[CERT-daily] Tageszusammenfassung - 29.07.2019
Daily end-of-shift report
team at cert.at
Mon Jul 29 18:07:20 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 26-07-2019 18:00 − Montag 29-07-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Rare Steganography Hack Can Compromise Fully Patched Websites ∗∗∗
---------------------------------------------
An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP code into JPEG files’ EXIF headers in order to upload malware onto targeted websites.
---------------------------------------------
https://threatpost.com/rare-steganography-hack-can-compromise-fully-patched-websites/146701/
∗∗∗ A VxWorks Operating System Bug Exposes 200 Million Critical Devices ∗∗∗
---------------------------------------------
VxWorks is designed as a secure, "real-time" operating system for continuously functioning devices, like medical equipment, elevator controllers, or satellite modems.
---------------------------------------------
https://www.wired.com/story/vxworks-vulnerabilities-urgent11
∗∗∗ Finding Evil in Windows 10 Compressed Memory, Part One: Volatility andRekall Tools ∗∗∗
---------------------------------------------
Paging all digital forensicators, incident responders, and memory manager enthusiasts! Have you ever found yourself at a client site working around the clock to extract evil from a Windows 10 image? Have you hit the wall at step zero, running into difficulties viewing a process tree, or enumerating kernel modules? Or even worse, had to face the C-Suite and let them know you couldn’t find any evil? Well fear no more – FLARE has you covered.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2019/07/finding-evil-in-windows-ten-compressed-memory-part-one.html
∗∗∗ Examining the Link Between TLD Prices and Abuse ∗∗∗
---------------------------------------------
Briefing Over the years, McAfee researchers have observed that certain new top-level Domains (TLDs) are more likely to be abused by cyber criminals for malicious activities than others. Our investigations reveal a negative relationship between the likelihood for abuse and registration price of some TLDs, as reported by the McAfee URL and email intelligence team.
---------------------------------------------
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/examining-the-link-between-tld-prices-and-abuse/
=====================
= Vulnerabilities =
=====================
∗∗∗ BlackBerry Powered by Android Security Bulletin - July 2019 ∗∗∗
---------------------------------------------
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build.
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000057910
∗∗∗ iTunes und iCloud für Windows mit Sicherheitslücken – Updates einspielen ∗∗∗
---------------------------------------------
iTunes 12.9.6 und iCloud für Windows sollen kritische Schwachstellen beseitigen, die Apple auch in eigenen Betriebssystemen behoben hat.
---------------------------------------------
https://heise.de/-4480524
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (patch, sdl-image1.2, and unzip), Fedora (deepin-clone, dtkcore, dtkwidget, and sqlite), Mageia (virtualbox), openSUSE (firefox), and SUSE (cronie and firefox).
---------------------------------------------
https://lwn.net/Articles/794838/
∗∗∗ LibreOffice: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in LibreOffice ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0662
∗∗∗ Trend Micro OfficeScan: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode und DoS ∗∗∗
---------------------------------------------
Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro OfficeScan ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen und um einen Denial of Service zu verursachen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0666
∗∗∗ OpenLDAP: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
OpenLDAP ist eine frei verfügbare Implementierung des Verzeichnisdienstes LDAP. Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenLDAP ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0665
∗∗∗ xpdf: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein lokaler Angreifer kann mehrere Schwachstellen in xpdf ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herzustellen oder Informationen auszuspähen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0663
∗∗∗ IBM Security Bulletin: IBM Cloud Automation Manager is affected by an issue with API endpoints behind the ‘docker cp’ ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-automation-manager-is-affected-by-an-issue-with-api-endpoints-behind-the-docker-cp/
∗∗∗ IBM Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center (CVE-2019-4285) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-clickjacking-vulnerability-in-websphere-application-server-liberty-admin-center-cve-2019-4285/
∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-digital-payments/
∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Asset Analyzer. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-asset-analyzer/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Digital Payments ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-financial-transaction-manager-for-digital-payments-2/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-monitoring-8/
∗∗∗ IBM Security Bulletin: IBM i2 Intelligent Analyis Platform is affected by a XML External Entity (XXE) vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i2-intelligent-analyis-platform-is-affected-by-a-xml-external-entity-xxe-vulnerability/
∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Digital Payments for Multi-Platform is affected by vulnerabilities in IBM Java Runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-digital-payments-for-multi-platform-is-affected-by-vulnerabilities-in-ibm-java-runtime/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics/
∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-digital-payments-is-affected-by-a-potential-cross-site-scripting-xss-vulnerability-cve-2018-1871/
∗∗∗ HPESBUX03927 rev.1 - HP-UX BIND, Remote Denial of Service (DoS) and Remote Unauthorized Data Modification ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us
∗∗∗ HPESBHF03944 rev.1 - HPE HP2910al-48G switches, local Arbitrary Command Execution ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03944en_us
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list