[CERT-daily] Tageszusammenfassung - 16.09.2019
Daily end-of-shift report
team at cert.at
Mon Sep 16 18:13:18 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 13-09-2019 18:00 − Montag 16-09-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Gefährliche Sicherheitslücken in Überwachungskameras von Dahua ∗∗∗
---------------------------------------------
Angreifer könnten einige Dahua-Überwachungskameras attackieren und in ein Botnetz zwingen. Sicherheitsupdates stehen zum Download bereit.
---------------------------------------------
https://heise.de/-4523355
∗∗∗ Fake-Bewerbung von "Eva Richter" hat Erpressungstrojaner Ordinypt im Gepäck ∗∗∗
---------------------------------------------
Vorsicht: Derzeit sind wieder gefälschte Bewerbungen mit gefährlichem Dateianhang in Umlauf. Wer darauf reinfällt, steht vor einem digitalen Scherbenhaufen.
---------------------------------------------
https://heise.de/-4523365
∗∗∗ How to Enable Ransomware Protection in Windows 10 ∗∗∗
---------------------------------------------
Windows Defender includes a security feature called "Ransomware Protection" that allows you to enable various protections against ransomware infections. This feature is disabled by default in Windows 10, but with ransomware running rampant, it is important to enable this feature in order to get the most protection on your computer.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/how-to-enable-ransomware-protection-in-windows-10/
∗∗∗ iPhone: PIN-Sperre in iOS 13 umgangen ∗∗∗
---------------------------------------------
Der Sperrbildschirm in iOS 13 kann mit einem einfachen Trick umgangen werden. So kann auf das Adressbuch des Besitzers zugegriffen werden. iOS 13 soll am 19. September veröffentlicht werden - die Lücke will Apple bis dahin nicht schließen.
---------------------------------------------
https://www.golem.de/news/iphone-pin-sperre-in-ios-13-umgangen-1909-143860-rss.html
∗∗∗ WordPress XSS Bug Allows Drive-By Code Execution ∗∗∗
---------------------------------------------
Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover.
---------------------------------------------
https://threatpost.com/wordpress-xss-drive-by-code-execution/148324/
∗∗∗ Dissecting the WordPress 5.2.3 Update ∗∗∗
---------------------------------------------
Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to day work is to analyse these security releases, discover what security issue it is fixing and come up with a Proof of Concept for further internal testing.
---------------------------------------------
https://blog.sucuri.net/2019/09/dissecting-the-wordpress-5-2-3-update.html
∗∗∗ Smishing Explained: What It Is and How to Prevent It ∗∗∗
---------------------------------------------
Do you remember the last time you’ve interacted with a brand, political cause, or fundraising campaign via text message? Have you noticed these communications occurring more frequently as of late? It’s no accident. Whereas marketers and communications professionals can’t count on email opens or users accepting push notifications from apps, they’re well aware that around [...]
---------------------------------------------
https://www.webroot.com/blog/2019/09/16/smishing-explained-what-it-is-and-how-you-can-prevent-it/
∗∗∗ You Can Run, But You Can't Hide - Detecting Process Reimaging Behavior ∗∗∗
---------------------------------------------
Around 3 months ago, a new attack technique was introduced to the InfoSec community known as "Process Reimaging." This technique was released by the McAfee Security team in a blog titled — "In NTDLL I Trust - Process Reimaging and Endpoint Security Solution Bypass." A few days after this attack technique was released, a co-worker and friend of mine - Dwight Hohnstein - came out with proof of concept code demonstrating this technique, [...]
---------------------------------------------
https://posts.specterops.io/you-can-run-but-you-cant-hide-detecting-process-reimaging-behavior-e6bb9a10c40b
∗∗∗ Open source breach and attack simulation tool Infection Monkey gets new features ∗∗∗
---------------------------------------------
Guardicore, a leader in internal data center and cloud security, unveiled new capabilities for its Infection Monkey that make it the industry’s first Zero Trust assessment tool. Added features extend the functionality of the already successful Infection Monkey, a free, open source breach and attack simulation tool used by thousands to demonstrate and analyze their environments against lateral movement and attacks.
---------------------------------------------
https://www.helpnetsecurity.com/2019/09/16/infection-monkey-tool/
∗∗∗ LastPass Patches Bug Leaking Last-Used Credentials ∗∗∗
---------------------------------------------
A vulnerability recently addressed in LastPass could be abused by attackers to expose the last site credentials filled by LastPass. A freemium password manager, LastPass stores encrypted passwords online and provides users with a web interface to access them, as well as with plugins for web browsers and apps for smartphones.
---------------------------------------------
https://www.securityweek.com/lastpass-patches-bug-leaking-last-used-credentials
∗∗∗ Sophos open-sources Sandboxie, a utility for sandboxing any application ∗∗∗
---------------------------------------------
Sandboxie is now a free download. Source code to be open-sourced at a later date.
---------------------------------------------
https://www.zdnet.com/article/sophos-open-sources-sandboxie-a-utility-for-sandboxing-any-application/
=====================
= Vulnerabilities =
=====================
∗∗∗ VMSA-2019-0013 ∗∗∗
---------------------------------------------
VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities. (CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0013.html
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ansible, faad2, linux-4.9, and thunderbird), Fedora (jbig2dec, libextractor, sphinx, and thunderbird), Mageia (expat, kconfig, mediawiki, nodejs, openldap, poppler, thunderbird, webkit2, and wireguard), openSUSE (buildah, ghostscript, go1.12, libmirage, python-urllib3, rdesktop, and skopeo), SUSE (python-Django), and Ubuntu (exim4, ibus, and Wireshark).
---------------------------------------------
https://lwn.net/Articles/799324/
∗∗∗ [remote] Inteno IOPSYS Gateway - Improper Access Restrictions ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/47390
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list