[CERT-daily] Tageszusammenfassung - 18.03.2019
Daily end-of-shift report
team at cert.at
Mon Mar 18 18:16:07 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 15-03-2019 18:00 − Montag 18-03-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ RFC8482 - Saying goodbye to ANY ∗∗∗
---------------------------------------------
Ladies and gentlemen, I would like you to welcome the new shiny RFC8482, which effectively deprecates DNS ANY query type. DNS ANY was a "meta-query" - think about it as a similar thing to the common A, AAAA, MX or SRV query types, but unlike these it wasnt a real query type - it was special.
---------------------------------------------
https://blog.cloudflare.com/rfc8482-saying-goodbye-to-any/
∗∗∗ Secure Coding — Top 15 Code Analysis Tools ∗∗∗
---------------------------------------------
Keeping code secure is a top objective for any software company. And to ensure secure coding, you need to perform code analysis during the development life cycle. While manual review of code was once the only option, now there are plenty of tools that can take care of this in an automated fashion.
---------------------------------------------
https://resources.infosecinstitute.com/secure-coding-top-15-code-analysis-tools/
∗∗∗ Lenovo Patches Intel Firmware Flaws in Multiple Product Lines ∗∗∗
---------------------------------------------
Lenovo has issued patches for several serious vulnerabilities in its products stemming from Intel technology fixes.
---------------------------------------------
https://threatpost.com/lenovo-patches-high-severity-arbitrary-code-execution-flaws/142860/
∗∗∗ Cryptojacking of businesses' cloud resources still going strong ∗∗∗
---------------------------------------------
In the past year or so, many cybercriminals have turned to cryptojacking as an easier and more low-key approach for "earning" money. While the value of cryptocurrencies like Bitcoin and Monero has been declining for a while now and Coinhive, the most popular in-browser mining service, has stopped working, cryptojacking is still a considerable threat. After all, attackers need to expand very little effort and are using someone else's resources for free.
---------------------------------------------
https://www.helpnetsecurity.com/2019/03/18/cryptojacking-cloud-resources/
∗∗∗ IPv6 unmasking via UPnP ∗∗∗
---------------------------------------------
With tools such as ZMap and Masscan and general higher bandwidth availability, exhaustive internet-wide scans of full IPv4 address space have become the norm after it was once impractical. Projects like Shodan and Scans.io aggregate and publish frequently updated datasets of scan results for public analysis, giving researchers greater insight into the current state of the internet. While IPv4 is the norm, the use of IPv6 [...]
---------------------------------------------
https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html
∗∗∗ Gefälschte CIA-Mails fordern Bitcoins wegen Kinderpornografie ∗∗∗
---------------------------------------------
Internetnutzer/innen erhalten gefälschte Nachrichten der CIA mit dem Betreff „Central Intelligence Agency – Case #12345678“. In der Nachricht wird behauptet, dass die Empfänger/innen im Rahmen von Ermittlungen gegen Kinderpornografie als Verdächtige aufscheinen. Um eine Verhaftung zu verhindern, sollen 10,000 Dollar in Bitcoins an die Absender/innen überwiesen werden. Der Inhalt der Nachrichten ist frei erfunden und die Zahlungen dürfen nicht [...]
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-cia-mails-fordern-bitcoins-wegen-kinderpornografie/
∗∗∗ New Mirai Variant Targets Enterprise Wireless Presentation & Display Systems ∗∗∗
---------------------------------------------
Unit 42 has discovered a new Mirai variant that targets business video display systems. It uses additional exploits, boosts the number of credentials for brute-force attacks and hosts payload on the compromised website of a Colombian security firm.
---------------------------------------------
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
∗∗∗ Microsoft releases Application Guard extension for Chrome and Firefox ∗∗∗
---------------------------------------------
Extensions only available for Windows Insiders for now. To work for everyone once Windows 10 19H1 is live.
---------------------------------------------
https://www.zdnet.com/article/microsoft-releases-application-guard-extension-for-chrome-and-firefox/
=====================
= Vulnerabilities =
=====================
∗∗∗ Sicherheitslücke: Funktastatur nimmt Befehle von Angreifern entgegen ∗∗∗
---------------------------------------------
Die Verschlüsselung der kabellosen Fujitsu-Tastatur LX901 lässt sich von Angreifern auf gleich zwei Arten umgehen - und für Angriffe aus der Distanz nutzen.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-funktastatur-nimmt-befehle-von-angreifern-entgegen-1903-140070-rss.html
∗∗∗ SSH-Software: Kritische Sicherheitslücken in Putty ∗∗∗
---------------------------------------------
In der SSH-Software Putty sind im Rahmen eines von der EU finanzierten Bug-Bounty-Programms mehrere schwerwiegende Sicherheitslücken entdeckt worden. Der verwundbare Code wird auch von anderen Projekten wie Filezilla und WinSCP verwendet.
---------------------------------------------
https://www.golem.de/news/ssh-software-kritische-sicherheitsluecken-in-putty-1903-140081-rss.html
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ikiwiki, liblivemedia, linux-4.9, rdflib, and sqlalchemy), Fedora (advancecomp, kubernetes, mingw-poppler, and php), Mageia (ikiwiki), openSUSE (chromium, file, and sssd), Red Hat (ansible, openstack-ceilometer, and openstack-octavia), Scientific Linux (kernel), SUSE (galera-3, mariadb, mariadb-connector-c, java-1_8_0-ibm, kernel, nodejs10, openwsman, wireshark, and yast2-rmt), and Ubuntu (file, linux, linux-aws, linux-kvm, linux-raspi2, [...]
---------------------------------------------
https://lwn.net/Articles/783370/
∗∗∗ [webapps] Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password) ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/46541
∗∗∗ Security Advisory - Double Free Vulnerability on Bastet Module of Some Huawei Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-01-smartphone-en
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer and IBM Watson Content Analytics (CVE-2018-2579, CVE-2018-2588, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-watson-explorer-and-ibm-watson-content-analytics-cve-2018-2579-cve-2018-2588-cve-2018-2602-cve-2018-2603-cve-2018-2633/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list