Tageszusammenfassung - 10.10.2019

End-of-Day report

Timeframe: Mittwoch 09-10-2019 18:00 - Donnerstag 10-10-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

News

HP Touchpoint Analytics LPE Vulnerability Affects Most HP PCs

HP patched a vulnerability discovered in the HP Touchpoint Analytics software installed by default on most of its Windows laptops and desktops, a flaw allowing attackers to escalate privileges and execute arbitrary code using SYSTEM privileges.

https://www.bleepingcomputer.com/news/security/hp-touchpoint-analytics-lpe-vulnerability-affects-most-hp-pcs/

Gamers Warned of High-Severity Intel, Nvidia Flaws

The Intel NUC and Nvidia Shield both are vulnerable to high-severity flaws, Intel and Nvidia warned in dual advisories.

https://threatpost.com/gamers-high-severity-intel-nvidia-flaws/149034/

Apple iTunes Bug Actively Exploited in BitPaymer/iEncrypt Campaign

Attackers exploit an -unquoted path- flaw in the Bonjour updater in iTunes for Windows to deliver ransomware attacks.

https://threatpost.com/apple-itunes-bug-bitpaymer-iencrypt/149075/

Mahalo FIN7: Responding to the Criminal Operators- New Tools and Techniques

During several recent incident response engagements, FireEye Mandiant investigators uncovered new tools in FIN7-s malware arsenal and kept pace as the global criminal operators attempted new evasion techniques. In this blog, we reveal two of FIN7-s new tools that we have called BOOSTWRITE and RDFSNIFFER.

http://www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-techniques.html

Security Descriptor Auditing Methodology: Investigating Event Log Security

Upon gaining access to a system, what level of access is granted to an attacker who has yet to elevate their privileges?

https://posts.specterops.io/security-descriptor-auditing-methodology-investigating-event-log-security-d64f4289965d

Vulnerabilities

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

https://www.us-cert.gov/ncas/current-activity/2019/10/10/juniper-networks-releases-security-updates

Sicherheitsupdates: Intel sichert NUC-PCs und Serverwartungstool ab

Angreifer könnten sich auf NUCs und auf Intel-Servern höhere Rechte aneignen. Eine Lücke bleibt jedoch ungepatcht.

https://heise.de/-4550829

Security updates for Thursday

Security updates have been issued by Debian (clamav, libtomcrypt, and rsyslog), Fedora (suricata), SUSE (libopenmpt and python-requests), and Ubuntu (libsoup2.4 and octavia).

https://lwn.net/Articles/801974/

ZDI-19-866: NETGEAR AC1200 mini_httpd Poison Null Byte Authentication Bypass Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-19-866/