Tageszusammenfassung - 20.02.2019

End-of-Day report

Timeframe: Dienstag 19-02-2019 18:00 - Mittwoch 20-02-2019 18:00 Handler: Dimitri Robl Co-Handler: n/a

News

SQL injection explained: How SQLi attacks work and how to prevent them

What is SQL injection?SQL injection is a type of attack that can give an adversary complete control over your web application database by inserting arbitrary SQL code into a database query.Immortalized by "Little Bobby Drop Tables" in XKCD 327, SQL injection (SQLi) was first discovered in 1998, yet continues to plague web applications across the internet. Even the OWASP Top Tenlists injection as the number one threat to web application security.

https://www.csoonline.com/article/3257429/application-security/what-is-sql-injection-this-oldie-but-goodie-can-make-your-web-applications-hurt.html

Sicherheit: Github startet Safe Harbor für Bug-Bounty-Programm

Um Teilnehmer seines Bug-Bounty-Programms rechtlich besser abzusichern, startet Github ein Safe-Harbor-Programm, das die Aktionen der Sicherheitsforscher absichern soll. Die Richtlinien basieren auf eigener Erfahrung und Vorlagen aus der Community. Das Programm selbst wird ebenfalls erweitert. (Github, Urheberrecht)

https://www.golem.de/news/sicherheit-github-startet-safe-harbor-fuer-bug-bounty-programm-1902-139496-rss.html

Password Managers: Under the Hood of Secrets Management

[...] In this paper we propose security guarantees password managers should offer and examine the underlying workings of five popular password managers targeting the Windows 10 platform: 1Password 7, 1Password 4, Dashlane, KeePass, and LastPass.

https://www.securityevaluators.com/casestudies/password-manager-hacking/

Phishers- new trick for bypassing email URL filters

Phishers have come up with another trick to make Office documents carrying malicious links undetectable by many e-mail security services: they delete the links from the document-s relationship file (xml.rels). The trick has been spotted being used in a email spam campaign aimed at leading victims to a credential harvesting login page.

https://www.helpnetsecurity.com/2019/02/20/phishers-new-trick-for-bypassing-email-url-filters/

Combing Through Brushaloader Amid Massive Detection Uptick

Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Matthew Molyett.Executive SummaryOver the past several months, Cisco Talos has been monitoring various malware distribution campaigns leveraging the malware loader Brushaloader to deliver malware payloads to systems. Brushaloader is currently characterized by the use of various scripting elements, such as PowerShell, to minimize the number of artifacts left on infected systems.

https://blog.talosintelligence.com/2019/02/combing-through-brushaloader.html

Siegeware: When criminals take over your smart building

Siegeware is what you get when cybercriminals mix the concept of ransomware with building automation systems: abuse of equipment control software to threaten access to physical facilities.

https://www.welivesecurity.com/2019/02/20/siegeware-when-criminals-take-over-your-smart-building/

Vulnerabilities

Intel Data Center Manager SDK

This advisory provides mitigation recommendations for improper authentication, protection mechanism failure, permission issues, key management errors, and insufficient control flow management vulnerabilities reported in Intels Data Center Manger software development kit.

https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01

Delta Industrial Automation CNCSoft

This advisory provides mitigation recommendations for an out-of-bounds read vulnerability reported in the Delta Electronics Delta Industrial Automation CNCSoft.

https://ics-cert.us-cert.gov/advisories/ICSA-19-050-02

Horner Automation Cscape

This advisory includes mitigations for an improper input validation vulnerability in the Horner Automation Cscape software.

https://ics-cert.us-cert.gov/advisories/ICSA-19-050-03

Rockwell Automation Allen-Bradley PowerMonitor 1000

This advisory provides mitigation recommendations for cross-site scripting and authentication bypass vulnerabilities reported in Rockwell Automations Allen-Bradley PowerMonitor 1000, a compact power monitor.

https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04

WordPress 5.0.0 Remote Code Execution

This blog post details how a combination of a Path Traversal and Local File Inclusion vulnerability lead to Remote Code Execution in the WordPress core. The vulnerability remained uncovered in the WordPress core for over 6 years.

https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/

Security updates for Wednesday

Security updates have been issued by Debian (ansible, drupal7, and systemd), Fedora (botan2, ceph, and firefox), Oracle (firefox, flatpak, and systemd), Red Hat (firefox), SUSE (gvfs, kernel, libqt5-qtbase, python-numpy, and qemu), and Ubuntu (gdm3).

https://lwn.net/Articles/780344/

Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-cdp-lldp-dos

Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-webx-ios-file

Cisco Prime Infrastructure Certificate Validation Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-prime-validation

Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-pca-access

Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ncs

Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs

Cisco Firepower Threat Defense Software SSL or TLS Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-fpwr-ssltls-dos

Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-firpwr-dos

Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-cuc-rxss

Cisco HyperFlex Software Unauthenticated Root Access Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access

Security Advisory - Double Free Vulnerability on Bastet Module of Some Huawei Smartphones

http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-01-smartphone-en

Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones

http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-01-phone-en

Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones

http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-01-informationleak-en

IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-multiple-security-vulnerabilities-2/