[CERT-daily] Tageszusammenfassung - 22.05.2019
Daily end-of-shift report
team at cert.at
Wed May 22 18:31:35 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 21-05-2019 18:00 − Mittwoch 22-05-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ New Zero-Day Exploit [Local Privilege Escalation, Anm.] for Bug in Windows 10 Task Scheduler ∗∗∗
---------------------------------------------
Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsofts monthly cycle of security updates.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-bug-in-windows-10-task-scheduler/
∗∗∗ Forthcoming OpenSSL Releases ∗∗∗
---------------------------------------------
These releases will be made available on 28th May 2019 between approximately 1200-1600 UTC. OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not address any CVEs. OpenSSL 1.1.1c is a bug-fix release (and contains the equivalent security hardening fixes as for 1.1.0k and 1.0.2s where relevant).
---------------------------------------------
https://mta.openssl.org/pipermail/openssl-announce/2019-May/000150.html
∗∗∗ Sophisticated Spear Phishing Campaigns using Homograph Attacks ∗∗∗
---------------------------------------------
Over the last few months we did some research on how to create phishing emails which are good enough to fool even security professionals. Therefore, we were looking into quite an old topic: Punycode domains and IDN homograph attacks.
---------------------------------------------
https://www.offensity.com/en/newsroom/sophisticated-spear-phishing-campaigns-using-homograph-attacks/
∗∗∗ Gefälschte Gewinn-SMS im Namen der Post führt in Abo-Falle ∗∗∗
---------------------------------------------
Konsument/innen erhalten eine gefälschte SMS-Nachricht im Namen der Post AG aufgrund einer angeblichen Gewinnspielteilnahme zugesandt. Wer dem Link folgt, an einer kurzen Umfrage teilnimmt und einen Gewinn auswählt, tappt in eine Abo-Falle. Es bleibt nämlich nicht bei der einmaligen Zahlung von 2 Euro für Adidas Schuhe, die nie geliefert werden, sondern es folgen laufend weitere Abbuchungen durch die ILS Company ApS.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-gewinn-sms-im-namen-der-post-fuehrt-in-abo-falle/
=====================
= Vulnerabilities =
=====================
∗∗∗ Mozilla Firefox und Thunderbird: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Es bestehen mehrere Schwachstellen in Mozilla Thunderbird, Mozilla Firefox und Mozilla Firefox ESR. Ein Angreifer kann dies ausnutzen, um den Browser zum Absturz zu bringen, um Daten zu manipulieren, um Sicherheitsmechanismen zu umgehen, um vertrauliche Daten einzusehen oder schädlichen Programmcode auszuführen.
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/05/warnmeldung_tw-t19-0073.html
∗∗∗ DoS Vulnerability in Huawei S Series Switch Products ∗∗∗
---------------------------------------------
Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. ... CVE-2019-5285.
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-01-switch-en
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (ruby and wget), Debian (proftpd-dfsg), Fedora (firefox, mupdf, nss, and wavpack), openSUSE (evolution, GraphicsMagick, graphviz, libxslt, openssl-1_0_0, ovmf, and sqlite3), Red Hat (dotnet, python27-python and python27-python-jinja2, and rh-mariadb102-mariadb and rh-mariadb102-galera), Slackware (mozilla), SUSE (gnutls, java-1_7_1-ibm, and java-1_8_0-ibm), and Ubuntu (curl, firefox, php5, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/789132/
∗∗∗ Computrols CBAS Web ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-141-01
∗∗∗ Mitsubishi Electric MELSEC-Q Series Ethernet Module ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-141-02
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-algo-credit-manager-7/
∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM License Key Server Administration and Reporting Tool and Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-in-ibm-java-runtime-affect-ibm-license-key-server-administration-and-reporting-tool-and-agent/
∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack due to incorrect permissions on MQ directories. (CVE-2019-4078) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-to-a-privilege-escalation-attack-due-to-incorrect-permissions-on-mq-directories-cve-2019-4078/
∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a denial of service attack within the error logging function (CVE-2019-4039) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-within-the-error-logging-function-cve-2019-4039/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list