[CERT-daily] Tageszusammenfassung - 06.03.2019
Daily end-of-shift report
team at cert.at
Wed Mar 6 18:21:08 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 05-03-2019 18:00 − Mittwoch 06-03-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ FIRST releases DDoS mitigation training course ∗∗∗
---------------------------------------------
The Forum of Incident Response and Security Teams (FIRST), which brings together incident responders from around the world, invested in the creation of a new training course “DDoS Mitigation Fundamentals”. Authored by Krassimir T. Tzvetanov, a recognized expert in the field, the training teaches incident responders to handle attacks and securing their organisations.
---------------------------------------------
https://www.first.org/newsroom/releases/20190305
∗∗∗ Sicherheitsupdate: Chrome-Schwachstelle wird aktiv genutzt ∗∗∗
---------------------------------------------
Google hat in Chrome eine Sicherheitslücke behoben, die offenbar bereits aktiv ausgenutzt wird. Details gibt es bislang wenige, aber alle Nutzer von Chrome und dessen Derivaten sollten schnellstmöglich ihren Browser aktualisieren. (Chrome, Google)
---------------------------------------------
https://www.golem.de/news/sicherheitsupdate-chrome-schwachstelle-wird-aktiv-genutzt-1903-139833-rss.html
∗∗∗ Spotlight on Troldesh ransomware, aka ‘Shade’ ∗∗∗
---------------------------------------------
Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows its been successful against businesses in the first few months of 2019.Categories: MalwareThreat analysisTags: decryptordecryptorsransom.troldeshransomwareransomware remediationshadethreat spotlightTroldesh(Read more...)The post Spotlight on Troldesh ransomware, aka ‘Shade’ appeared first on Malwarebytes Labs.
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2019/03/spotlight-troldesh-ransomware-aka-shade/
∗∗∗ Phishing-Versuch durch gefälschte Bawag-Sicherheits-App ∗∗∗
---------------------------------------------
Zahlreiche Konsument/innen melden eine gefälschte Bawag P.S.K. Mail an uns. Kriminelle versuchen darin, potenzielle Opfer zur Installation einer vermeintlichen Sicherheits-App zu bewegen. Die Applikation darf nicht installiert werden, denn ansonsten gelangen die Kriminellen an die Online-Banking-Daten Ihrer Opfer und es kann zu großen finanziellen Schäden kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/phishing-versuch-durch-gefaelschte-bawag-sicherheits-app/
=====================
= Vulnerabilities =
=====================
∗∗∗ Vuln: SAP NetWeaver J2EE Engine CVE-2018-17861 Cross Site Scripting Vulnerability ∗∗∗
---------------------------------------------
Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
SAP NetWeaver J2EE Engine 7.01 is vulnerable; other versions may also be affected.
---------------------------------------------
http://www.securityfocus.com/bid/107269
∗∗∗ Vuln: NetApp SnapCenter CVE-2017-15515 Cross Site Scripting Vulnerability ∗∗∗
---------------------------------------------
Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, gain sensitive information, cause denial-of-service conditions and launch other attacks.
NetApp SnapCenter prior to 4.0 is vulnerable.
---------------------------------------------
http://www.securityfocus.com/bid/107272
∗∗∗ Vuln: Apache Mesos CVE-2018-11793 Denial of Service Vulnerability ∗∗∗
---------------------------------------------
Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.
Apache Mesos version 1.4.0 through 1.7.0 are vulnerable; other versions may also be affected.
---------------------------------------------
http://www.securityfocus.com/bid/107281
∗∗∗ Default Privileged Account Vulnerability in the NetApp Service Processor (CVE-2019-5490) ∗∗∗
---------------------------------------------
Certain versions of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution.
---------------------------------------------
https://security.netapp.com/advisory/ntap-20190305-0001/
∗∗∗ OpenSSL Security Advisory: ChaCha20-Poly1305 with long nonces (CVE-2019-1543) ∗∗∗
---------------------------------------------
Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time.
---------------------------------------------
https://www.openssl.org/news/secadv/20190306.txt
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (java-1.7.0-openjdk and java-11-openjdk), Debian (mumble and sox), Fedora (drupal7, drupal7-link, firefox, gpsd, ignition, ming, php-erusev-parsedown, and php-Smarty), openSUSE (hiawatha, python, and supportutils), Oracle (java-1.7.0-openjdk), Red Hat (java-1.7.0-openjdk), Scientific Linux (java-1.7.0-openjdk), and Ubuntu (linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 and linux-hwe, linux-aws-hwe, linux-azure,
---------------------------------------------
https://lwn.net/Articles/782462/
∗∗∗ Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software ∗∗∗
---------------------------------------------
Patches released by Rockwell Automation for its RSLinx Classic software address a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly for remote code execution.
---------------------------------------------
https://www.securityweek.com/rockwell-automation-patches-critical-dosrce-flaw-rslinx-software
∗∗∗ PEPPERL+FUCHS Path traversal in WirelessHART Gateway ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-002
∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-controller-privsec
∗∗∗ Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-tetra-ace
∗∗∗ Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxosldap
∗∗∗ Cisco NX-OS Software Image Signature Verification Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-sig-verif
∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesca
∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesc
∗∗∗ Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-pe
∗∗∗ Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos
∗∗∗ Cisco NX-OS Software Netstack Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-netstack
∗∗∗ Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access
∗∗∗ Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-fabric-dos
∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-escalation
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1613
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1612
∗∗∗ Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1611
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1610
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1607
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1606
∗∗∗ Cisco NX-OS Software NX-API Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj
∗∗∗ Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth
∗∗∗ Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-bash-escal
∗∗∗ Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-api-ex
∗∗∗ Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos
∗∗∗ Action Recommended to Secure the Cisco Nexus PowerOn Auto Provisioning Feature ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-info-poap
∗∗∗ Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-dna-xss
∗∗∗ Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-chatmail-xss
∗∗∗ Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-apic-ipv6
∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-shell-escape
∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-file-read
∗∗∗ Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2019 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-january-2019-cpu/
∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by arbitrary PHP code execution vulnerability in Drupal (CVE-2019-6340) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-developer-portal-is-affected-by-arbitrary-php-code-execution-vulnerability-in-drupal-cve-2019-6340/
∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a critical vulnerability in Kubernetes via runc (CVE-2019-5736) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-a-critical-vulnerability-in-kubernetes-via-runc-cve-2019-5736/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-transformation-advisor/
∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-in-ibm-cloud-6/
∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to publicly disclosed vulnerabilities from OpenSSL (CVE-2018-0739, CVE-2018-0732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-publicly-disclosed-vulnerabilities-from-openssl-cve-2018-0739-cve-2018-0732/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list