[CERT-daily] Tageszusammenfassung - 13.09.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 12-09-2019 18:00 − Freitag 13-09-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Rig Exploit Kit Delivering VBScript, (Thu, Sep 12th) ∗∗∗
---------------------------------------------
I detected the following suspicious traffic on a corporate network. It was based on multiples infection stages and looked interesting enough to publish a diary about it. This is also a good reminder that, just by surfing the web, you can spot malicious scripts that will try to infect your computer (Exploit Kits).
---------------------------------------------
https://isc.sans.edu/diary/rss/25318


∗∗∗ Hacking LED Wristbands: A ‘Lightning’ Recap of RF Security Basics ∗∗∗
---------------------------------------------
We’re always eager for new research and learning opportunities, but this time, serendipitously, the opportunity found us. At the closing party of the Hack In The Box Amsterdam conference — where we presented our industrial radio research and ran a CTS contest — we were given LED wristbands to wear. They’re flashing wristbands meant to enhance the experience of an event, party, or show. At the beginning, we were not interested in the security impact; we just wanted to [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/MzmWyorokxA/


∗∗∗ InnfiRAT: A new RAT aiming for your cryptocurrency and more ∗∗∗
---------------------------------------------
Recently, the Zscaler ThreatLabZ team came across a new RAT called InnfiRAT, which is written in .NET and designed to perform specific tasks from an infected machine. This blog provides an analysis of this new RAT, including the way it communicates, all the tasks it performs, and the information it steals.
---------------------------------------------
https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (curl, dnsmasq, and golang-go.crypto), Mageia (docker, firefox, flash-player-plugin, ghostscript, links, squid, sympa, tcpflow, thunderbird, and znc), openSUSE (srt), Oracle (.NET Core, kernel, libwmf, and poppler), Scientific Linux (firefox), SUSE (cri-o, curl, java-1_8_0-ibm, python-SQLAlchemy, and python-urllib3), and Ubuntu (curl and expat).
---------------------------------------------
https://lwn.net/Articles/799127/


∗∗∗ Philips IntelliVue WLAN ∗∗∗
---------------------------------------------
This medical advisory contains mitigations for use of hard-coded password, and download of code without integrity check vulnerabilities in Philips IntelliVue WLAN firmware.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-19-255-01


∗∗∗ 3S-Smart Software Solutions GmbH CODESYS V3 Web Server ∗∗∗
---------------------------------------------
This advisory contains mitigations for path traversal and stack-based buffer overflow vulnerabilities in 3S-Smart Software Solutions CODESYS V3 runtime systems.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-255-01


∗∗∗ 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager ∗∗∗
---------------------------------------------
This advisory contains mitigations for a cross-site scripting vulnerability in 3S-Smart Software Solutions CODESYS V3 library manager software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-255-02


∗∗∗ 3S-Smart Software Solutions GmbH CODESYS Control V3 Online User Management ∗∗∗
---------------------------------------------
This advisory contains mitigations for an incorrect permission assignment for critical resource vulnerability in 3S-Smart Software Solutions CODESYS Control V3 online user management software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-255-03


∗∗∗ 3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server ∗∗∗
---------------------------------------------
This advisory contains mitigations for a NULL pointer dereference vulnerability in 3S-Smart Software Solutions CODESYS Control V3 OPC UA Server.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-255-04


∗∗∗ 3S-Smart Software Solutions GmbH CODESYS V3 Products Containing a CODESYS Communication Server ∗∗∗
---------------------------------------------
This advisory contains mitigations for an improper input validation vulnerability in 3S-Smart Software Solutions CODESYS V3 runtime systems.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-255-05


∗∗∗ Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs) ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN11708203/


∗∗∗ libssh2 vulnerability CVE-2019-13115 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K13322484

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily