Tageszusammenfassung - 13.11.2019
End-of-Day report
Timeframe: Dienstag 12-11-2019 18:00 - Mittwoch 13-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/aNews
Network Traffic Analysis for IR: Address Resolution Protocol (ARP) with Wireshark
Introduction to the Address Resolution Protocol The Address Resolution Protocol (ARP) was first defined in RFC 826. As the name suggests, it is designed to resolve IP addresses into a form usable by other systems within a subnet. Network addressing works at a couple of different layers of the OSI model.https://resources.infosecinstitute.com/address-resolution-protocol-arp-with-wireshark/
Schlüssel aus TPM-Chips lassen sich extrahieren
Mit einem Timing-Angriff lassen sich Signaturschlüssel auf Basis elliptischer Kurven aus TPM-Chips extrahieren. ... TPM-Chips sind in allen modernen PCs vorhanden und teilweise umstritten, da sie auch dazu genutzt werden können, Schutzmechanismen gegen den Willen des Nutzers umzusetzen. Trotz ihrer Verbreitung werden die Chips eher selten für kritische Applikationen genutzt, die Auswirkungen der Lücke dürften sich in Grenzen halten.https://www.golem.de/news/tpm-fail-schluessel-aus-tpm-chips-lassen-sich-extrahieren-1911-144955.html
GSM Traffic and Encryption: A5/1 Stream Cipher
This write-up documents some of my follow-up research with regard to analyzing the GSM traffic packets I captured using Software Defined Radio. My attempt was to better understand the GSM mobile network protocols and procedures, with an emphasis on the authentication and ciphering algorithms being deployed.https://www.blackhillsinfosec.com/gsm-traffic-and-encryption-a5-1-stream-cipher/
Angriffe über USB und Bluetooth: Android-Smartphones verwundbar
Sicherheitsforscher haben Schwachstellen in mehreren älteren Android-Smartphones entdeckt, die sie über USB- und Bluetooth-Verbindungen ausnutzen konnten.Seriöses Job-Angebot oder Auftrag zur Geldwäsche?
Auf diversen Job-Börsen und Kleinanzeigenportalen stoßen Arbeitssuchende momentan auf Angebote zur freien Mitarbeit der -TideBit Deutschland LTD-. Die Firma existiert in dieser Form nicht. Kriminelle missbrauchen den Namen eines Kryptowährungsunternehmens, um BewerberInnen zur Geldwäsche zu bringen. Wer die Aufgaben erfüllt, macht sich womöglich selbst strafbar.https://www.watchlist-internet.at/news/serioeses-job-angebot-oder-auftrag-zur-geldwaesche/
Vulnerabilities
November 2019 security updates are available!
We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month-s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of extended support and no longer receiving updates as of January 14, 2020.https://msrc-blog.microsoft.com:443/2019/11/12/november-2019-security-updates-are-available/
Intel fixt Sicherheitslücken und enthüllt nebenbei eine neue ZombieLoad-Variante
Zum Patch Tuesday hat Intel 77 teils kritische Lücken gefixt, unter denen sich auch ein bislang geheim gehaltener Seitenkanalangriff befand.VMSA-2019-0020
VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Speculative-Execution Vulnerabilities (CVE-2018-12207, CVE-2019-11135)https://www.vmware.com/security/advisories/VMSA-2019-0020.html
VMSA-2019-0021
VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2019-5540, CVE-2019-5541, CVE-2019-5542)https://www.vmware.com/security/advisories/VMSA-2019-0021.html
VMSA-2019-0008.2
VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)https://www.vmware.com/security/advisories/VMSA-2019-0008.html
Xen Security Advisory CVE-2019-11135 / XSA-305
A new way to sample data from microarchitectural structures has been identified. A TSX Asynchronous Abort is a state which occurs between a transaction definitely aborting (usually for reasons outside of the pipeline's control e.g. receiving an interrupt), and architectural state being rolled back to start of the transaction. During this period, speculative execution may be able to infer the value of data in the microarchitectural structures.https://xenbits.xen.org/xsa/advisory-305.html
Xen Security Advisory CVE-2018-12207 / XSA-304
An erratum exists across some CPUs whereby an instruction fetch may cause a machine check error if the pagetables have been updated in a specific manner without invalidating the TLB. ... This corner case can be triggered by guest kernels.https://xenbits.xen.org/xsa/advisory-304.html
Security updates for Wednesday
Security updates have been issued by Debian (dpdk, intel-microcode, kernel, libssh2, qemu, and webkit2gtk), Fedora (apache-commons-beanutils, bluez, iwd, kernel, kernel-headers, kernel-tools, libell, and microcode_ctl), openSUSE (gdb), Oracle (kernel), Red Hat (kernel and kernel-rt), SUSE (dhcp, evolution, kernel, libcaca, python, python-xdg, qemu, sysstat, ucode-intel, and xen), and Ubuntu (dpdk, intel-microcode, kernel, linux, linux-aws, ..., webkit2gtk)https://lwn.net/Articles/804641/
Citrix Hypervisor Security Update
CTX263684 - A security issue has been identified in certain CPU hardware that may allow unprivileged code running on a CPU core to infer the value of memory data belonging to other processes, virtual machines or the hypervisor that are, or have recently been, running on the same CPU core.https://support.citrix.com/article/CTX263684
Citrix ADC and Citrix Gateway Security Update (CVE-2019-0140)
CTX263807 - A vulnerability has been identified affecting Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway, platforms which could result in privilege escalation via layer 2 network access on all network interfaces.https://support.citrix.com/article/CTX263807
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ise-xss
Security Advisory - Two Vulnerabilities in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191113-01-homerouter-en
Security Advisory - Improper File Management Vulnerability in Huawei Share
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191113-02-share-en
Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities
Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by vulnerability in OpenSSL (CVE-2019-1559)
libpcap vulnerability CVE-2019-15163
https://support.f5.com/csp/article/K92862401?utm_source=f5support&utm_medium=RSS
Hotfix XS80E008 - For Citrix Hypervisor 8.0
https://support.citrix.com/article/CTX263663
Hotfix XS76E012 - For XenServer 7.6
https://support.citrix.com/article/CTX263662
Hotfix XS71ECU2024 - For XenServer 7.1 Cumulative Update 2
https://support.citrix.com/article/CTX263661