End-of-Day report
Timeframe: Donnerstag 10-01-2019 18:00 - Freitag 11-01-2019 18:00
Handler: Dimitri Robl
Co-Handler: n/a
News
Datenleak - mal ganz ohne Hype
Datenleak - mal ganz ohne Hype11. Jänner 2019Man hätte sich in den letzten Tagen enorm anstrengen müssen, um der Berichterstattung zu dem vor knapp einer Woche in Deutschland bekannt gewordenen Datenleak zu entgehen.Um es trotzdem nochmal kurz zusammenzufassen: Unbekannte Täter veröffentlichten im Laufe des Dezembers Dokumente und persönliche Informationen hunderter deutscher Politiker und anderer Personen des öffentlichen Lebens in Form eines bizarren
http://www.cert.at/services/blog/20190111135415-2348.html
Vivy & Co.: Gesundheitsapps kranken an der Sicherheit
Mit Sicherheitsversprechen geizen die Hersteller von Gesundheitsapps wahrlich nicht. Doch wie ist es wirklich darum bestellt? (Medizin, Gesundheitskarte)
https://www.golem.de/news/vivy-co-gesundheitsapps-kranken-an-der-sicherheit-1901-138622-rss.html
Using Wireshark - Display Filter Expressions
As a Threat Intelligence Analyst for Palo Alto Networks Unit 42, I often use Wireshark to review packet captures (pcaps) of network traffic generated by malware samples. To better accomplish this work, I use a customized Wireshark column display as described my previous blog about using Wireshark. Today-s post provides more tips for analysts toThe post Using Wireshark - Display Filter Expressions appeared first on Unit42.
https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/
Windows 10 Experts Guide: Everything you need to know about BitLocker
Encrypting every bit of data on a Windows 10 PC is a crucial security precaution. Every edition of Windows 10 includes strong encryption options, with business editions having the best set of management tools. Heres a hands-on guide.
https://www.zdnet.com/article/windows-10-experts-guide-everything-you-need-to-know-about-bitlocker/#ftag=RSSbaffb68
Vulnerabilities
Emerson DeltaV
This advisory provides mitigation recommendations for an authentication bypass vulnerability in Emersons DeltaV distributed control system workstation products.
https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01
Omron CX-One CX-Protocol
This advisory provides mitigation recommendations for a type confusion vulnerability in Omrons CX-Protocol within the CX-One software.
https://ics-cert.us-cert.gov/advisories/ICSA-19-010-02
Pilz PNOZmulti Configurator
This advisory provides mitigation recommendations for a clear-text storage of sensitive information vulnerability in the Pilz PNOZmulti Configurator, a safety circuit configuration tool.
https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03
Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4
This advisory was originally posted to the HSIN ICS-CERT library on November 29, 2018, and is now being released to the NCCIC/ICS-CERT website. This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in the Tridium Niagara Enterprise Security, the Niagara AX, and the Niagara 4 products.
https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02
USN-3855-1: systemd vulnerabilities
systemd vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 18.10Ubuntu 18.04 LTSUbuntu 16.04 LTSSummarySeveral security issues were fixed in systemd.Software Descriptionsystemd - system and service managerDetailsIt was discovered that systemd-journald allocated variable-length buffersfor certain message fields on the stack. A local attacker couldpotentially exploit this to cause a denial of service, or executearbitrary code.
https://usn.ubuntu.com/3855-1/
Sicherheitslücken (teils kritisch) in Juniper ATP, Junos OS und Space OS Software - Patches verfügbar
Sicherheitslücken (teils kritisch) in Juniper ATP, Junos OS und Space OS Software - Patches verfügbar 11. Jänner 2019 Beschreibung Der Netzwerkausrüster Juniper hat mehrere Security Advisories zu teils kritischen Sicherheitslücken in Juniper Space OS, Junos OS und ATP Software veröffentlicht. Zwei der Schwachstellen in Juniper ATP werden mit dem höchstmöglichen CVSS3 Score von 10 als kritisch eingestuft: CVE-2019-0020, CVE-2019-0022 [...]
http://www.cert.at/warnings/all/20190111.html
Security updates for Friday
Security updates have been issued by Arch Linux (systemd and wireshark-cli), Debian (libsndfile and tmpreaper), Fedora (beep, electrum, gnutls, haproxy, krb5, mupdf, php-horde-Horde-Image, python-django, and wget), Mageia (libarchive and terminology), openSUSE (libraw, polkit, and singularity), SUSE (haproxy, java-1_8_0-openjdk, LibVNCServer, and webkit2gtk3), and Ubuntu (exiv2, gnupg2, and webkit2gtk).
https://lwn.net/Articles/776518/
ZDI-19-013: (0day) Microsoft Windows vcf File Insufficient UI Warning Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-19-013/
Format String Vulnerability in SSH username
https://fortiguard.com/psirt/FG-IR-18-018
IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by an IBM WebSphere Application Server vulnerability(CVE-2017-1788)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity-manager-virtual-appliance-is-affected-by-an-ibm-websphere-application-server-vulnerabilitycve-2017-1788/
IBM Security Bulletin: IBM Security Identity Manager is affected by multiple vulnerabilities (CVE-2018-1956, CVE-2018-1969, CVE-2018-1967 )
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity-manager-is-affected-by-multiple-vulnerabilities-cve-2018-1956-cve-2018-1969-cve-2018-1967/
IBM Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1904)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-remote-code-execution-vulnerability-in-websphere-application-server-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2018-1904/