[CERT-daily] Tageszusammenfassung - 22.11.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 21-11-2019 18:00 − Freitag 22-11-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Securing Portable Electronic Devices During Travel ∗∗∗
---------------------------------------------
Holiday travelers often use portable electronic devices (PEDs) because they offer a range of conveniences, for example, enabling the traveler to order gifts on-the-go, access to online banking, or download boarding passes. However, these devices are vulnerable to cyberattack or theft, resulting in exposure of personal information.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/11/22/securing-portable-electronic-devices-during-travel


∗∗∗ Abusing Web Filters Misconfiguration for Reconnaissance ∗∗∗
---------------------------------------------
Yesterday, an interesting incident was detected while working at a customer SOC. They use a “next-generation” firewall that implements a web filter based on categories. This is common in many organizations today: Users web traffic is allowed/denied based on an URL categorization database (like “adult content”, “hacking”, “gambling”, …). How was it detected?
---------------------------------------------
https://isc.sans.edu/diary/rss/25538


∗∗∗ ENISA: How to implement security by design for IoT ∗∗∗
---------------------------------------------
ENISA, the European Union Agency for Cybersecurity releases ‘Good Practices for Security of IoT’, a significant report to promote security by design for IoT.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/how-to-implement-security-by-design-for-iot


∗∗∗ A guidebook to open-source OT reconnaissance ∗∗∗
---------------------------------------------
An attacker targeting OT needs to perform reconnaissance on the targeted system and learn how it is connected to the IT network. This often involves old-fashioned or digital espionage, but a lot of such information is actually available out there in the open. ... how open source intelligence (OSINT) can be used to learn crucial details of the inner workings of many a system. An important lesson from Daniels paper and talk is that security by obscurity is dead and ...
---------------------------------------------
https://www.virusbulletin.com/blog/2019/11/vb2019-paper-fantastic-information-and-where-find-it-guidebook-open-source-ot-reconnaissance/


∗∗∗ Introducing Flan Scan: Cloudflare’s Lightweight Network Vulnerability Scanner ∗∗∗
---------------------------------------------
Today, we’re excited to open source Flan Scan, Cloudflare’s in-house lightweight network vulnerability scanner. Flan Scan is a thin wrapper around Nmap that converts this popular open source tool into a vulnerability scanner with the added benefit of easy deployment.
---------------------------------------------
https://blog.cloudflare.com/introducing-flan-scan/


∗∗∗ Ransomware: A free tool can decrypt this malware variant that puts a ransom note on you desktop wallpaper ∗∗∗
---------------------------------------------
Emsisoft, which has build the decryption tool, said that the Hakbit ransomware has hit home users and businesses in the US and Europe, demanding $300 in bitcoin from victims, while warning them how many files they stand to lose. 
---------------------------------------------
https://www.zdnet.com/article/ransomware-a-free-tool-can-decrypt-this-malware-variant-that-puts-a-ransom-note-on-you-desktop-wallpaper/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ ClamAV: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in ClamAV ausnutzen, um einen Denial of Service Angriff durchzuführen.
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/11/warnmeldung_tw-t19-0168.html


∗∗∗ Nodequeue - Critical - Cross Site Scripting - SA-CONTRIB-2019-085 ∗∗∗
---------------------------------------------
Nodequeues JavaScript can be leveraged to insert HTML from attacker-controlled JSON data. This is exploitable if user-submitted "Filtered HTML" content is displayed on a page where nodequeue.js is loaded. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "manipulate queues".
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-085


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (dpdk, mingw-djvulibre, mingw-hunspell, mingw-ilmbase, mingw-OpenEXR, php-symfony, php-symfony3, and rsyslog), openSUSE (chromium and squid), SUSE (aspell, cups, djvulibre, and dpdk), and Ubuntu (djvulibre).
---------------------------------------------
https://lwn.net/Articles/805367/


∗∗∗ Asterisk: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Asterisk ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder einen Denial of Service Zustand herbeizuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1011


∗∗∗ New bypass disclosed in Microsoft PatchGuard (KPP) ∗∗∗
---------------------------------------------
After GhostHook and InfinityHook, we now have ByePg. No patch out yet.
---------------------------------------------
https://www.zdnet.com/article/new-bypass-disclosed-in-microsoft-patchguard-kpp/


∗∗∗ Security Bulletin: Information disclosure vulnerability in IBM Tivoli Netcool Impact (CVE-2019-4570) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-ibm-tivoli-netcool-impact-cve-2019-4570/


∗∗∗ Security Bulletin: Log Analysis is vulnerable to a client side scripting attack due to missing HTTPOnly and Secure attribute in the cookie ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-log-analysis-is-vulnerable-to-a-client-side-scripting-attack-due-to-missing-httponly-and-secure-attribute-in-the-cookie/


∗∗∗ Security Bulletin: Stored cross site scripting vulnerability in IBM Tivoli Netcool Impact (CVE-2019-4569) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-stored-cross-site-scripting-vulnerability-in-ibm-tivoli-netcool-impact-cve-2019-4569/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily