End-of-Day report
Timeframe: Donnerstag 24-01-2019 18:00 - Freitag 25-01-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Fighting Emotet: lessons from the front line
Emotet is moving, shape-shifting target for admins and their security software. Heres what weve learned from dealing with outbreaks.
https://nakedsecurity.sophos.com/2019/01/25/fighting-emotet-lessons-from-the-front-line/
Youre an admin! Youre an admin! Youre all admins, thanks to this Microsoft Exchange zero-day and exploit
Easily swapped hashed passwords gives Domain Admin rights via API call. Fix may land next month Microsoft Exchange appears to be currently vulnerable to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.-
http://go.theregister.com/feed/www.theregister.co.uk/2019/01/25/microsoft_exchange_hashed_passwords/
Magento - RCE & Local File Read with low privilege admin rights
These vulnerabilities have been responsibly disclosed to Magento team, and received patches in Magento versions 2.3.0, 2.2.7 and 2.1.16 which were released in November 2018.
https://blog.scrt.ch/2019/01/24/magento-rce-local-file-read-with-low-privilege-admin-rights/
Mac-Trojaner versteckt sich in Werbebannern
Die auf macOS abzielende Malware wird in großem Stil per Banner-Werbung ausgeliefert und steganographisch versteckt, warnt eine Sicherheitsfirma.
http://heise.de/-4287382
Neue Passwort-Leaks: Insgesamt 2,2 Milliarden Accounts betroffen
Nach der Passwort-Sammlung Collection #1 kursieren nun auch die riesigen Collections #2-5 im Netz. So überprüfen Sie, ob Ihre Accounts betroffen sind.
http://heise.de/-4287538
Diverse Sicherheitslücken in iTunes für Windows
Apple hat seiner Mediathek-App auf dem PC ein Update spendiert, das mehr als ein halbes Dutzend Bugs fixt - darunter auch kritische.
http://heise.de/-4287940
Vulnerabilities
Advantech WebAccess/SCADA
This advisory includes mitigations for improper authentication, authentication bypass, and SQL injection vulnerabilities in the WebAccess/SCADA software.
https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01
PHOENIX CONTACT FL SWITCH
This advisory provides mitigation recommendations for cross-site request forgery, improper restriction of excessive authentication attempts, cleartext transmission of sensitive information, resource exhaustion, incorrectly specified destination in a communication channel, insecure storage of sensitive information, and memory corruption vulnerabilities reported in Phoenix Contacts FL SWITCH ethernet hardware.
https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02
Security updates for Friday
Security updates have been issued by Debian (mxml, postgresql-9.4, and tmpreaper), Fedora (haproxy and runc), openSUSE (krb5, soundtouch, virtualbox, and zeromq), Oracle (thunderbird), Red Hat (thunderbird), and Ubuntu (subversion and thunderbird).
https://lwn.net/Articles/777549/
Cross-site scripting in CA Automic Workload Automation Web Interface (formerly Automic Automation Engine)
https://www.sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-automic-workload-automation-web-interface-formerly-automic-automation-engine/
IBM Security Bulletin: IBM PureApplication System is affected by vulnerabilities in VMWare component (CVE-2018-6981 CVE-2018-6982)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-system-is-affected-by-vulnerabilities-in-vmware-component-cve-2018-6981-cve-2018-6982/
IBM Security Bulletin: OpenSSL vunerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vunerability/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (October 2018 updates)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-os-images-for-red-hat-linux-systems-october-2018-updates/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System (July and October 2018 updates)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-pureapplication-system-july-and-october-2018-updates/
IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6974)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-system-is-affected-by-a-vulnerability-in-vmware-component-cve-2018-6974/
IBM Security Bulletin: Multiple Foreshadow Spectre Variant vulnerabilities affect IBM OS Image for Red Hat Linux Systems in IBM PureApplication System (CVE-2018-3615 CVE-2018-3620 CVE-2018-3646)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-foreshadow-spectre-variant-vulnerabilities-affect-ibm-os-image-for-red-hat-linux-systems-in-ibm-pureapplication-system-cve-2018-3615-cve-2018-3620-cve-2018-3646/
IBM SECURITY BULLETIN: IBM QRadar SIEM is vulnerable to Content Spoofing (CVE-2018-1733)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-content-spoofing-cve-2018-1733/
IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6972)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-system-is-affected-by-a-vulnerability-in-vmware-component-cve-2018-6972/
IBM Security Bulletin: IBM DataPower Gateway appliances are affected by a vulnerability in IPMI (CVE-2018-1668)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway-appliances-are-affected-by-a-vulnerability-in-ipmi-cve-2018-1668/
IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability (CVE-2018-3639) pertaining third-party CPU hardware
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-system-is-affected-by-a-vulnerability-cve-2018-3639-pertaining-third-party-cpu-hardware/