[CERT-daily] Tageszusammenfassung - 27.11.2019
Daily end-of-shift report
team at cert.at
Wed Nov 27 18:11:59 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 26-11-2019 18:00 − Mittwoch 27-11-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Almost 60% Of Malicious Ads Come from Three Ad Providers ∗∗∗
---------------------------------------------
In Confiants "Demand Quality Report for Q3 2019", the ad fraud and security company analyzed 120 billion ad impressions between January 1st and September 20th that flowed through their systems in order to provide a breakdown of different malicious ad campaigns.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/almost-60-percent-of-malicious-ads-come-from-three-ad-providers/
∗∗∗ Top 25 Most Dangerous Vulnerabilities Refreshed After 8 Years ∗∗∗
---------------------------------------------
For the first time in eight years, the list with the most dangerous 25 software vulnerabilities received an update that promises to be relevant for current times.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/top-25-most-dangerous-vulnerabilities-refreshed-after-8-years/
∗∗∗ MITRE ATT&CK vulnerability spotlight: Credentials in registry ∗∗∗
---------------------------------------------
One of the attack stages as described in the MITRE ATT&CK tool is credential access, where a hacker tries to steal user credential information to gain access to new accounts or elevate privileges on a compromised system. One of the means by which an attacker can perform this stage of an attack is by extracting credentials from where they are stored in the Windows registry.
---------------------------------------------
https://resources.infosecinstitute.com/mitre-attck-vulnerability-spotlight-credentials-in-registry/
∗∗∗ Insights from one year of tracking a polymorphic threat ∗∗∗
---------------------------------------------
We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.
---------------------------------------------
https://www.microsoft.com/security/blog/2019/11/26/insights-from-one-year-of-tracking-a-polymorphic-threat/
∗∗∗ Exposed Firebase Database ∗∗∗
---------------------------------------------
An issue can arise in firebase when developers fail to enable authentication. This vulnerability is very similar to every other database misconfiguration, theres no authentication. Leaving a database exposed to the world unauthenticated is an open invite for malicious hackers.
---------------------------------------------
http://ghostlulz.com/google-exposed-firebase-database/
∗∗∗ Vorsicht vor Ping-Anrufen! ∗∗∗
---------------------------------------------
KonsumentInnen erhalten immer wieder sogenannte Ping-Calls. Sie werden dabei von unbekannten Nummern angerufen. Die Anrufe werden meist nach dem ersten oder zweiten Läuten wieder beendet. Wer aus Höflichkeit oder Neugierde zurückruft, tappt in die Kostenfalle. Bei unbekannten, verdächtigen Nummern gilt: Nicht abheben und nicht zurückrufen!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-ping-anrufen/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bsdiff, libvpx, tiff, and xmlrpc-epi), Fedora (freeimage, imapfilter, kernel, mingw-freeimage, and thunderbird), openSUSE (cups and djvulibre), Oracle (SDL), SUSE (ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud, freerdp, mailman, slurm) and Ubuntu (ruby2.3, ruby2.5).
---------------------------------------------
https://lwn.net/Articles/805720/
∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei Smart Speaker Myna ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-01-myna-en
∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Huawei Atlas Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-01-atlas-en
∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-01-smartphone-en
∗∗∗ Security Advisory - Information Disclosure Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-02-smartphone-en
∗∗∗ Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to (CVE-2019-1559) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-cve-2019-1559/
∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2019-1547, CVE-2019-1563) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2019-1547-cve-2019-1563/
∗∗∗ Security Bulletin: Vulnerability CVE-2019-10218 in Samba affects IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-10218-in-samba-affects-ibm-i/
∗∗∗ Security Bulletin: Python as used by IBM QRadar Network Packet Capture is vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers (CVE-2019-9947, CVE-2019-9948) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-python-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-improper-neutralization-of-crlf-sequences-in-http-headers-cve-2019-9947-cve-2019-9948/
∗∗∗ Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to a timing side channel attack (CVE-2018-0734) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-a-timing-side-channel-attack-cve-2018-0734/
∗∗∗ TMM vulnerability CVE-2019-6669 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K11447758
∗∗∗ BIG-IP AAM vulnerability CVE-2019-6666 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K92411323
∗∗∗ BIG-IP FIX profile security advisory vulnerability CVE-2019-6667 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K82781208
∗∗∗ BIG-IP TMM vulnerability CVE-2019-6671 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K39225055
∗∗∗ BIG-IP AFM vulnerability CVE-2019-6672 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K14703097
∗∗∗ BIG-IP ASM Bot Detection DNS cache does not expire security exposure ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K79240502
∗∗∗ The BIG-IP system may fail to properly parse HTTP headers that are prepended by whitespace (non RFC2616 compliant) ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K39794285
∗∗∗ BIG-IP ASM and BIG-IQ/Enterprise Manager/F5 iWorkflow device authentication and trust vulnerability CVE-2019-6665 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K26462555
∗∗∗ BIG-IP HTTP/2 vulnerability CVE-2019-6673 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K81557381
∗∗∗ F5 SSL Orchestrator vulnerability CVE-2019-6674 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K21135478
∗∗∗ BIG-IP Edge Client for macOS vulnerability CVE-2019-6668 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K49827114
∗∗∗ BIG-IP APM ignores the Restrict to Single Client IP option for Native RDP resources ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K24241590
∗∗∗ vCMP vulnerability CVE-2019-6670 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K05765031
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list