End-of-Day report
Timeframe: Dienstag 22-10-2019 18:00 - Mittwoch 23-10-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
VB2019 papers: Emotet and Ryuk
Today we publish VB2019 papers by Luca Nagy (Sophos) on Emotet and Gabriela Nicolao and Luciano Martins (Deloitte) on Ryuk, as well as the corresponding videos of their presentations.
https://www.virusbulletin.com:443/blog/2019/10/vb2019-papers-emotet-and-ryuk/
CPDoS: Cache Poisoned Denial of Service
Cache-Poisoned Denial-of-Service (CPDoS) is a new class of web cache poisoning attacks aimed at disabling web resources and websites.
https://cpdos.org/
Tech, Security Firms Launch Operational Technology Cyber Security Alliance
Several major tech and cybersecurity companies have joined forces for a new initiative called the Operational Technology Cyber Security Alliance (OTCSA), which aims to help industrial and critical infrastructure organizations address challenges related to OT security by providing guidance and resources.
https://www.securityweek.com/tech-security-firms-launch-operational-technology-cyber-security-alliance
Investment-Firmen fordern Zugriff auf Ihr System? Nehmen Sie Abstand!
Nehmen Sie sich vor Investments bei unseriösen Firmen wie aurumpro.co beziehungsweise Muller Enterprise LTD in Acht. Angebliche BeraterInnen kontaktieren Sie telefonisch und verleiten Sie zu immer höheren Investments. Um "effektiver" handeln zu können, verlangt man die Installation von Fernwartungssoftware wie AnyDesk oder TeamViewer. Tun Sie dies nicht und nehmen Sie Abstand - man hat es auf Ihr Vermögen abgesehen!
https://www.watchlist-internet.at/news/investment-firmen-fordern-zugriff-auf-ihr-system-nehmen-sie-abstand/
Vulnerabilities
Schneider Electric ProClima
This advisory contains mitigations for code injection, improper restriction of operations within the bounds of a memory buffer, and uncontrolled search path element vulnerabilities in Schneider Electrics ProClima building and automation control products.
https://www.us-cert.gov/ics/advisories/icsa-19-295-01
Firefox, Chrome Bugs Allow Arbitrary Code-Execution
Multiple critical memory safety bugs in Firefox 69 and Firefox ESR 68.1 in particular affect medium and large government entities and enterprises.
https://threatpost.com/critical-firefox-bugs-arbitrary-code-execution/149455/
OpenAFS Security Advisory 2019-001
Topic: information leakage from uninitialized RPC output variables on error
Issued: 22 October, 2019
Affected: OpenAFS versions 1.0 through 1.6.23, and 1.8.0 through 1.8.4
http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt
OpenAFS Security Advisory 2019-002
Topic: information leakage from uninitialized scalars
Issued: 22 October, 2019
Affected: OpenAFS versions 1.0 through 1.6.23, and 1.8.0 through 1.8.4
http://openafs.org/pages/security/OPENAFS-SA-2019-002.txt
OpenAFS Security Advisory 2019-003
Topic: database server crash from unserialized data access
Issued: 22 October, 2019
Affected: OpenAFS versions 1.0 through 1.6.23, and 1.8.0 through 1.8.4
http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt
Security updates for Wednesday
Security updates have been issued by Arch Linux (go, go-pie, pacman, and xpdf), CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, and patch), openSUSE (gcc7), Red Hat (firefox, kernel, and qemu-kvm-rhev), Slackware (mozilla), SUSE (kernel, libcaca, openconnect, python, sysstat, and zziplib), and Ubuntu (libxslt, linux-azure, and linux-lts-xenial, linux-aws).
https://lwn.net/Articles/802941/
Avast, Avira Products Vulnerable to DLL Hijacking
Vulnerabilities in Avast Antivirus, AVG Antivirus, and Avira Antivirus could allow an attacker to load a malicious DLL file in an effort to bypass defenses and escalate privileges, SafeBreach Labs security researchers discovered. read more
https://www.securityweek.com/avast-avira-products-vulnerable-dll-hijacking
Security Advisory - Out-Of-Bound Read Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191023-01-buffer-en
Security Advisory - Insufficient Authentication Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191023-01-smartphone-en
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191023-01-memory-en
IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1547, CVE-2019-1563)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventia-network-active-bypass-is-affected-by-openssl-vulnerabilities-cve-2019-1547-cve-2019-1563/
IBM Security Bulletin: Vulnerability in Apache Commons Beanutils affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-10086)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apache-commons-beanutils-affect-tivoli-netcool-omnibus-webgui-cve-2019-10086/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®.
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-db2-6/
IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-4486)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-cross-site-scripting-cve-2019-4486/
IBM Security Bulletin: A security vulnerability affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition (CVE-2019-4398)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-edition-cve-2019-4398/
IBM Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by ASoC vulnerability (CVE-2019-4459)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-edition-is-affected-by-asoc-vulnerability-cve-2019-4459/
IBM Security Bulletin: A security vulnerability affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition (CVE-2019-4397)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-edition-cve-2019-4397/
IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2018-20796, CVE-2019-9169)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventia-network-active-bypass-is-affected-by-glibc-vulnerabilities-cve-2018-20796-cve-2019-9169/
IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventia-network-active-bypass-is-affected-by-openssl-vulnerabilities-cve-2019-1559/
BIND vulnerability CVE-2018-5743
https://support.f5.com/csp/article/K74009656
BIG-IP vulnerability CVE-2018-15333
https://support.f5.com/csp/article/K53620021