[CERT-daily] Tageszusammenfassung - 31.05.2019
Daily end-of-shift report
team at cert.at
Fri May 31 18:14:30 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 29-05-2019 18:00 − Freitag 31-05-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Analyzing First Stage Shellcode, (Thu, May 30th) ∗∗∗
---------------------------------------------
Yesterday, reader Alex submitted a PowerShell script he downloaded from a website. Xavier, handler on duty, showed him the script launched shellcode that tried to establish a TCP connection.
---------------------------------------------
https://isc.sans.edu/diary/rss/24984
∗∗∗ Retrieving Second Stage Payload with Ncat, (Fri, May 31st) ∗∗∗
---------------------------------------------
In diary entry "Analyzing First Stage Shellcode", I show how to analyze first stage shellcode when you have no access to the server with the second stage payload.
---------------------------------------------
https://isc.sans.edu/diary/rss/24988
∗∗∗ HiddenWasp Malware Stings Targeted Linux Systems ∗∗∗
---------------------------------------------
Intezer has discovered a new, sophisticated malware that they have named "HiddenWasp", targeting Linux systems.
---------------------------------------------
https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/
∗∗∗ Über 50.000 Datenbank-Server über Uralt-Windows-Bug mit Krypto-Minern infiziert ∗∗∗
---------------------------------------------
Mit raffinierten Methoden haben Hacker zehntausende schlecht gesicherte Windows-Server gekapert und schürfen dort heimlich Monero.
---------------------------------------------
https://heise.de/-4435622
∗∗∗ Your threat model is wrong ∗∗∗
---------------------------------------------
Several subjects have come up with the past week that all come down to the same thing: your threat model is wrong. Instead of addressing the the threat that exists, youve morphed the threat into something else that youd rather deal with, or which is easier to understand.
---------------------------------------------
https://blog.erratasec.com/2019/05/your-threat-model-is-wrong.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Convert Plus Plugin Flaw Lets Attackers Become a Wordpress Admin ∗∗∗
---------------------------------------------
A critical vulnerability in Convert Plus, a commercial plugin for WordPress websites estimated to have 100,000 active installations, allows an unauthenticated attacker to create accounts with administrator privileges.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/convert-plus-plugin-flaw-lets-attackers-become-a-wordpress-admin/
∗∗∗ AVEVA Vijeo Citect and CitectSCADA ∗∗∗
---------------------------------------------
This advisory includes mitigations for an insufficiently protected credentials vulnerability reported in AVEVA's Vijeo Citect and CitectSCADA supervisory control and data acquisition software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-150-01
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox and libvirt), Debian (openjdk-8 and tomcat7), Fedora (drupal7-entity), Mageia (kernel), openSUSE (bluez, gnutls, and libu2f-host), Oracle (bind), Red Hat (bind), Scientific Linux (bind), SUSE (axis, libtasn1, and rmt-server), and Ubuntu (sudo).
---------------------------------------------
https://lwn.net/Articles/789849/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (miniupnpd and qemu), Fedora (drupal7-entity and xen), openSUSE (kernel), Oracle (bind and firefox), Red Hat (go-toolset-1.11-golang), SUSE (cronie, evolution, firefox, gnome-shell, java-1_7_0-openjdk, jpeg, and mailman), and Ubuntu (corosync, evolution-data-server, gnutls28, and libseccomp).
---------------------------------------------
https://lwn.net/Articles/789995/
∗∗∗ Security Advisory 2019-08: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/
∗∗∗ Security Advisory 2019-09: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/
∗∗∗ HPESBNS03925 rev.1 - HPE Nonstop Maintenance Entity family of products, Local Disclosure of Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03925en_us
∗∗∗ AirPort Base Station Firmware Update 7.9.1 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT210090
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-process-designer-used-in-ibm-business-automation-workflow-and-ibm-business-process-manager/
∗∗∗ IBM Security Bulletin: IBM Watson Knowledge Catalog (with Information Server) is affected by a Cryptographic vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-watson-knowledge-catalog-with-information-server-is-affected-by-a-cryptographic-vulnerability/
∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server containers are vulnerable to privilege escalation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-information-server-containers-are-vulnerable-to-privilege-escalation/
∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK (January 2019) affecting IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5 and V5.0.4 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ibm-java-sdk-january-2019-affecting-ibm-application-delivery-intelligence-for-ibm-z-v5-1-0-v5-0-5-and-v5-0-4/
∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 & 8, IBM SDK, Java Technology Edition Version 8 and Eclipse OpenJ9 Affect Transformation Extender ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ibm-runtime-environments-java-technology-edition-versions-7-8-ibm-sdk-java-technology-edition-version-8-and-eclipse-openj9-affect-transformation-extender/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (April 2019 updates) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-os-images-for-red-hat-linux-systems-april-2019-updates/
∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Tivoli Storage Manager FastBack (CVE-2018-12547) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-tivoli-storage-manager-fastback-cve-2018-12547/
∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-5407) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-has-been-identified-in-openssl-which-is-shipped-with-ibm-tivoli-network-manager-ip-edition-cve-2018-5407/
∗∗∗ IBM Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-access-manager-appliance-2/
∗∗∗ IBM Security Bulletin: A vulnerability in Apache Commons Compress may affect IBM Cloud App Management V2018 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-apache-commons-compress-may-affect-ibm-cloud-app-management-v2018/
∗∗∗ IBM Security Bulletin: Multiple open source vulnerabilities affect IBM PureApplication System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-open-source-vulnerabilities-affect-ibm-pureapplication-system/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list