End-of-Day report
Timeframe: Dienstag 26-11-2019 18:00 - Mittwoch 27-11-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Almost 60% Of Malicious Ads Come from Three Ad Providers
In Confiants "Demand Quality Report for Q3 2019", the ad fraud and security company analyzed 120 billion ad impressions between January 1st and September 20th that flowed through their systems in order to provide a breakdown of different malicious ad campaigns.
https://www.bleepingcomputer.com/news/security/almost-60-percent-of-malicious-ads-come-from-three-ad-providers/
Top 25 Most Dangerous Vulnerabilities Refreshed After 8 Years
For the first time in eight years, the list with the most dangerous 25 software vulnerabilities received an update that promises to be relevant for current times.
https://www.bleepingcomputer.com/news/security/top-25-most-dangerous-vulnerabilities-refreshed-after-8-years/
MITRE ATT&CK vulnerability spotlight: Credentials in registry
One of the attack stages as described in the MITRE ATT&CK tool is credential access, where a hacker tries to steal user credential information to gain access to new accounts or elevate privileges on a compromised system. One of the means by which an attacker can perform this stage of an attack is by extracting credentials from where they are stored in the Windows registry.
https://resources.infosecinstitute.com/mitre-attck-vulnerability-spotlight-credentials-in-registry/
Insights from one year of tracking a polymorphic threat
We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year-s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot-s authors, but of cybercriminals in general.
https://www.microsoft.com/security/blog/2019/11/26/insights-from-one-year-of-tracking-a-polymorphic-threat/
Exposed Firebase Database
An issue can arise in firebase when developers fail to enable authentication. This vulnerability is very similar to every other database misconfiguration, theres no authentication. Leaving a database exposed to the world unauthenticated is an open invite for malicious hackers.
http://ghostlulz.com/google-exposed-firebase-database/
Vorsicht vor Ping-Anrufen!
KonsumentInnen erhalten immer wieder sogenannte Ping-Calls. Sie werden dabei von unbekannten Nummern angerufen. Die Anrufe werden meist nach dem ersten oder zweiten Läuten wieder beendet. Wer aus Höflichkeit oder Neugierde zurückruft, tappt in die Kostenfalle. Bei unbekannten, verdächtigen Nummern gilt: Nicht abheben und nicht zurückrufen!
https://www.watchlist-internet.at/news/vorsicht-vor-ping-anrufen/
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by Debian (bsdiff, libvpx, tiff, and xmlrpc-epi), Fedora (freeimage, imapfilter, kernel, mingw-freeimage, and thunderbird), openSUSE (cups and djvulibre), Oracle (SDL), SUSE (ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud, freerdp, mailman, slurm) and Ubuntu (ruby2.3, ruby2.5).
https://lwn.net/Articles/805720/
Security Advisory - Information Leak Vulnerability in Huawei Smart Speaker Myna
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-01-myna-en
Security Advisory - Buffer Overflow Vulnerability in Huawei Atlas Product
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-01-atlas-en
Security Advisory - Improper Authorization Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-01-smartphone-en
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191127-02-smartphone-en
Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to (CVE-2019-1559)
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-cve-2019-1559/
Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2019-1547, CVE-2019-1563)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2019-1547-cve-2019-1563/
Security Bulletin: Vulnerability CVE-2019-10218 in Samba affects IBM i
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-10218-in-samba-affects-ibm-i/
Security Bulletin: Python as used by IBM QRadar Network Packet Capture is vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers (CVE-2019-9947, CVE-2019-9948)
https://www.ibm.com/blogs/psirt/security-bulletin-python-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-improper-neutralization-of-crlf-sequences-in-http-headers-cve-2019-9947-cve-2019-9948/
Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to a timing side channel attack (CVE-2018-0734)
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-a-timing-side-channel-attack-cve-2018-0734/
TMM vulnerability CVE-2019-6669
https://support.f5.com/csp/article/K11447758
BIG-IP AAM vulnerability CVE-2019-6666
https://support.f5.com/csp/article/K92411323
BIG-IP FIX profile security advisory vulnerability CVE-2019-6667
https://support.f5.com/csp/article/K82781208
BIG-IP TMM vulnerability CVE-2019-6671
https://support.f5.com/csp/article/K39225055
BIG-IP AFM vulnerability CVE-2019-6672
https://support.f5.com/csp/article/K14703097
BIG-IP ASM Bot Detection DNS cache does not expire security exposure
https://support.f5.com/csp/article/K79240502
The BIG-IP system may fail to properly parse HTTP headers that are prepended by whitespace (non RFC2616 compliant)
https://support.f5.com/csp/article/K39794285
BIG-IP ASM and BIG-IQ/Enterprise Manager/F5 iWorkflow device authentication and trust vulnerability CVE-2019-6665
https://support.f5.com/csp/article/K26462555
BIG-IP HTTP/2 vulnerability CVE-2019-6673
https://support.f5.com/csp/article/K81557381
F5 SSL Orchestrator vulnerability CVE-2019-6674
https://support.f5.com/csp/article/K21135478
BIG-IP Edge Client for macOS vulnerability CVE-2019-6668
https://support.f5.com/csp/article/K49827114
BIG-IP APM ignores the Restrict to Single Client IP option for Native RDP resources
https://support.f5.com/csp/article/K24241590
vCMP vulnerability CVE-2019-6670
https://support.f5.com/csp/article/K05765031