[CERT-daily] Tageszusammenfassung - 29.05.2019

Daily end-of-shift report team at cert.at
Wed May 29 18:16:33 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 28-05-2019 18:00 − Mittwoch 29-05-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Researchers uncover smart padlock's dumb security ∗∗∗
---------------------------------------------
Pen Test Partners has found some major security flaws in the Bluetooth Nokelock that consumers might like to know about.
---------------------------------------------
https://nakedsecurity.sophos.com/2019/05/29/researchers-uncover-smart-padlocks-dumb-security/


∗∗∗ CVE-2019-0725: An Analysis of Its Exploitability ∗∗∗
---------------------------------------------
May's Patch Tuesday saw what is likely to be one of the most prominent vulnerabilities this year with the "wormable" Windows Terminal Services vulnerability (CVE-2019-0708). However, there's another remote code execution (RCE) vulnerability that would be hard to ignore: CVE-2019-0725, an RCE vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) Server.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/3268yMf2sDY/


∗∗∗ Learning to Rank Strings Output for Speedier Malware Analysis ∗∗∗
---------------------------------------------
Reverse engineers, forensic investigators, and incident responders have an arsenal of tools at their disposal to dissect malicious software binaries. When performing malware analysis, they successively apply these tools in order to gradually gather clues about a binary's function, design detection methods, and ascertain how to contain its damage. One of the most useful initial steps is to inspect its printable characters via the Strings program.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-strings-output-for-speedier-malware-analysis.html


∗∗∗ Docker: Lücke erlaubt Root-Zugriff auf Dateien ∗∗∗
---------------------------------------------
Über eine Lücke in allen Docker-Versionen könnten Angreifer ihre Privilegien erweitern. Exploit-Code ist verfügbar; der Patch steckt noch im Review-Prozess.
---------------------------------------------
https://heise.de/-4434730


∗∗∗ A dive into Turla PowerShell usage ∗∗∗
---------------------------------------------
ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only
---------------------------------------------
https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/


∗∗∗ Google Researcher Finds Code Execution Vulnerability in Notepad ∗∗∗
---------------------------------------------
Google Project Zero researcher Tavis Ormandy revealed on Tuesday that he identified a code execution vulnerability in Microsoft’s Notepad text editor.
---------------------------------------------
https://www.securityweek.com/google-researcher-finds-code-execution-vulnerability-notepad


∗∗∗ diekundenexperten.at für Versicherungsrücktritte ist unseriös ∗∗∗
---------------------------------------------
Auf diekundenexperten.at wird Konsument/innen ein Angebot präsentiert, welches beim Rücktritt von Lebensversicherungen ohne Geldverlust und Risiko helfen soll. Die Behauptungen sind allerdings nicht mit geltendem Recht vereinbar und es sind weder ein Impressum noch sonstige Informationen über die Website-Betreiber/innen auffindbar. Aufgrund dieser Mängel raten wir von einer Übermittlung persönlicher Informationen ab.
---------------------------------------------
https://www.watchlist-internet.at/news/diekundenexpertenat-fuer-versicherungsruecktritte-ist-unserioes/


∗∗∗ Proofpoint Q1 2019 Threat Report: Emotet carries the quarter with consistent high-volume campaigns ∗∗∗
---------------------------------------------
https://www.proofpoint.com/us/threat-insight/post/proofpoint-q1-2019-threat-report-emotet-carries-quarter-consistent-high-volume



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Emerson Ovation OCR400 Controller ∗∗∗
---------------------------------------------
This advisory includes mitigations for stack-based buffer overflow and heap-based buffer overflow vulnerabilities reported in Emersons Ovation OCR400 Controller.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-148-01


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (webkit2gtk), Debian (kernel and libav), Fedora (c3p0 and community-mysql), Scientific Linux (pacemaker), SUSE (axis, libtasn1, NetworkManager, sles12sp3-docker-image, sles12sp4-image, system-user-root, and xen), and Ubuntu (freerdp, GNU Screen, keepalived, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/789709/


∗∗∗ About the security content of iCloud for Windows 7.12 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT210125


∗∗∗ About the security content of iTunes for Windows 12.9.5 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT210124


∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Some Microsoft Windows Systems ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190529-01-windows-en


∗∗∗ Security Advisory - Some Huawei 4G LTE devices are exposed to a message replay vulnerability ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190529-01-replay-en


∗∗∗ IBM Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in Drupal core (CVE-2019-10909 CVE-2019-10910 CVE-2019-10911) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-drupal-core-cve-2019-10909-cve-2019-10910-cve-2019-10911/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-cloud-app-management-v2018-4-1-2/


∗∗∗ IBM Security Bulletin: A vulnerability in Google Guava could affect IBM Cloud App Management V2018 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-google-guava-could-affect-ibm-cloud-app-management-v2018/


Next End-of-Day report: 2019-05-31

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list