[CERT-daily] Tageszusammenfassung - 14.06.2019
Daily end-of-shift report
team at cert.at
Fri Jun 14 18:09:53 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 13-06-2019 18:00 − Freitag 14-06-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs ∗∗∗
---------------------------------------------
Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations’ computing resources to use for malicious purposes and it remains a top security concern. In this blog post, we will detail an attack type where an API [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/T-m0jjHJA_o/
∗∗∗ Security and Privacy, Two Sides of the Same Coin ∗∗∗
---------------------------------------------
ENISA Annual Privacy Forum 2019
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/security-and-privacy-two-sides-of-the-same-coin
∗∗∗ Phishing-Mails gaukeln Ende von WhatsApp-Abonnement vor ∗∗∗
---------------------------------------------
Eine aktuelle Phishing-Welle versucht, WhatsApp-Nutzer über ein angeblich auslaufendes Abonnement zur Preisgabe von Zahlungsdaten zu bewegen.
---------------------------------------------
https://heise.de/-4447165
∗∗∗ Linux servers under attack via latest Exim flaw ∗∗∗
---------------------------------------------
It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149). Active campaigns One security enthusiast detected exploitation attempts five days ago: [...]
---------------------------------------------
https://www.helpnetsecurity.com/2019/06/14/exploiting-cve-2019-10149/
∗∗∗ Adware and PUPs families add push notifications as an attack vector ∗∗∗
---------------------------------------------
Push notifications are being added to the arsenal of PUPs, adware, and even a Trojan browser extension that spams Facebook groups.
---------------------------------------------
https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-push-notifications-as-an-attack-vector/
∗∗∗ Yubico Replacing YubiKey FIPS Devices Due to Security Issue ∗∗∗
---------------------------------------------
Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA signatures generated on these devices to have reduced strength.
---------------------------------------------
https://www.securityweek.com/yubico-replacing-yubikey-fips-devices-due-security-issue
∗∗∗ French Authorities Release Free Decryptor for PyLocky Ransomware ∗∗∗
---------------------------------------------
The French Ministry of Interior has released a free decryption tool for the PyLocky ransomware to help victims recover their data.
---------------------------------------------
https://www.securityweek.com/french-authorities-release-free-decryptor-pylocky-ransomware
∗∗∗ MISP 2.4.109 released (aka cool-attributes-to-object) ∗∗∗
---------------------------------------------
MISP 2.4.109 releasedA new version of MISP (2.4.109) has been released with a host of new features, improvements, bug fixes and a minor security fix. We strongly advise all users to update their MISP installations to this latest version.
---------------------------------------------
https://www.misp-project.org/2019/06/14/MISP.2.4.109.released.html
=====================
= Vulnerabilities =
=====================
∗∗∗ BD Alaris Gateway Workstation ∗∗∗
---------------------------------------------
This medical advisory includes mitigations for improper access control and unrestricted upload of file with dangerous type vulnerabilities reported in BD’s Alaris Gateway Workstation.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01
∗∗∗ Johnson Controls exacqVision Enterprise System Manager ∗∗∗
---------------------------------------------
This advisory includes mitigations for an improper authorization vulnerability reported in Johnson Controls exacqVision Enterprise System Manager.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-164-01
∗∗∗ Xen Security Advisory XSA-295 - Unlimited Arm Atomics Operations ∗∗∗
---------------------------------------------
An attacker in a domU could perform a denial of service attack on Xen by accessing a memory region shared with the hypervisor, while Xen is performing an atomic operation on the same region. As a result Xen could end up looping boundlessly.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-295.txt
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (gvim, lib32-openssl, openssl, and vim), Debian (dbus), Fedora (dovecot, evince, js-jquery-jstree, libxslt, php-phpmyadmin-sql-parser, and phpMyAdmin), openSUSE (neovim and rubygem-rack), Oracle (docker-engine and python), Scientific Linux (python), Slackware (mozilla), and SUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, elfutils, libvirt, and python-requests).
---------------------------------------------
https://lwn.net/Articles/791165/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-content-collector-for-sap-applications-2/
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-secure-proxy-5/
∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact Remote Code Execution (CVE-2019-4103) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-netcool-impact-remote-code-execution-cve-2019-4103/
∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is affected by a XXE (XML External Entity) Injection vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-information-server-is-affected-by-a-xxe-xml-external-entity-injection-vulnerability/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-infosphere-information-server-7/
∗∗∗ IBM Security Bulletin: IBM Notes 9 and Domino 9 are affected by Open Source James Clark Expat Vulnerabilities (CVE-2013-0340, CVE-2013-0341) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-notes-9-and-domino-9-are-affected-by-open-source-james-clark-expat-vulnerabilities-cve-2013-0340-cve-2013-0341/
∗∗∗ IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cognos-controller-2019q2-security-updater-multiple-vulnerabilities-have-been-identified-in-ibm-cognos-controller/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list