[CERT-daily] Tageszusammenfassung - 10.09.2019

Tue Sep 10 18:22:17 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 09-09-2019 18:00 − Dienstag 10-09-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ How to Audit & Cleanup WordPress Plugins & Themes ∗∗∗
---------------------------------------------
In an interview with Smashing Magazine our CoFounder (now Head of
Security Products at GoDaddy) Tony Perez was asked the following
question. What Makes WordPress Vulnerable? "Here's the simple answer.
Old versions of WordPress, along with theme and plugin vulnerabilities,
multiplied by the CMS' popularity, with the end user thrown into the
mix, make for a vulnerable website."
---------------------------------------------
https://blog.sucuri.net/2019/09/wordpress-plugin-audit.html


∗∗∗ IoT Attack Opportunities Seen in the Cybercrime Underground ∗∗∗
---------------------------------------------
We looked into IoT-related discussions from several cybercrime
underground communities. We found discussions ranging from tutorials to
actual monetization schemes for IoT-related attacks.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/i588EjgxMnI/


∗∗∗ When corporate communications look like a phish ∗∗∗
---------------------------------------------
Before organizations engage in gnashing of teeth over the "ignorant
user" and the cost of training, think about how much email users
encounter and whether corporate communications look like phishes
themselves.
---------------------------------------------
https://blog.malwarebytes.com/business-2/2019/09/when-corporate-communications-look-like-a-phish/


∗∗∗ Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study ∗∗∗
---------------------------------------------
Executive Summary Malware evasion techniques are widely used to
circumvent detection as well as analysis and understanding. One of the
dominant categories of evasion is anti-sandbox detection, simply
because today’s sandboxes are becoming the fastest and easiest way to
have an overview of the threat.
---------------------------------------------
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/evolution-of-malware-sandbox-evasion-tactics-a-retrospective-study/


∗∗∗ Achung Phishing: betrügerische Raiffeisen E-Mails im Umlauf ∗∗∗
---------------------------------------------
Kriminelle behaupten Ihre Kreditkarte wäre gesperrt: Mit der neuen
EU-Richtlinie als Vorwand, erhalten momentan zahlreiche Bank-Kundinnen
und Kunden Phishing-Mails. Laut den E-Mails schreibt die Richtlinie
angeblich die Bestätigung Ihrer persönlichen Daten vor. Der angeführte
Link führt Sie jedoch auf eine gefälschte Login-Seite. Kriminelle
erspähen Ihre Daten.
---------------------------------------------
https://www.watchlist-internet.at/news/achung-phishing-betruegerische-raiffeisen-e-mails-im-umlauf/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Application Manager
(APSB19-45) and Adobe Flash Player (APSB19-46). Adobe recommends users
update their product installations to the latest versions using the
instructions referenced in the bulletin. This posting is provided "AS
IS" with no warranties and confers no rights.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1785


∗∗∗ Multiple Vulnerabilities in Comba and D-Link Routers ∗∗∗
---------------------------------------------
There are five new credential leaking vulnerabilities discovered and
disclosed by Simon Kenin. Two are in a D-Link DSL modem typically
installed to connect a home network to an ISP. The other three are in
multiple Comba Telecom WiFi devices. All the vulnerabilities involve
insecure storage of credentials including three where cleartext
credentials available to any user with network access to the device.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-vulnerabilities-in-comba-and-d-link-routers/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (docker.io, icedtea-web,
and trafficserver), openSUSE (opera), Red Hat (bind, firefox,
go-toolset:rhel8, kernel, nghttp2, and polkit), SUSE (buildah, curl,
java-1_7_1-ibm, and skopeo), and Ubuntu (freetype, memcached,
python2.7, python3.4, and python2.7, python3.5, python3.6, python3.7).
---------------------------------------------
https://lwn.net/Articles/798883/


∗∗∗ MISP 2.4.115 released (aka CVE-2019-16202 and sync speed
improvement) ∗∗∗
---------------------------------------------
A new version of MISP (2.4.115) with a major security fix
(CVE-2019-16202) and various small improvements has been released. We
strongly recommend all MISP users update to this version.
---------------------------------------------
https://www.misp-project.org/2019/09/10/MISP.2.4.115.released.html


∗∗∗ SSA-187667 (Last Update: 2019-09-10): DejaBlue Vulnerabilities - Siemens Healthineers Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-187667.pdf


∗∗∗ SSA-189842 (Last Update: 2019-09-10): TCP URGENT/11 Vulnerabilities in RUGGEDCOM Win ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf


∗∗∗ SSA-191683 (Last Update: 2019-09-10): Cross-Site Scripting Vulnerability in IE/WSN-PA Link WirelessHART Gateway ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf


∗∗∗ SSA-250618 (Last Update: 2019-09-10): Denial-of-Service Vulnerability in SIMATIC TDC CP51M1 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-250618.pdf


∗∗∗ SSA-462066 (Last Update: 2019-09-10): Vulnerability known as TCP SACK PANIC in Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf


∗∗∗ SSA-834884 (Last Update: 2019-09-10): Vulnerability in SINETPLAN ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf


∗∗∗ SSA-884497 (Last Update: 2019-09-10): Multiple Vulnerabilities in SINEMA Remote Connect Server ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf


∗∗∗ GnuPG vulnerability CVE-2019-13050 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K08654551


∗∗∗ Wireshark vulnerability CVE-2019-12295 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K06725231

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily