[CERT-daily] Tageszusammenfassung - 25.01.2019

Fri Jan 25 18:07:23 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 24-01-2019 18:00 − Freitag 25-01-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Fighting Emotet: lessons from the front line ∗∗∗
---------------------------------------------
Emotet is moving, shape-shifting target for admins and their security software. Heres what weve learned from dealing with outbreaks.
---------------------------------------------
https://nakedsecurity.sophos.com/2019/01/25/fighting-emotet-lessons-from-the-front-line/


∗∗∗ Youre an admin! Youre an admin! Youre all admins, thanks to this Microsoft Exchange zero-day and exploit ∗∗∗
---------------------------------------------
Easily swapped hashed passwords gives Domain Admin rights via API call. Fix may land next month Microsoft Exchange appears to be currently vulnerable to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2019/01/25/microsoft_exchange_hashed_passwords/


∗∗∗ Magento – RCE & Local File Read with low privilege admin rights ∗∗∗
---------------------------------------------
These vulnerabilities have been responsibly disclosed to Magento team, and received patches in Magento versions 2.3.0, 2.2.7 and 2.1.16 which were released in November 2018.
---------------------------------------------
https://blog.scrt.ch/2019/01/24/magento-rce-local-file-read-with-low-privilege-admin-rights/


∗∗∗ Mac-Trojaner versteckt sich in Werbebannern ∗∗∗
---------------------------------------------
Die auf macOS abzielende Malware wird in großem Stil per Banner-Werbung ausgeliefert und steganographisch versteckt, warnt eine Sicherheitsfirma.
---------------------------------------------
http://heise.de/-4287382


∗∗∗ Neue Passwort-Leaks: Insgesamt 2,2 Milliarden Accounts betroffen ∗∗∗
---------------------------------------------
Nach der Passwort-Sammlung Collection #1 kursieren nun auch die riesigen Collections #2-5 im Netz. So überprüfen Sie, ob Ihre Accounts betroffen sind.
---------------------------------------------
http://heise.de/-4287538


∗∗∗ Diverse Sicherheitslücken in iTunes für Windows ∗∗∗
---------------------------------------------
Apple hat seiner Mediathek-App auf dem PC ein Update spendiert, das mehr als ein halbes Dutzend Bugs fixt – darunter auch kritische.
---------------------------------------------
http://heise.de/-4287940


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Advantech WebAccess/SCADA ∗∗∗
---------------------------------------------
This advisory includes mitigations for improper authentication, authentication bypass, and SQL injection vulnerabilities in the WebAccess/SCADA software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01


∗∗∗ PHOENIX CONTACT FL SWITCH ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for cross-site request forgery, improper restriction of excessive authentication attempts, cleartext transmission of sensitive information, resource exhaustion, incorrectly specified destination in a communication channel, insecure storage of sensitive information, and memory corruption vulnerabilities reported in Phoenix Contacts FL SWITCH ethernet hardware.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mxml, postgresql-9.4, and tmpreaper), Fedora (haproxy and runc), openSUSE (krb5, soundtouch, virtualbox, and zeromq), Oracle (thunderbird), Red Hat (thunderbird), and Ubuntu (subversion and thunderbird).
---------------------------------------------
https://lwn.net/Articles/777549/


∗∗∗ Cross-site scripting in CA Automic Workload Automation Web Interface (formerly Automic Automation Engine) ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-automic-workload-automation-web-interface-formerly-automic-automation-engine/


∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by vulnerabilities in VMWare component (CVE-2018-6981 CVE-2018-6982) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-system-is-affected-by-vulnerabilities-in-vmware-component-cve-2018-6981-cve-2018-6982/


∗∗∗ IBM Security Bulletin: OpenSSL vunerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vunerability/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (October 2018 updates) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-os-images-for-red-hat-linux-systems-october-2018-updates/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System (July and October 2018 updates) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-pureapplication-system-july-and-october-2018-updates/


∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6974) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-system-is-affected-by-a-vulnerability-in-vmware-component-cve-2018-6974/


∗∗∗ IBM Security Bulletin: Multiple Foreshadow Spectre Variant vulnerabilities affect IBM OS Image for Red Hat Linux Systems in IBM PureApplication System (CVE-2018-3615 CVE-2018-3620 CVE-2018-3646) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-foreshadow-spectre-variant-vulnerabilities-affect-ibm-os-image-for-red-hat-linux-systems-in-ibm-pureapplication-system-cve-2018-3615-cve-2018-3620-cve-2018-3646/


∗∗∗ IBM SECURITY BULLETIN: IBM QRadar SIEM is vulnerable to Content Spoofing (CVE-2018-1733) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-content-spoofing-cve-2018-1733/


∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6972) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-system-is-affected-by-a-vulnerability-in-vmware-component-cve-2018-6972/


∗∗∗ IBM Security Bulletin: IBM DataPower Gateway appliances are affected by a vulnerability in IPMI (CVE-2018-1668) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway-appliances-are-affected-by-a-vulnerability-in-ipmi-cve-2018-1668/


∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability (CVE-2018-3639) pertaining third-party CPU hardware ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-system-is-affected-by-a-vulnerability-cve-2018-3639-pertaining-third-party-cpu-hardware/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily