Tageszusammenfassung - 25.10.2019

End-of-Day report

Timeframe: Donnerstag 24-10-2019 18:00 - Freitag 25-10-2019 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Vendor Email Compromise (VEC): The Classic Business Email Compromise (BEC) Scheme with a Spin

A new email fraud scheme has taken Business Email Compromise (BEC) to a whole new level of sophistication. The recently discovered type of email scam has been dubbed Vendor Email Compromise (VEC) and as its name suggests, the attackers prey on employees working at vendor companies.

https://heimdalsecurity.com/blog/vendor-email-compromise-vec/

---

ACSC Releases Advisory on Emotet Malware Campaign

Original release date: October 25, 2019The Australian Cyber Security Centre (ACSC) has released an advisory on an ongoing, widespread Emotet malware campaign. Emotet is a Trojan-commonly spread via malicious email attachments-that attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. ACSC provides indicators of compromise (IOCs) and recommendations to help organizations defend against Emotet malware.

https://www.us-cert.gov/ncas/current-activity/2019/10/25/acsc-releases-advisory-emotet-malware-campaign

---

Your smart doorbell may be collecting more data than you think, study finds

The study tested 81 IoT devices to analyze their behavior and tracking habits, and in some cases brought rather surprising findings The post Your smart doorbell may be collecting more data than you think, study finds appeared first on WeLiveSecurity

https://www.welivesecurity.com/2019/10/25/iot-smart-doorbell-collecting-data-study/

Vulnerabilities

Urgent security issue in NGINX/php-fpm

[...] a new security risk has emerged around NGINX, documented in CVE-2019-11043. This exploit allows for remote code execution on some NGINX and php-fpm configurations. If you do not run NGINX, this exploit does not effect you.

https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/

---

Philips IntelliSpace Perinatal

This medical advisory contains mitigations for an exposure of resource to wrong sphere vulnerability in Philips- IntelliSpace Perinatal obstetrics information management system.

https://www.us-cert.gov/ics/advisories/icsma-19-297-01

---

Rittal Chiller SK 3232-Series

This advisory contains mitigations for a missing authentication for critical function and use of hard-coded vulnerabilities in Rittals Chiller SK 3232-series IT application cooler.

https://www.us-cert.gov/ics/advisories/icsa-19-297-01

---

Honeywell IP-AK2

This advisory contains mitigations for a missing authentication for critical function vulnerability in Honeywells IP-AK2 access control panels.

https://www.us-cert.gov/ics/advisories/icsa-19-297-02

---

VMSA-2019-0019

VMware ESXi, Workstation and Fusion updates address a denial-of-service vulnerability (CVE-2019-5536)

https://www.vmware.com/security/advisories/VMSA-2019-0019.html

---

VMSA-2019-0018

VMware vCenter Server Appliance updates address sensitive information disclosure vulnerability in backup and restore functions (CVE-2019-5537, CVE-2019-5538)

https://www.vmware.com/security/advisories/VMSA-2019-0018.html

---

Security updates for Friday

Security updates have been issued by Debian (firefox-esr), Gentoo (php), Oracle (firefox), Scientific Linux (sudo), and SUSE (accountsservice, binutils, nfs-utils, and xen).

https://lwn.net/Articles/803158/

---

Mattermost security update 5.16.1 / 5.15.2 / 5.14.5 / 5.9.6 (ESR) released

We have released a recommended security update via Mattermost Team Edition 5.16.1, 5.15.2, 5.14.5, 5.9.6 (ESR) and Mattermost Enterprise Edition 5.16.1, 5.15.2, 5.14.5, 5.9.6 (ESR). This security update addresses a high level vulnerability discovered during a security research review by Roman Shchekin. Follow the standard upgrade instructions to apply the updates.

https://mattermost.com/blog/mattermost-security-update-5-16-1-5-15-2-5-14-5-v5-9-6-esr-released/

---

2019-10-22: Vulnerability in Relion® 650 series and Relion® 670 series - Terminal Reboot

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9256&LanguageCode=en&DocumentPartId=&Action=Launch

---

2019-10-22: Vulnerability in Relion® 670 series - MMS Path Traversal

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9255&LanguageCode=en&DocumentPartId=&Action=Launch

---

2019-10-22: Vulnerabilities in Relion® 650 series version 2.1 and Relion® 670 series version 2.1 - OpenSSL

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9254&LanguageCode=en&DocumentPartId=&Action=Launch

---

IBM Security Bulletin: IBM API Connect-s Developer Portal(V5) is impacted by a a confidential information leak(CVE-2019-4600)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-developer-portalv5-is-impacted-by-a-a-confidential-information-leakcve-2019-4600/

---

IBM Security Bulletin: IBM Maximo Health, Safety, and Environment Manager Installation Gives Application Access to Non-Authorized Users (CVE-2019-4546)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-health-safety-and-environment-manager-installation-gives-application-access-to-non-authorized-users-cve-2019-4546/

---

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Use of a Broken or Risky Cryptographic Algorithm vulnerability

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-use-of-a-broken-or-risky-cryptographic-algorithm-vulnerability/

---

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Cleartext Transmission of Sensitive Information vulnerability

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-cleartext-transmission-of-sensitive-information-vulnerability/

---

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Missing Cookie Secure Attribute vulnerability

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-missing-cookie-secure-attribute-vulnerability/

---

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Hazardous Input Validation vulnerability

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-hazardous-input-validation-vulnerability/

---

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Use of a One-Way Hash without a Salt vulnerability

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-use-of-a-one-way-hash-without-a-salt-vulnerability/

---

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Information Exposure vulnerability

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-an-information-exposure-vulnerability/

---

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Use of Hard-coded Credentials vulnerability

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-use-of-hard-coded-credentials-vulnerability/

---

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Missing Authentication for Critical Function vulnerability

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-missing-authentication-for-critical-function-vulnerability/