[CERT-daily] Tageszusammenfassung - 19.09.2019
Daily end-of-shift report
team at cert.at
Thu Sep 19 18:07:01 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 18-09-2019 18:00 − Donnerstag 19-09-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Fake Human Verification Spam ∗∗∗
---------------------------------------------
We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these newly targeted plugins was Advanced Booking Calendar — and it didn’t take long before we were receiving clean up requests for websites that had already been exploited through this plugin.
---------------------------------------------
https://blog.sucuri.net/2019/09/fake-human-verification-spam.html
∗∗∗ Agent Tesla Trojan Abusing Corporate Email Accounts ∗∗∗
---------------------------------------------
The trojan Agent Tesla is not brand new, discovered in 2018, it is written in VisualBasic and has plenty of interesting features. Just have a look at the MITRE ATT&CK overview of its TTP[1].
---------------------------------------------
https://isc.sans.edu/forums/diary/Agent+Tesla+Trojan+Abusing+Corporate+Email+Accounts/25336/
∗∗∗ Shhmon — Silencing Sysmon via Driver Unload ∗∗∗
---------------------------------------------
https://posts.specterops.io/shhmon-silencing-sysmon-via-driver-unload-682b5be57650
=====================
= Vulnerabilities =
=====================
∗∗∗ Kritische Lücke erlaubt Root-Zugriff auf D-Link-NAS DNS-320 ∗∗∗
---------------------------------------------
Ein Update schließt eine Schwachstelle mit Höchstwertung im Netzwerkspeicher DNS-320 von D-Link.
---------------------------------------------
https://heise.de/-4533707
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (exiv2, firefox, ghostscript, http-parser, httpd, kdelibs and kde-settings, kernel, pango, qemu-kvm, and thunderbird), Debian (ibus), Fedora (kernel, kernel-headers, python34, qbittorrent, and samba), openSUSE (chromium), Oracle (go-toolset:ol8), Red Hat (kernel, nginx:1.14, patch, ruby, skydive, systemd, and thunderbird), Scientific Linux (thunderbird), SUSE (libreoffice, openssl-1_1, python-urllib3, and python-Werkzeug), and Ubuntu (tomcat9 and wpa, [...]
---------------------------------------------
https://lwn.net/Articles/799971/
∗∗∗ Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to Admin (CVE-2019-16097) ∗∗∗
---------------------------------------------
Aviv Sasson, a security researcher from the cloud division of Unit 42, has identified a critical vulnerability in a widespread cloud native registry called Harbor. The vulnerability allows attackers to take over Harbor registries by sending them a malicious request. The maintainers of Harbor released a patch that closes this critical security hole.
---------------------------------------------
https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
∗∗∗ TableField - Moderately critical - Access bypass - SA-CONTRIB-2019-067 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-067
∗∗∗ Create user permission - Critical - Access bypass - SA-CONTRIB-2019-066 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-066
∗∗∗ Kubernetes: Schwachstelle ermöglicht Manipulation von Dateien ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0826
∗∗∗ Cisco HyperFlex Software Counter Value Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190918-hyperflex-valinj
∗∗∗ Cisco HyperFlex Software Cross-Frame Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190918-hyperflex-xfs
∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei CloudEngine Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190918-01-authentication-en
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-http-server-used-by-websphere-application-server/
∗∗∗ IBM Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Denial of Service (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-3896) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-qradar-packet-capture-is-vulnerable-to-denial-of-service-cve-2019-11477-cve-2019-11478-cve-2019-11479-cve-2019-3896/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms July 2019 CPU (CVE-2019-2816, CVE-2019-11771, CVE-2019-4473) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-july-2019-cpu-cve-2019-2816-cve-2019-11771-cve-2019-4473/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager July 2019 CPU (CVE-2019-2816, CVE-2019-11771, CVE-2019-4473) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-july-2019-cpu-cve-2019-2816-cve-2019-11771-cve-2019-4473/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct File Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-file-agent-3/
∗∗∗ IBM Security Bulletin: Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system and Multiple binaries in IBM SDK, Java Technology Edition on the AIX platform use insecure absolute RPATHs CVE-2019-4473 and CVE-2019-11771 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-eclipse-openj9-could-allow-a-local-attacker-to-gain-elevated-privileges-on-the-system-and-multiple-binaries-in-ibm-sdk-java-technology-edition-on-the-aix-platform-use-insecure/
∗∗∗ IBM Security Bulletin: Node.js as used in IBM QRadar Packet Capture is vulnerable to the following CVE’s (CVE-2019-1559, CVE-2019-5737, CVE-2019-5739) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-node-js-as-used-in-ibm-qradar-packet-capture-is-vulnerable-to-the-following-cves-cve-2019-1559-cve-2019-5737-cve-2019-5739/
∗∗∗ IBM Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-0732, CVE-2018-0734, CVE-2018-0737) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-affects-watson-explorer-foundational-components-cve-2018-0732-cve-2018-0734-cve-2018-0737-2/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list