Tageszusammenfassung - 15.10.2019

End-of-Day report

Timeframe: Montag 14-10-2019 18:00 - Dienstag 15-10-2019 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Cyberangriffe: Attribution ist wie ein Indizienprozess

Russland hat den Bundestag gehackt! China wollte die Bayer AG ausspionieren! Bei großen Hackerangriffen ist oft der Fingerzeig auf den mutmaßlichen Täter nicht weit. Knallharte Beweise dafür gibt es selten, Hinweise sind aber kaum zu vermeiden.

https://www.golem.de/news/cyberangriffe-attribution-ist-wie-ein-indizienprozess-1910-143527-rss.html

Update now! Windows users targeted by iTunes Software Updater zero-day

The flaw is a rare -unquoted path class- described as "so thoroughly documented that you would expect programmers to be well aware..." But thats not the case.

https://nakedsecurity.sophos.com/2019/10/15/update-now-windows-users-targeted-by-itunes-software-updater-zero-day/

Top 10 Website Hardening Tips

Website hardening means adding layers of protection to reduce the risk of website attacks, a process known as -defense in depth.- Here are our top 10 virtual hardening principles: [...]

https://blog.sucuri.net/2019/10/top-10-website-hardening-tips.html

Threat Actor Profile: TA407, the Silent Librarian

[...] Since our blog post, colleagues at Secureworks have provided further details on one actor we highlighted, tracked by Proofpoint as TA407, also known as Silent Librarian, Cobalt Dickens, and Mabna Institute. In this blog, we provide additional insight into the actor and their evolving TTPs in ongoing, academia-focused campaigns.

https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian

Europol: Ransomware remains top threat in IOCTA report

The European Union Agency for Law Enforcement Cooperation, or Europol, just released its annual Internet Organized Crime Threat Assessment (IOCTA) report. We highlight their key findings and remind readers how to better protect themselves.

https://blog.malwarebytes.com/awareness/2019/10/europol-ransomware-remains-top-threat-in-iocta-report/

Researchers Find New Backdoor Used by Winnti Hackers

ESET security researchers were able to identify a new backdoor associated with the threat actor known as the Winnti Group.

https://www.securityweek.com/researchers-find-new-backdoor-used-winnti-hackers

SMS von -InfoSMS- führt in Abo-Falle

Aktuell sind vermehrt betrügerische SMS vom Absender -InfoSMS- im Umlauf. In der SMS heißt es, dass der Besitzer der Handynummer gesucht wird. Für nähere Informationen werden Sie aufgefordert, einem Link zu folgen. Sie landen dann auf einer gefälschten Media Markt Seite, wo ein angeblicher Gewinn auf Sie wartet. Sie werden Ihren Gewinn jedoch nie erhalten, es handelt sich um eine Abo-Falle.

https://www.watchlist-internet.at/news/sms-von-infosms-fuehrt-in-abo-falle/

Vulnerabilities

Security Bulletins Posted

Adobe has published security bulletins for Adobe Experience Manager (APSB19-48), Adobe Acrobat and Reader (APSB19-49), Adobe Experience Manager Forms (APSB19-50) and Adobe Download Manager (APSB19-51). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided -AS IS- with no warranties and confers no rights.

https://blogs.adobe.com/psirt/?p=1795

Security updates for Tuesday

Security updates have been issued by Debian (sudo and xtrlock), openSUSE (sudo), Red Hat (Single Sign-On), Slackware (sudo), SUSE (binutils, dhcp, ffmpeg, kernel, kubernetes-salt, sudo, and tcpdump), and Ubuntu (sudo).

https://lwn.net/Articles/802328/

PHOENIX CONTACT Security Advisory for Automation Worx Software Suite

Phoenix Contact Automationworx Suite: *.bcp-file Memory Corruption Remote Code Execution Vulnerability and *.mwt-file Out-OfBounds Read Remote Code Execution Vulnerability

https://cert.vde.com/de-de/advisories/vde-2019-016

sudo: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten

http://www.cert-bund.de/advisoryshort/CB-K19-0902

WordPress: Mehrere Schwachstellen

http://www.cert-bund.de/advisoryshort/CB-K19-0903

IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cloud Private

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-private/

IBM Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerabilities

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerabilities/

IBM Security Bulletin: IBM MQ Appliance is affected by kernel vulnerabilities (CVE-2019-11479, CVE-2019-11478 and CVE-2019-11477)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-kernel-vulnerabilities-cve-2019-11479-cve-2019-11478-and-cve-2019-11477/

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence is affected by a Using Components with Known Vulnerabilities vulnerability

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-is-affected-by-a-using-components-with-known-vulnerabilities-vulnerability/

IBM Security Bulletin: Vulnerability CVE-2019-4031 affects IBM Workload Scheduler

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-2019-4031-affects-ibm-workload-scheduler/

TYPO3-EXT-SA-2019-018: Remote Code Execution in extension "freeCap CAPTCHA" (sr_freecap)

https://typo3.org/security/advisory/typo3-ext-sa-2019-018/

TYPO3-EXT-SA-2019-017: Multiple vulnerabilities in extension "SLUB: Event Registration" (slub_events)

https://typo3.org/security/advisory/typo3-ext-sa-2019-017/

TYPO3-EXT-SA-2019-016: Information Disclosure in extension "Direct Mail" (direct_mail)

https://typo3.org/security/advisory/typo3-ext-sa-2019-016/

HPESBHF03933 rev.6 - HPE Products using certain Intel Processors, Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities, Local Disclosure of Information

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03933en_us