[CERT-daily] Tageszusammenfassung - 30.09.2019
Daily end-of-shift report
team at cert.at
Mon Sep 30 18:21:23 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 27-09-2019 18:00 − Montag 30-09-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Sicherheitslücke: Angreifer können verschlüsselte PDF-Daten leaken ∗∗∗
---------------------------------------------
Passwortgeschützte PDF-Dateien bieten wenig Sicherheit. Ein Angreifer, der die Dateien manipulieren kann, kann dafür sorgen, dass deren Inhalt geleakt wird. Abhilfe gibt es nicht, dafür müsste das Dateiformat geändert werden.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-angreifer-koennen-verschluesselte-pdf-daten-leaken-1909-144167-rss.html
∗∗∗ Kriminelle nützen Thomas Cook Insolvenz für Phishing-Attacken ∗∗∗
---------------------------------------------
Die Insolvenz von Thomas Cook und Neckermann Reisen ist momentan in aller Munde. Betroffene KonsumentInnen gelangten nun ins Visier Krimineller. In betrügerischen Phishing-Mails werden sie aufgefordert, Kreditkartendaten und Ausweise zu übermitteln, um ihr Geld zurückzuerhalten. Die E-Mails stammen nicht von Thomas Cook und müssen ignoriert werden!
---------------------------------------------
https://www.watchlist-internet.at/news/kriminelle-nuetzen-thomas-cook-insolvenz-fuer-phishing-attacken/
∗∗∗ Masad Spyware Uses Telegram Bots for Command-and-Control ∗∗∗
---------------------------------------------
The malware harvests data, steals cryptocurrency and drops additional malware, while masquerading as a Fortnite aimbot and more.
---------------------------------------------
https://threatpost.com/masad-spyware-telegram-bots/148759/
∗∗∗ European Cybersecurity Month 2019 is launched ∗∗∗
---------------------------------------------
October marks the kick-off of the European Cybersecurity Month (ECSM), coordinated by the European Union Agency for Cybersecurity (ENISA), the European Commission and supported by the Member States. This campaign will focus on expanding awareness about cybersecurity to citizens across Europe.
---------------------------------------------
https://www.enisa.europa.eu/news/european-cybersecurity-month-2019-is-launched
∗∗∗ Malvertiser eGobbler Exploits Chrome & WebKit Bugs, Infects Over 1 Billion Ads ∗∗∗
---------------------------------------------
We have written about the threat actor eGobbler extensively on our blog over the last year as they’ve continued to emerge as a prolific source of malvertising. [...] Over the past 6 months, the threat group has leveraged obscure browser bugs in order to engineer bypasses for built-in browser mitigations against pop-ups and forced redirections.
---------------------------------------------
https://blog.confiant.com/malvertiser-egobbler-exploits-chrome-webkit-bugs-infects-over-1-billion-ads-6b8ccc41b0e6?gi=b52c7dc8f657
∗∗∗ Cisco führt halbjährlichen Patchday ein ∗∗∗
---------------------------------------------
Ab sofort will Cisco alle sechs Monate gesammelte Sicherheitsupdates für sein Netzwerkbetriebssysteme IOS und IOS XE veröffentlichen.
---------------------------------------------
https://heise.de/-4542793
=====================
= Vulnerabilities =
=====================
∗∗∗ MS-ISAC Releases Advisory on PHP Vulnerability ∗∗∗
---------------------------------------------
Original release date: September 27, 2019The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on a vulnerability in Hypertext Preprocessor (PHP). An attacker could exploit this vulnerability to take control of an affected system.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/09/27/ms-isac-releases-advisory-php-vulnerability
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (dovecot, kernel, and qemu-kvm), Debian (cimg, cups, e2fsprogs, exim4, file-roller, golang-1.11, httpie, and wpa), Fedora (curl, ghostscript, ibus, krb5, mod_md, and nbdkit), Mageia (chromium-browser-stable, libheif, and nghttp2), openSUSE (djvulibre, expat, libopenmpt, mosquitto, phpMyAdmin, and webkit2gtk3), Red Hat (nodejs:10), SUSE (gpg2), and Ubuntu (e2fsprogs and exim4).
---------------------------------------------
https://lwn.net/Articles/800915/
∗∗∗ Exim 4.92.3 security release ∗∗∗
---------------------------------------------
Exim 4.92.3 has been released with a fix for CVE-2019-16928, a heap-basedbuffer overflow in string_vformat that could lead to remote codeexecution. "The currently known exploit uses a extraordinary longEHLO string to crash the Exim process that is receiving the message. Whileat this mode of operation Exim already dropped its privileges, other paths toreach the vulnerable code may exist."
---------------------------------------------
https://lwn.net/Articles/800917/
∗∗∗ xpdf: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0857
∗∗∗ LibreOffice: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0856
∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190930-01-smartphone-en
∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect the Report Builder that is shipped with Jazz Reporting Service (CVE-2019-4494, CVE-2019-4495, CVE-2019-4497) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-the-report-builder-that-is-shipped-with-jazz-reporting-service-cve-2019-4494-cve-2019-4495-cve-2019-4497/
∗∗∗ IBM Security Bulletin: Vulnerabilities in kernel affect Power Hardware Management Console (CVE-2019-11479,CVE-2019-11477 and CVE-2019-11478) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-kernel-affect-power-hardware-management-console-cve-2019-11479cve-2019-11477-and-cve-2019-11478/
∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server can affect IBM SPSS Analytic Server (CVE-2019-4046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-service-vulnerability-in-websphere-application-server-can-affect-ibm-spss-analytic-server-cve-2019-4046/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect Rational Build Forge (CVE-2019-9517, CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-apache-http-server-affect-rational-build-forge-cve-2019-9517-cve-2019-10081-cve-2019-10082-cve-2019-10092-cve-2019-10097-cve-2019-10098/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Build Forge (CVE-2019-4473; CVE-2019-11771) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-rational-build-forge-cve-2019-4473-cve-2019-11771/
∗∗∗ IBM Security Bulletin: Daeja ViewONE Virtual may expose internal IP addresses (CVE-2019-4246) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-daeja-viewone-virtual-may-expose-internal-ip-addresses-cve-2019-4246/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list