End-of-Day report
Timeframe: Dienstag 22-01-2019 18:00 - Mittwoch 23-01-2019 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Microsoft-s Cyber Defense Operations Center shares best practices
You can download the Cyber Defense Operations Center strategy brief to gain more insight into how we work to protect, detect, and respond to cybersecurity threats.
https://blogs.technet.microsoft.com/msrc/2019/01/23/cdoc-best-practices/
Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com
Two of the most disruptive and widely-received spam email campaigns over the past few months -- including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year -- were made possible thanks to an authentication weakness at GoDaddy.com, the worlds largest domain name registrar, KrebsOnSecurity has learned.
Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains tied to GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world-s most trusted corporate names and brands.
https://krebsonsecurity.com/2019/01/bomb-threat-sextortion-spammers-abused-weakness-at-godaddy-com/
Gefälschte Geschäftsführungs-mail zu Kontostand
Unternehmen aufgepasst: Momentan erreichen uns zahlreiche Meldungen zu Betrugs-E-Mails, in welchen Kriminelle sich als Geschäftsführer/in des jeweiligen Unternehmens ausgeben. Gefragt wird nach dem aktuellen Kontostand. Ist genug Geld am Konto, soll eine Auslandsüberweisung initiiert werden. Das Geld darf nicht überwiesen werden, denn es wäre verloren.
https://www.watchlist-internet.at/news/gefaelschte-geschaeftsfuehrungs-mail-zu-kontostand/
Rechtliche Folgen für Phishing-Opfer
Konsument/innen, die auf eine Banken-Phishingmail hereinfallen, übermitteln Kriminelle Daten, die diesen einen Zugriff auf ihr OnlineBanking-Konto ermöglichen. Teilen Kund/innen den Betrüger/innen telefonisch den TAN-Code zur Freigabe einer Überweisung mit, bleiben sie auf ihrem Schaden sitzen. Sie halten keine allgemein bekannten Sicherheitsvorkehrungen ein.
https://www.watchlist-internet.at/news/rechtliche-folgen-fuer-phishing-opfer/
Vulnerabilities
ZDI-19-121: (0day) Microsoft Windows contact File Insufficient UI Warning Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of CONTACT files. Crafted data in a CONTACT file can cause Windows to display a dangerous hyperlink. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of the current user.
http://www.zerodayinitiative.com/advisories/ZDI-19-121/
No-Name-Hausautomation: Lücke erlaubt leichten Firmware-Upload
Viele Geräte für die Hausautomation stammen von der Firma Tuya und haben Sicherheitslücken, die einfache Modifikation zulassen - zum Guten oder zum Schlechten.
https://heise.de/-4284783
Kritische Sicherheitslücke in Debians Update-Tools
Debian-basierte Linux-Systeme weisen eine Sicherheitslücke auf, über die Angreifer das System während des Einspielens von Sicherheits-Updates kapern könnten.
http://heise.de/-4285012
iOS 12.1.3 & Co: Apple stopft gravierende Schwachstellen auf iPhone und Mac
Mit Updates für alle Betriebssysteme räumt der Konzern Sicherheitslücken aus. Ein Bug erlaubt das Schadcode-Einschleusen per FaceTime-Anruf.
http://heise.de/-4285106
Security updates for Wednesday
Security updates have been issued by Debian (libjpeg-turbo and systemd), Fedora (matrix-synapse, mingw-libjpeg-turbo, and mingw-libvorbis), Mageia (libcaca, libmp4v2, libxml2, pdns-recursor, perl-Email-Address, php-pear-HTML_QuickForm, podofo, and wavpack), openSUSE (webkit2gtk3), Red Hat (qemu-kvm-rhev), Scientific Linux (perl), Slackware (httpd), and Ubuntu (ntp).
https://lwn.net/Articles/777385/
OpenBMC caught with 'pantsdown' over new security flaw
A severe vulnerability has been found which impacts multiple Baseboard Management Controller (BMC) firmware stacks and hardware.
The bug, CVE-2019-6260, has been nicknamed "pantsdown" ...
https://www.zdnet.com/article/bmc-caught-with-pantsdown-over-new-batch-of-security-flaws/#ftag=RSSbaffb68
Dräger Infinity Delta
https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01
Johnson Controls Facility Explorer
https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01
Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass
Cisco Connected Mobile Experiences Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cmx-info-discl
Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams
Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf
Cisco AMP Threat Grid API Key Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-threat-grid
Cisco SD-WAN Solution Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-unaccess
Cisco SD-WAN Solution Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal
Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write
Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal
Cisco SD-WAN Solution Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-nfvis-shell-access
Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss
Cisco Webex Meetings Server Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-meetings-xss
Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss
Cisco Identity Services Engine Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege
Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-info-disclosure
Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-iot-fnd-dos
Cisco Firepower Management Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-frpwr-mc-xss
Cisco Prime Infrastructure Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cpi-xss
IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-rational-application-developer-for-websphere-software-2/
IBM Security Bulletin: IBM Security Identity Manager is affected by a vulnerability (CVE-2018-1959)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity-manager-is-affected-by-a-vulnerability-cve-2018-1959/
IBM Security Bulletin: Server Automation is affected by the following vulnerabilities exposures (CVE-2018-8039, CVE-2018-1683, CVE-2018-1755)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-server-automation-is-affected-by-the-following-vulnerabilities-exposures-cve-2018-8039-cve-2018-1683-cve-2018-1755/
IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js- in IBM Cloud
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud-2/
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Integration Designer
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-integration-designer-3/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-tivoli-netcool-configuration-manager/
PHOENIX CONTACT Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx
https://cert.vde.com/de-de/advisories/vde-2019-001