[CERT-daily] Tageszusammenfassung - 01.03.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 28-02-2019 18:00 − Freitag 01-03-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Netzwerkanalyse: Wireshark 3.0 nutzt Paketsniffer von Nmap ∗∗∗
---------------------------------------------
Die aktuelle Version 3.0 des Werkzeugs zur Netzwerkanalyse, Wireshark, nutzt unter Windows den proprietären Paketsniffer von Nmap. Das Projekt entfernt außerdem alte Abhängigkeiten und unterstützt einige 5G-Protokolle.
---------------------------------------------
https://www.golem.de/news/netzwerkanalyse-wireshark-3-0-nutzt-paketsniffer-von-nmap-1903-139730-rss.html


∗∗∗ eBay-Phishing auf eBay-Seite ∗∗∗
---------------------------------------------
Betrügern ist es gelungen, eine gefälschte Login-Seite auf einem SSL-gesicherten eBay-Server abzulegen. Der Phishing-Versuch ist für Nutzer schwer erkennbar.
---------------------------------------------
http://heise.de/-4324266


∗∗∗ A Case Study in Wagging the Dog: Computer Takeover ∗∗∗
---------------------------------------------
Last month, Elad Shamir released a phenomenal, in depth post on abusing resource-based constrained delegation (RBCD) in Active Directory. One of the big points he discusses is that if the TrustedToAuthForDelegation UserAccountControl flag is not set, the S4U2self process will still work but the resulting TGS is not FORWARDABLE. This resulting service ticket will fail for traditional constrained delegation, but will still work in the S4U2proxy process for resource-based constrained delegation.
---------------------------------------------
https://posts.specterops.io/a-case-study-in-wagging-the-dog-computer-takeover-2bcb7f94c783


∗∗∗ Finding Perpetrators behind DDoS Attacks ∗∗∗
---------------------------------------------
Reflective Amplification Denial-of-Service attacks continue to be a serious threat.We measured roughly 10,000 attacks per day in a post last year, and the numbers have not gone down since:In the first two months of 2019 our honeypot network already saw [...]
---------------------------------------------
https://sissden.eu/blog/finding-perpetrators-behind-ddos-attacks



=====================
=  Vulnerabilities  =
=====================

∗∗∗ PSI GridConnect Telecontrol ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in PSI GridConnects Telecontrol compact DIN rail device.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-059-01


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bind9, file, ikiwiki, ldb, openssl1.0, php7.0, uw-imap, and wordpress), Fedora (ansible, file, flatpak, kernel, kernel-headers, and python-django), openSUSE (kernel and systemd), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (openssl-1_1 and webkit2gtk3), and Ubuntu (libgd2).
---------------------------------------------
https://lwn.net/Articles/781083/


∗∗∗ IBM Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4063) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosure-security-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2019-4063/


∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential SQL Injection vulnerability (CVE-2019-4032) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-ach-services-is-affected-by-a-potential-sql-injection-vulnerability-cve-2019-4032/


∗∗∗ IBM Security Bulletin: Multiple Cross-Site Scripting Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4027, CVE-2019-4028, CVE-2019-4029) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-cross-site-scripting-vulnerabilities-affect-ibm-sterling-b2b-integrator-cve-2019-4027-cve-2019-4028-cve-2019-4029/


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – Node.js ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-ibm-cloud-private-node-js/


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-in-openssl-affect-ibm-sterling-b2b-integrator-cve-2018-0734-cve-2018-5407/


∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is affected by an Improper Access Control vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-governance-catalog-is-affected-by-an-improper-access-control-vulnerability/


∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is vulnerable to an Open Redirection vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-governance-catalog-is-vulnerable-to-an-open-redirection-vulnerability/


∗∗∗ IBM Security Bulletin: IBM Security Identity Adapters affected by OpenSSL RSA Key vulnerability (CVE-2018-0737) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity-adapters-affected-by-openssl-rsa-key-vulnerability-cve-2018-0737/


∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM Java SDK ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-multiple-security-vulnerabilities-for-ibm-java-sdk/


∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM WebSphere Liberty Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-multiple-security-vulnerabilities-for-ibm-websphere-liberty-server/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily