[CERT-daily] Tageszusammenfassung - 23.01.2019
Daily end-of-shift report
team at cert.at
Wed Jan 23 18:12:12 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 22-01-2019 18:00 − Mittwoch 23-01-2019 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Microsoft’s Cyber Defense Operations Center shares best practices ∗∗∗
---------------------------------------------
You can download the Cyber Defense Operations Center strategy brief to gain more insight into how we work to protect, detect, and respond to cybersecurity threats.
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2019/01/23/cdoc-best-practices/
∗∗∗ Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com ∗∗∗
---------------------------------------------
Two of the most disruptive and widely-received spam email campaigns over the past few months -- including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year -- were made possible thanks to an authentication weakness at GoDaddy.com, the worlds largest domain name registrar, KrebsOnSecurity has learned.
Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains tied to GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world’s most trusted corporate names and brands.
---------------------------------------------
https://krebsonsecurity.com/2019/01/bomb-threat-sextortion-spammers-abused-weakness-at-godaddy-com/
∗∗∗ Gefälschte Geschäftsführungs-mail zu Kontostand ∗∗∗
---------------------------------------------
Unternehmen aufgepasst: Momentan erreichen uns zahlreiche Meldungen zu Betrugs-E-Mails, in welchen Kriminelle sich als Geschäftsführer/in des jeweiligen Unternehmens ausgeben. Gefragt wird nach dem aktuellen Kontostand. Ist genug Geld am Konto, soll eine Auslandsüberweisung initiiert werden. Das Geld darf nicht überwiesen werden, denn es wäre verloren.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-geschaeftsfuehrungs-mail-zu-kontostand/
∗∗∗ Rechtliche Folgen für Phishing-Opfer ∗∗∗
---------------------------------------------
Konsument/innen, die auf eine Banken-Phishingmail hereinfallen, übermitteln Kriminelle Daten, die diesen einen Zugriff auf ihr OnlineBanking-Konto ermöglichen. Teilen Kund/innen den Betrüger/innen telefonisch den TAN-Code zur Freigabe einer Überweisung mit, bleiben sie auf ihrem Schaden sitzen. Sie halten keine allgemein bekannten Sicherheitsvorkehrungen ein.
---------------------------------------------
https://www.watchlist-internet.at/news/rechtliche-folgen-fuer-phishing-opfer/
=====================
= Vulnerabilities =
=====================
∗∗∗ ZDI-19-121: (0day) Microsoft Windows contact File Insufficient UI Warning Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of CONTACT files. Crafted data in a CONTACT file can cause Windows to display a dangerous hyperlink. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of the current user.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-121/
∗∗∗ No-Name-Hausautomation: Lücke erlaubt leichten Firmware-Upload ∗∗∗
---------------------------------------------
Viele Geräte für die Hausautomation stammen von der Firma Tuya und haben Sicherheitslücken, die einfache Modifikation zulassen – zum Guten oder zum Schlechten.
---------------------------------------------
https://heise.de/-4284783
∗∗∗ Kritische Sicherheitslücke in Debians Update-Tools ∗∗∗
---------------------------------------------
Debian-basierte Linux-Systeme weisen eine Sicherheitslücke auf, über die Angreifer das System während des Einspielens von Sicherheits-Updates kapern könnten.
---------------------------------------------
http://heise.de/-4285012
∗∗∗ iOS 12.1.3 & Co: Apple stopft gravierende Schwachstellen auf iPhone und Mac ∗∗∗
---------------------------------------------
Mit Updates für alle Betriebssysteme räumt der Konzern Sicherheitslücken aus. Ein Bug erlaubt das Schadcode-Einschleusen per FaceTime-Anruf.
---------------------------------------------
http://heise.de/-4285106
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libjpeg-turbo and systemd), Fedora (matrix-synapse, mingw-libjpeg-turbo, and mingw-libvorbis), Mageia (libcaca, libmp4v2, libxml2, pdns-recursor, perl-Email-Address, php-pear-HTML_QuickForm, podofo, and wavpack), openSUSE (webkit2gtk3), Red Hat (qemu-kvm-rhev), Scientific Linux (perl), Slackware (httpd), and Ubuntu (ntp).
---------------------------------------------
https://lwn.net/Articles/777385/
∗∗∗ OpenBMC caught with 'pantsdown' over new security flaw ∗∗∗
---------------------------------------------
A severe vulnerability has been found which impacts multiple Baseboard Management Controller (BMC) firmware stacks and hardware.
The bug, CVE-2019-6260, has been nicknamed "pantsdown" ...
---------------------------------------------
https://www.zdnet.com/article/bmc-caught-with-pantsdown-over-new-batch-of-security-flaws/#ftag=RSSbaffb68
∗∗∗ Dräger Infinity Delta ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01
∗∗∗ Johnson Controls Facility Explorer ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01
∗∗∗ Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass
∗∗∗ Cisco Connected Mobile Experiences Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cmx-info-discl
∗∗∗ Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams
∗∗∗ Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
∗∗∗ Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf
∗∗∗ Cisco AMP Threat Grid API Key Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-threat-grid
∗∗∗ Cisco SD-WAN Solution Unauthorized Access Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-unaccess
∗∗∗ Cisco SD-WAN Solution Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal
∗∗∗ Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write
∗∗∗ Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal
∗∗∗ Cisco SD-WAN Solution Buffer Overflow Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
∗∗∗ Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject
∗∗∗ Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
∗∗∗ Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-nfvis-shell-access
∗∗∗ Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss
∗∗∗ Cisco Webex Meetings Server Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-meetings-xss
∗∗∗ Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss
∗∗∗ Cisco Identity Services Engine Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege
∗∗∗ Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-info-disclosure
∗∗∗ Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-iot-fnd-dos
∗∗∗ Cisco Firepower Management Center Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-frpwr-mc-xss
∗∗∗ Cisco Prime Infrastructure Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cpi-xss
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-rational-application-developer-for-websphere-software-2/
∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by a vulnerability (CVE-2018-1959) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity-manager-is-affected-by-a-vulnerability-cve-2018-1959/
∗∗∗ IBM Security Bulletin: Server Automation is affected by the following vulnerabilities exposures (CVE-2018-8039, CVE-2018-1683, CVE-2018-1755) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-server-automation-is-affected-by-the-following-vulnerabilities-exposures-cve-2018-8039-cve-2018-1683-cve-2018-1755/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud-2/
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Integration Designer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-integration-designer-3/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-tivoli-netcool-configuration-manager/
∗∗∗ PHOENIX CONTACT Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-001
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list