[CERT-daily] Tageszusammenfassung - 18.09.2019

Daily end-of-shift report team at cert.at
Wed Sep 18 18:17:35 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 17-09-2019 18:00 − Mittwoch 18-09-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions ∗∗∗
---------------------------------------------
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases.
---------------------------------------------
https://thehackernews.com/2019/09/phpmyadmin-csrf-exploit.html


∗∗∗ Clever New DDoS Attack Gets a Lot of Bang for a Hackers Buck ∗∗∗
---------------------------------------------
By exploiting the WS-Discovery protocol, a new breed of DDoS attack can get a huge rate of return.
---------------------------------------------
https://www.wired.com/story/ddos-attack-ws-discovery


∗∗∗ FAQ: Emotet (bei Heise) ∗∗∗
---------------------------------------------
Seit die Heise Gruppe von einer Emotet-Infektion betroffen war, erreichen uns immer wieder Rückfragen. Hier die Antworten auf die häufigsten davon.
---------------------------------------------
https://heise.de/-4517354


∗∗∗ SMS von "PostInfo" führt in Abo-Falle ∗∗∗
---------------------------------------------
Zahlreiche HandynutzerInnen erhalten momentan eine SMS von PostInfo. Sie haben angeblich etwas bei einer Verlosung gewonnen. Um den Gewinn einzulösen, müssen sie einem Link folgen. Dieser führt zu einer Umfrage auf einer gefälschten Post-Seite. Achtung: dieses SMS stammt nicht von der Post, sondern von Kriminellen. Sie werden in eine Abo-Falle gelockt.
---------------------------------------------
https://www.watchlist-internet.at/news/sms-von-postinfo-fuehrt-in-abo-falle/


∗∗∗ Daily Emotet IoCs and Notes for 09/16/19 ∗∗∗
---------------------------------------------
Emotet Malware Document links/IOCs for 09/16/19 as of 09/17/19 02:30 EDTNotes and Credits at the bottom Follow us on twitter @cryptolaemus1 for more updates.
---------------------------------------------
https://paste.cryptolaemus.com/emotet/2019/09/16/emotet-malware-IoCs_09-16-19.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Advantech WebAccess ∗∗∗
---------------------------------------------
This advisory contains mitigations for code injection, command injection, stack-based buffer overflow, and improper authorization vulnerabilities in Advantechs WebAccess HMI platform.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-260-01


∗∗∗ Honeywell Performance IP Cameras and Performance NVRs ∗∗∗
---------------------------------------------
This advisory includes mitigations for an information exposure vulnerability in the Honeywell Performance IP Cameras and Performance NVRs product.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-260-03


∗∗∗ HPESBHF03844 rev.3 - HPE Integrated Lights-Out 4, 5 (iLO 4, 5) iLO Moonshot and Moonshot iLO Chassis Manager, Remote or Local Code Execution ∗∗∗
---------------------------------------------
Version:3 (rev.3) - 17 September 2019 added iLO Moonshot and Moonshot iLO Chassis Manager
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03844en_us


∗∗∗ HPESBHF03866 rev.3 - HPE Integrated Lights-Out 3,4,5 iLO Moonshot and Moonshot iLO Chassis Manager, using SSH, Remote Execution of Arbitrary Code, Local Disclosure of Sensitive Information ∗∗∗
---------------------------------------------
Version:3 (rev.3) - 17 September 2019 added iLO Moonshot and Moonshot iLO Chassis Manager
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03866en_us


∗∗∗ Security update available in Foxit Studio Photo 3.6.6.913 ∗∗∗
---------------------------------------------
Foxit has released Foxit Studio Photo 3.6.6.913, which addresses potential security and stability issues.
---------------------------------------------
https://www.foxitsoftware.com/support/security-bulletins.php


∗∗∗ Kritisches Update für AMD-Grafikkarten löst spezielles Sicherheitsproblem ∗∗∗
---------------------------------------------
Die Kombination von VMware Workstation Pro und AMD-GPUs könnte die Computersicherheit gefährden.
---------------------------------------------
https://heise.de/-4533148


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox and kernel), Debian (thunderbird), Fedora (curl), openSUSE (curl and python-Werkzeug), Oracle (kernel and thunderbird), Red Hat (rh-nginx114-nginx), SUSE (curl, ibus, MozillaFirefox, firefox-glib2, firefox-gtk3, openldap2, openssl, openssl1, python-urllib3, and util-linux and shadow), and Ubuntu (linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial, linux-oracle, linux-raspi2, linux-snapdragon, and wpa).
---------------------------------------------
https://lwn.net/Articles/799765/


∗∗∗ WAGO Series PFC100/PCF200 Information Disclosure ∗∗∗
---------------------------------------------
The reported vulnerability allows a remote attacker to check paths and file names that are used in filesystem operations.
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-017


∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager uses Weak password policy (CVE-2019-4565) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-lifecycle-manager-uses-weak-password-policy-cve-2019-4565/


∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2019 – Includes Oracle Jul 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2019-includes-oracle-jul-2019-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/


∗∗∗ IBM Security Bulletin: Vulnerability in Eclipse Jetty affecting Rational Functional Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-eclipse-jetty-affecting-rational-functional-tester/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities have been identified in bundled libraries of IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2019-12086, CVE-2019-0201) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-have-been-identified-in-bundled-libraries-of-ibm-tivoli-netcool-omnibus-common-integration-libraries-cve-2019-12086-cve-2019-0201/


∗∗∗ IBM Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-0732, CVE-2018-0734, CVE-2018-0737) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-affects-watson-explorer-foundational-components-cve-2018-0732-cve-2018-0734-cve-2018-0737/


∗∗∗ Reflected Cross-Site Scripting (XSS) in Oracle Mojarra JSF ∗∗∗
---------------------------------------------
https://sec-consult.com/en/blog/advisories/reflected-cross-site-scripting-xss-in-oracle-mojarra-jsf/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list