[CERT-daily] Tageszusammenfassung - 10.10.2019

Daily end-of-shift report team at cert.at
Thu Oct 10 18:22:45 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 09-10-2019 18:00 − Donnerstag 10-10-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ HP Touchpoint Analytics LPE Vulnerability Affects Most HP PCs ∗∗∗
---------------------------------------------
HP patched a vulnerability discovered in the HP Touchpoint Analytics software installed by default on most of its Windows laptops and desktops, a flaw allowing attackers to escalate privileges and execute arbitrary code using SYSTEM privileges.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hp-touchpoint-analytics-lpe-vulnerability-affects-most-hp-pcs/


∗∗∗ Gamers Warned of High-Severity Intel, Nvidia Flaws ∗∗∗
---------------------------------------------
The Intel NUC and Nvidia Shield both are vulnerable to high-severity flaws, Intel and Nvidia warned in dual advisories.
---------------------------------------------
https://threatpost.com/gamers-high-severity-intel-nvidia-flaws/149034/


∗∗∗ Apple iTunes Bug Actively Exploited in BitPaymer/iEncrypt Campaign ∗∗∗
---------------------------------------------
Attackers exploit an “unquoted path” flaw in the Bonjour updater in iTunes for Windows to deliver ransomware attacks.
---------------------------------------------
https://threatpost.com/apple-itunes-bug-bitpaymer-iencrypt/149075/


∗∗∗ Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques ∗∗∗
---------------------------------------------
During several recent incident response engagements, FireEye Mandiant investigators uncovered new tools in FIN7’s malware arsenal and kept pace as the global criminal operators attempted new evasion techniques. In this blog, we reveal two of FIN7’s new tools that we have called BOOSTWRITE and RDFSNIFFER.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-techniques.html


∗∗∗ Security Descriptor Auditing Methodology: Investigating Event Log Security ∗∗∗
---------------------------------------------
Upon gaining access to a system, what level of access is granted to an attacker who has yet to elevate their privileges?
---------------------------------------------
https://posts.specterops.io/security-descriptor-auditing-methodology-investigating-event-log-security-d64f4289965d



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Juniper Networks Releases Security Updates ∗∗∗
---------------------------------------------
Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/10/10/juniper-networks-releases-security-updates


∗∗∗ Sicherheitsupdates: Intel sichert NUC-PCs und Serverwartungstool ab ∗∗∗
---------------------------------------------
Angreifer könnten sich auf NUCs und auf Intel-Servern höhere Rechte aneignen. Eine Lücke bleibt jedoch ungepatcht.
---------------------------------------------
https://heise.de/-4550829


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (clamav, libtomcrypt, and rsyslog), Fedora (suricata), SUSE (libopenmpt and python-requests), and Ubuntu (libsoup2.4 and octavia).
---------------------------------------------
https://lwn.net/Articles/801974/


∗∗∗ ZDI-19-866: NETGEAR AC1200 mini_httpd Poison Null Byte Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-866/


∗∗∗ Maxlength - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-073 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-073


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-aix-4/


∗∗∗ OpenSSL vulnerability CVE-2019-1563 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS


∗∗∗ OpenSSL vulnerability CVE-2019-1547 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list