[CERT-daily] Tageszusammenfassung - 13.02.2020

Thu Feb 13 18:16:02 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 12-02-2020 18:00 − Donnerstag 13-02-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Microsoft Urges Exchange Admins to Disable SMBv1 to Block Malware ∗∗∗
---------------------------------------------
Microsoft is recommending administrators disable the SMBv1 network communication protocol on Exchange servers to provide better protection against malware threats and attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-urges-exchange-admins-to-disable-smbv1-to-block-malware/


∗∗∗ VU#597809: IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service ∗∗∗
---------------------------------------------
Impact: An unauthenticated remote attacker can execute arbitrary code on a vulnerable system, with SYSTEM privileges on Microsoft Windows.
Solution: ServeRAID Manager is no longer supported and we do not expect IBM to release fixes.
---------------------------------------------
https://kb.cert.org/vuls/id/597809


∗∗∗ How to escalate privileges and steal secrets in Google Cloud Platform ∗∗∗
---------------------------------------------
The problem? There just isnt a lot of information available about GCP written from an attackers perspective. We set out to learn as much as we could about Google Cloud and how an attacker might work to abuse common design decisions
---------------------------------------------
https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/


∗∗∗ From S3 bucket to Laravel unserialize RCE ∗∗∗
---------------------------------------------
TLDR: Anyone who have access to the app key can both impersonate other users and, if enabled, make the application deserialize arbitrary data.
---------------------------------------------
https://blog.truesec.com/2020/02/12/from-s3-bucket-to-laravel-unserialize-rce/


∗∗∗ Tipps für die Sicherheit Ihrer E-Mail-Adressen ∗∗∗
---------------------------------------------
Immer wieder erreichen die Watchlist Internet Meldungen verzweifelter KonsumentInnen zu Problemen mit ihren E-Mail-Accounts. So kann es zur Übernahme von Mail-Adressen oder Hacks kommen. Auch vergessene Passwörter, Sicherheitsfragen oder verdächtige Aktivitäten führen häufig zu Schwierigkeiten.
---------------------------------------------
https://www.watchlist-internet.at/news/tipps-fuer-die-sicherheit-ihrer-e-mail-adressen/


∗∗∗ Wireshark Tutorial: Examining Qakbot Infections ∗∗∗
---------------------------------------------
Brad Duncan is back with a new Wireshark tutorial. This one examines a recent infection of Qakbot (AKA Qbot), which is an information stealer, so security pros can better understand its traffic patterns for detecting and investigating in the future. The post Wireshark Tutorial: Examining Qakbot Infections appeared first on Unit42.
---------------------------------------------
https://unit42.paloaltonetworks.com/tutorial-qakbot-infection/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (dovecot, firefox, ksh, and webkit2gtk), Debian (firefox-esr and openjdk-8), Mageia (exiv2, flash-player-plugin, python-waitress, and vim and neovim), openSUSE (pcp and rubygem-rack), Oracle (kernel), Red Hat (sudo), and Slackware (libarchive).
---------------------------------------------
https://lwn.net/Articles/812389/


∗∗∗ Security Bulletin: CVE-2019-4666 IBM UrbanCode Deploy (UCD) could allow a local user to obtain sensitive information by unmasking certain secure values in documents. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4666-ibm-urbancode-deploy-ucd-could-allow-a-local-user-to-obtain-sensitive-information-by-unmasking-certain-secure-values-in-documents/


∗∗∗ Security Bulletin: vulnerabilities in Nimbus JOSE+JWT affect IBM Watson Machine Learning Accelerator 1.2.1 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-nimbus-josejwt-affect-ibm-watson-machine-learning-accelerator-1-2-1/


∗∗∗ Security Bulletin: Authentication bypass in IBM Tivoli Monitoring Service console ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-authentication-bypass-in-ibm-tivoli-monitoring-service-console/


∗∗∗ Security Bulletin: OpenSSL vulnerability affects IBM Rational Team Concert ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-affects-ibm-rational-team-concert/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-2/


∗∗∗ Security Bulletin: CVE-2019-4666 IBM UrbanCode Build (UCB) could allow a local user to obtain sensitive information by unmasking certain secure values in documents. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4666-ibm-urbancode-build-ucb-could-allow-a-local-user-to-obtain-sensitive-information-by-unmasking-certain-secure-values-in-documents/


∗∗∗ Security Bulletin: CVE-2019-0199 The HTTP/2 implementation in embded Apache Tomcat Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-0199-the-http-2-implementation-in-embded-apache-tomcat-denial-of-service-vulnerability/


∗∗∗ Security Bulletin: IBM Tivoli Monitoring Basic Services component (CVE-2019-15903) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-basic-services-component-cve-2019-15903/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily