[CERT-daily] Tageszusammenfassung - 20.09.2019

Fri Sep 20 18:06:39 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 19-09-2019 18:00 − Freitag 20-09-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Forcepoint Fixes Privilege Escalation Bug in Windows VPN Client ∗∗∗
---------------------------------------------
A vulnerability affecting all versions of Forcepoint VPN Client for Windows, save the latest release, can be used to achieve persistence and evade detection.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/forcepoint-fixes-privilege-escalation-bug-in-windows-vpn-client/


∗∗∗ Fake SSO Used In Multi-Email Provider Phishing ∗∗∗
---------------------------------------------
Single sign-on (SSO) allows users to sign into a single account (e.g Google) and access other services like YouTube or Gmail without authenticating with a separate username and password. This feature also extends to third party services such as the popular Dropbox file sharing application, which offers users the option to access their account using Google’s authentication from their sign in page.  Malicious Pages Mimic Popular Login Workflows [...]
---------------------------------------------
https://blog.sucuri.net/2019/09/fake-sso-used-in-multi-email-provider-phishing.html


∗∗∗ Blacklisting or Whitelisting in the Right Way ∗∗∗
---------------------------------------------
Its Friday today, Id like to talk about something else. Black (or white) lists are everywhere today. Many security tools implement a way to allow/deny accesses or actions on resources based on "lists" bsides the automated processing of data. The approach to implement them is quite different:
---------------------------------------------
https://isc.sans.edu/forums/diary/Blacklisting+or+Whitelisting+in+the+Right+Way/25338/


∗∗∗ Wenn Instagram- und Facebook-Freunde nach der Handynummer fragen ∗∗∗
---------------------------------------------
Zahlreiche NutzerInnen berichten derzeit, dass sie von FreundInnen über den Instagram-Chat oder den Facebook-Messenger nach ihrer Handynummer gefragt werden. Anschließend wird noch nach einem 4-stelligen PIN Code gefragt. Achtung! Hier schreiben nicht die FreundInnen. Deren Zugang wurde gehackt. Kriminelle versuchen so, ein kostenpflichtiges Abo abzuschließen.
---------------------------------------------
https://www.watchlist-internet.at/news/wenn-instagram-und-facebook-freunde-nach-der-handynummer-fragen/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Tridium Niagara ∗∗∗
---------------------------------------------
This advisory contains mitigations for information exposure and improper authorization vulnerabilities in Tridiums Niagara business application framework software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-262-01


∗∗∗ WECON LeviStudioU (Update A) ∗∗∗
---------------------------------------------
WECON has produced Version 1.8.69 to fix the reported vulnerabilities in Version 1.8.56; however, exploits are still successful against this updated version.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/ICSA-19-036-03


∗∗∗ VMSA-2019-0014 ∗∗∗
---------------------------------------------
VMware ESXi, Workstation, Fusion, VMRC and Horizon Client updates address use-after-free and denial of service vulnerabilities. (CVE-2019-5527, CVE-2019-5535)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0014.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bird, opendmarc, php7.3, and qemu), Fedora (bird, dino, nbdkit, and openconnect), Oracle (nginx:1.14, patch, and thunderbird), Red Hat (dovecot, kernel, kernel-alt, and kernel-rt), Scientific Linux (thunderbird), and SUSE (kernel, openssl, openssl-1_1, python-SQLAlchemy, and python-Werkzeug).
---------------------------------------------
https://lwn.net/Articles/800149/


∗∗∗ Western Digital My Book World II NAS 1.02.12 Hardcoded Credential ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2019090130


∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross-Site Request Forgery (CVE-2019-4515 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-lifecycle-manager-is-affected-by-cross-site-request-forgery-cve-2019-4515/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-oracle-outside-in-technology-affect-ibm-rational-doors-next-generation-7/


∗∗∗ IBM Security Bulletin: Synthetic Playback Agent 8.1.4 is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-synthetic-playback-agent-8-1-4-is-affected-by-multiple-vulnerabilities/


∗∗∗ IBM Security Bulletin: Synthetic Playback Agent 8.1.4.x is affected by multiple vulnerabilities of Mozilla Firefox ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-synthetic-playback-agent-8-1-4-x-is-affected-by-multiple-vulnerabilities-of-mozilla-firefox/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily