[CERT-daily] Tageszusammenfassung - 11.06.2019
Daily end-of-shift report
team at cert.at
Tue Jun 11 18:21:57 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 07-06-2019 18:00 − Dienstag 11-06-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Paketmanagement: Java-Dependencies über unsichere HTTP-Downloads ∗∗∗
---------------------------------------------
In zahlreichen Java-Projekten werden Abhängigkeiten ungeprüft über HTTP ohne TLS heruntergeladen. Ein Netzwerkangreifer kann dadurch trivial die Downloads manipulieren und Schadcode ausführen.
---------------------------------------------
https://www.golem.de/news/paketmanagement-java-dependencies-ueber-unsichere-http-downloads-1906-141810-rss.html
∗∗∗ Tip: Sysmon Will Log DNS Queries ∗∗∗
---------------------------------------------
[...] Mark announced a new version of Sysmon that will log DNS queries (and replies): [...]
---------------------------------------------
https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/
∗∗∗ Microsoft Office: Gefährliches RTF-Dokument bringt Backdoor-Trojaner mit ∗∗∗
---------------------------------------------
Derzeit nutzen Angreifer vermehrt eine zwei Jahre alte Office-Lücke aus, für die es bereits einen Patch gibt. Dabei stehen vor allem Ziele in Europa im Fokus.
---------------------------------------------
https://heise.de/-4444187
∗∗∗ China Telecom Routes European Traffic to Its Network for Two Hours ∗∗∗
---------------------------------------------
For two hours last week, a BGP route leak resulted in large portions of European Internet traffic being routed through China Telecom’s network. read more
---------------------------------------------
https://www.securityweek.com/china-telecom-routes-european-traffic-its-network-two-hours
∗∗∗ Bitcoin-Erpressungs-Mail mit erfundenen Webcam-Aufnahmen ∗∗∗
---------------------------------------------
Kriminelle versenden massenhaft E-Mails an Internet-Nutzer/innen, in denen sie behaupten, dass die Systeme der Empfänger/innen gehackt wurden. Sie geben an, dadurch Videos über die Webcam aufgenommen zu haben, die die Empfänger/innen beim Masturbieren zeigen sollen. Um eine Verbreitung der Aufnahmen zu verhindern, werden 2000 Euro in Bitcoins gefordert. Es besteht kein Grund zur Sorge, denn es handelt sich um einen Erpressungsversuch und die Videos existieren nicht.
---------------------------------------------
https://www.watchlist-internet.at/news/bitcoin-erpressungs-mail-mit-erfundenen-webcam-aufnahmen/
∗∗∗ Major HSM vulnerabilities impact banks, cloud providers, governments ∗∗∗
---------------------------------------------
Researchers disclose major vulnerabilities in HSMs (Hardware Security Modules).
---------------------------------------------
https://www.zdnet.com/article/major-hsm-vulnerabilities-impact-banks-cloud-providers-governments/
∗∗∗ Das CERT, das Wolf rief ∗∗∗
---------------------------------------------
Die Fabel ist bekannt: dem Hirtenjungen war fad, er schlug Alarm ("Wolf!"), um die Eintönigkeit zu vertreiben, und als dann der Wolf wirklich da war, hörte keiner mehr auf seinen Hilferuf. Wir haben regelmäßig ein ähnliches Thema: Wir sollen möglichst früh vor kommenden Problemen warnen, aber wenn der vorhergesagte Notfall doch nicht eintritt, dann senkt das unsere Glaubwürdigkeit.
---------------------------------------------
http://www.cert.at/services/blog/20190611093533-2484.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe ColdFusion (APSB19-27), Adobe Flash Player (APSB19-30) and Adobe Campaign (APSB19-28). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1760
∗∗∗ SAP Security Patch Day – June 2019 ∗∗∗
---------------------------------------------
This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.
---------------------------------------------
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242
∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580 ∗∗∗
---------------------------------------------
There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, including denial of service and the disclosure of sensitive information.
---------------------------------------------
https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-multiple.html
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium and pam-u2f), Debian (cyrus-imapd), Fedora (curl, cyrus-imapd, kernel, kernel-headers, php, and vim), openSUSE (axis, bind, bubblewrap, evolution, firefox, gnome-shell, libpng16, and rmt-server), Oracle (edk2 and kernel), and SUSE (bind, cloud7, and libvirt).
---------------------------------------------
https://lwn.net/Articles/790818/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (bind and thunderbird), Mageia (firefox, ghostscript, graphicsmagick, imagemagick, postgresql, and thunderbird), Oracle (kernel), Red Hat (Advanced Virtualization and rh-haproxy18-haproxy), SUSE (bind, gstreamer-0_10-plugins-base, thunderbird, and vim), and Ubuntu (elfutils, glib2.0, and libsndfile).
---------------------------------------------
https://lwn.net/Articles/790875/
∗∗∗ Synology-SA-19:26 Photo Station ∗∗∗
---------------------------------------------
These vulnerabilities allow remote attackers to obtain sensitive information or modify system settings via a susceptible version of Photo Station.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_26
∗∗∗ IBM Security Bulletin: IBM MQ Advanced Cloud Pak may print out plain text credentials in logs. (CVE-2019-4239) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud-pak-may-print-out-plain-text-credentials-in-logs-cve-2019-4239/
∗∗∗ [20190603] - Core - ACL hardening of com_joomlaupdate ∗∗∗
---------------------------------------------
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_M8Ux7hoaTM/785-20190603-core-acl-hardening-of-com-joomlaupdate.html
∗∗∗ [20190602] - Core - XSS in subform field ∗∗∗
---------------------------------------------
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/pYcjfxwUS9o/784-20190602-core-xss-in-subform-field.html
∗∗∗ [20190601] - Core - CSV injection in com_actionlogs ∗∗∗
---------------------------------------------
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/XjAgqEhAS7g/783-20190601-core-csv-injection-in-com-actionlogs.html
∗∗∗ # SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt
∗∗∗ # SSA-557804: Mirror Port Isolation Vulnerability in SCALANCE X switches ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-557804.txt
∗∗∗ # SSA-480230: Denial-of-Service in Webserver of Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-480230.txt
∗∗∗ # SSA-307392: Denial-of-Service in OPC UA in Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt
∗∗∗ # SSA-254686: Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt
∗∗∗ # SSA-181018: Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-181018.txt
∗∗∗ # SSA-816980: Multiple Web Vulnerabilities in SIMATIC Ident MV420 and MV440 families ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-816980.txt
∗∗∗ # SSA-774850: Vulnerabilities in SIEMENS LOGO!8 devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-774850.txt
∗∗∗ # SSA-646841: Recoverable Password from Configuration Storage in SCALANCE X Switches ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-646841.txt
∗∗∗ # SSA-212009: Vulnerabilities in Siveillance VMS ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-212009.txt
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list