[CERT-daily] Tageszusammenfassung - 12.06.2019

Daily end-of-shift report team at cert.at
Wed Jun 12 18:10:57 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 11-06-2019 18:00 − Mittwoch 12-06-2019 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Microsoft Releases June 2019 Office Updates With Security Fixes ∗∗∗
---------------------------------------------
Microsoft released the June 2019 Office Updates today, which consist of 13 security updates and 13 non-security updates. Given that some of the Microsoft Office security updates issued today also resolve critical vulnerabilities, it is strongly advised to install them as soon as possible.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-releases-june-2019-office-updates-with-security-fixes/


∗∗∗ Bad Cert Vulnerability Can Bring Down Any Windows Server ∗∗∗
---------------------------------------------
A Google security expert today revealed that an unpatched issue in the main cryptographic library in Microsofts operating system can cause a denial-of-service (DoS) condition on Windows 8 servers and above.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/bad-cert-vulnerability-can-bring-down-any-windows-server/


∗∗∗ Ransomware identification for the judicious analyst ∗∗∗
---------------------------------------------
When facing a ransomware infection, it helps to be familiar with some tools as well as key points to identify ransomware correctly.
---------------------------------------------
https://www.gdatasoftware.com/blog/2019/06/31666-ransomware-identification-for-the-judicious-analyst


∗∗∗ RAMBleed: Rowhammer kann auch Daten auslesen ∗∗∗
---------------------------------------------
Mit Angriffen durch RAM-Bitflips lassen sich unberechtigt Speicherinhalte auslesen. Als Demonstration zeigen Forscher, wie sie mit Nutzerrechten einen RSA-Key eines SSH-Daemons auslesen können. 
---------------------------------------------
https://www.golem.de/news/rambleed-rowhammer-kann-auch-daten-auslesen-1906-141840-rss.html


∗∗∗ DICOM Standard in Medical Devices ∗∗∗
---------------------------------------------
NCCIC is aware of a public report of a vulnerability in the DICOM (Digital Imaging and Communications in Medicine) standard with proof-of-concept (PoC) exploit code. The DICOM standard is the international standard to transmit, store, retrieve, print, process, and display medical imaging information. According to this report, the vulnerability is exploitable by embedding executable code into the 128 byte preamble. This report was released without coordination with NCCIC or any known vendor.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-19-162-01


∗∗∗ AVML - Acquire Volatile Memory for Linux ∗∗∗
---------------------------------------------
AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary. AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori. No on-target compilation or fingerprinting is needed.
---------------------------------------------
https://github.com/microsoft/avml


∗∗∗ Windows-Schwachstelle „Bluekeep“: Erneute Warnung vor wurmartigen Angriffen ∗∗∗
---------------------------------------------
Wurmartige Cyber-Angriffe mit den Schadprogrammen WannaCry und NotPetya haben im Jahr 2017 weltweit Millionenschäden verursacht und einzelne Unternehmen in Existenznöte gebracht. Ein vergleichbares Szenario ermöglicht die kritische Schwachstelle Bluekeep, die im Remote-Desktop-Protocol-Dienst (RDP) von Microsoft-Windows enthalten ist. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hatte bereits im Mai ebenso wie Microsoft vor dieser Schwachstelle gewarnt und
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Windows-Schwachstelle-Bluekeep_110619.html


∗∗∗ Achtung vor angeblichen Microsoft-Anrufen ∗∗∗
---------------------------------------------
Eine neue Welle angeblicher Microsoft Anrufe rollt momentan über Österreich hinweg. Die Anrufer/innen behaupten, Probleme auf den Geräten der Betroffenen gefunden zu haben. Vorsicht: Es handelt sich um Betrüger/innen, die versuchen, Zugriff auf das System ihrer Opfer zu erhalten und Daten zu stehlen. Konsument/innen sollten derartige Anrufe umgehend beenden.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-vor-angeblichen-microsoft-anrufen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Intel Releases Security Updates, Mitigations for Multiple Products ∗∗∗
---------------------------------------------
Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products


∗∗∗ Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series ∗∗∗
---------------------------------------------
The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities resulting from old software components embedded in the firmware.
---------------------------------------------
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-wago-852-industrial-managed-switch-series-cve-2019-12550-cve-2019-12549/


∗∗∗ Patchday: Gefährliche Lücke in Aufgabenplanung von Windows 10 gepatcht ∗∗∗
---------------------------------------------
Microsoft hat jede Menge Sicherheitsupdates für Windows, Office und weitere Software veröffentlicht. Viele Lücke gelten als kritisch.
---------------------------------------------
https://heise.de/-4444614


∗∗∗ Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine ∗∗∗
---------------------------------------------
The Preempt research team found two critical Microsoft vulnerabilities that consist of three logical flaws in NTLM, the company’s proprietary authentication protocol. These vulnerabilities allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS. The research shows that all Windows versions are vulnerable.
---------------------------------------------
https://www.helpnetsecurity.com/2019/06/11/microsoft-ntlm-vulnerabilities/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libgd2, mediawiki, otrs2, vlc, and zookeeper), Fedora (containernetworking-plugins, kernel, kernel-headers, nodejs-tough-cookie, podman, python-django, and python-urllib3), openSUSE (virtualbox), SUSE (gnome-shell, libcroco, and php7), and Ubuntu (dbus, Neovim, and vim).
---------------------------------------------
https://lwn.net/Articles/790976/


∗∗∗ Flaw in Evernote Extension Allows Hackers to Steal Data ∗∗∗
---------------------------------------------
A vulnerability identified by researchers in a popular Evernote extension for Chrome can be exploited by hackers to steal sensitive information from the websites accessed by a user. read more
---------------------------------------------
https://www.securityweek.com/flaw-evernote-extension-allows-hackers-steal-data


∗∗∗ MISP: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
MISP ist eine Open-Source-Plattform für den Informationsaustausch über Bedrohungen.
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in MISP ausnutzen, um seine Privilegien zu erhöhen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0491


∗∗∗ Security Advisory - DLL Hijacking Vulnerability on Huawei HiSuite ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190612-01-dllhijacking-en


∗∗∗ IBM Security Bulletin: A security vulnerability has been idenfied in IBM SDK which affects IBM Db2 Query Management Facility for z/OS ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-has-been-idenfied-in-ibm-sdk-which-affects-ibm-db2-query-management-facility-for-z-os/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list