conduct denial-of-service attacks or bypass security constraints via a susceptible version of Synology Directory Server.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_40


∗∗∗ Webform - Critical - Multiple vulnerabilities - SA-CONTRIB-2019-096 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-096


∗∗∗ Modal Page - Moderately critical - Access bypass - SA-CONTRIB-2019-094 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-094


∗∗∗ Taxonomy access fix - Moderately critical - Access bypass - SA-CONTRIB-2019-093 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-093


∗∗∗ Smart Trim - Moderately critical - Cross site scripting - SA-CONTRIB-2019-092 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-092


∗∗∗ Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2019-095 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-095


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ BIG-IP TMM vulnerability CVE-2019-6671 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K39225055


∗∗∗ TMOS vulnerability CVE-2019-6664 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K03126093


∗∗∗ HPESBHF03973 rev.1 - HPE Servers with certain Intel Processors, Local Disclosure of Information, Local Escalation of Privilege ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03973en_us


∗∗∗ Red Hat OpenShift Service Mesh: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1067


∗∗∗ OpenBSD: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1070


∗∗∗ Linux Kernel und hostapd: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1071

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily