Tageszusammenfassung - 06.03.2019

End-of-Day report

Timeframe: Dienstag 05-03-2019 18:00 - Mittwoch 06-03-2019 18:00 Handler: Robert Waldner Co-Handler: n/a

News

FIRST releases DDoS mitigation training course

The Forum of Incident Response and Security Teams (FIRST), which brings together incident responders from around the world, invested in the creation of a new training course -DDoS Mitigation Fundamentals-. Authored by Krassimir T. Tzvetanov, a recognized expert in the field, the training teaches incident responders to handle attacks and securing their organisations.

https://www.first.org/newsroom/releases/20190305

Sicherheitsupdate: Chrome-Schwachstelle wird aktiv genutzt

Google hat in Chrome eine Sicherheitslücke behoben, die offenbar bereits aktiv ausgenutzt wird. Details gibt es bislang wenige, aber alle Nutzer von Chrome und dessen Derivaten sollten schnellstmöglich ihren Browser aktualisieren. (Chrome, Google)

https://www.golem.de/news/sicherheitsupdate-chrome-schwachstelle-wird-aktiv-genutzt-1903-139833-rss.html

Spotlight on Troldesh ransomware, aka -Shade-

Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows its been successful against businesses in the first few months of 2019.Categories: MalwareThreat analysisTags: decryptordecryptorsransom.troldeshransomwareransomware remediationshadethreat spotlightTroldesh(Read more...)The post Spotlight on Troldesh ransomware, aka -Shade- appeared first on Malwarebytes Labs.

https://blog.malwarebytes.com/threat-analysis/2019/03/spotlight-troldesh-ransomware-aka-shade/

Phishing-Versuch durch gefälschte Bawag-Sicherheits-App

Zahlreiche Konsument/innen melden eine gefälschte Bawag P.S.K. Mail an uns. Kriminelle versuchen darin, potenzielle Opfer zur Installation einer vermeintlichen Sicherheits-App zu bewegen. Die Applikation darf nicht installiert werden, denn ansonsten gelangen die Kriminellen an die Online-Banking-Daten Ihrer Opfer und es kann zu großen finanziellen Schäden kommen.

https://www.watchlist-internet.at/news/phishing-versuch-durch-gefaelschte-bawag-sicherheits-app/

Vulnerabilities

Vuln: SAP NetWeaver J2EE Engine CVE-2018-17861 Cross Site Scripting Vulnerability

Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. SAP NetWeaver J2EE Engine 7.01 is vulnerable; other versions may also be affected.

http://www.securityfocus.com/bid/107269

Vuln: NetApp SnapCenter CVE-2017-15515 Cross Site Scripting Vulnerability

Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, gain sensitive information, cause denial-of-service conditions and launch other attacks. NetApp SnapCenter prior to 4.0 is vulnerable.

http://www.securityfocus.com/bid/107272

Vuln: Apache Mesos CVE-2018-11793 Denial of Service Vulnerability

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. Apache Mesos version 1.4.0 through 1.7.0 are vulnerable; other versions may also be affected.

http://www.securityfocus.com/bid/107281

Default Privileged Account Vulnerability in the NetApp Service Processor (CVE-2019-5490)

Certain versions of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution.

https://security.netapp.com/advisory/ntap-20190305-0001/

OpenSSL Security Advisory: ChaCha20-Poly1305 with long nonces (CVE-2019-1543)

Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time.

https://www.openssl.org/news/secadv/20190306.txt

Security updates for Wednesday

Security updates have been issued by CentOS (java-1.7.0-openjdk and java-11-openjdk), Debian (mumble and sox), Fedora (drupal7, drupal7-link, firefox, gpsd, ignition, ming, php-erusev-parsedown, and php-Smarty), openSUSE (hiawatha, python, and supportutils), Oracle (java-1.7.0-openjdk), Red Hat (java-1.7.0-openjdk), Scientific Linux (java-1.7.0-openjdk), and Ubuntu (linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 and linux-hwe, linux-aws-hwe, linux-azure,

https://lwn.net/Articles/782462/

Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software

Patches released by Rockwell Automation for its RSLinx Classic software address a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly for remote code execution.

https://www.securityweek.com/rockwell-automation-patches-critical-dosrce-flaw-rslinx-software

PEPPERL+FUCHS Path traversal in WirelessHART Gateway

https://cert.vde.com/de-de/advisories/vde-2019-002

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-controller-privsec

Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-tetra-ace

Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxosldap

Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos

Cisco NX-OS Software Netstack Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-netstack

Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access

Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-fabric-dos

Cisco NX-OS Software Privilege Escalation Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-escalation

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1613

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1612

Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1611

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1610

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1607

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1606

Cisco NX-OS Software NX-API Command Injection Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj

Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth

Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-bash-escal

Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-api-ex

Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos

Action Recommended to Secure the Cisco Nexus PowerOn Auto Provisioning Feature

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-info-poap

Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-dna-xss

Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-chatmail-xss

Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-apic-ipv6

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-shell-escape

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-file-read

Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory

IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2019 CPU

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-january-2019-cpu/

IBM Security Bulletin: IBM API Connect Developer Portal is affected by arbitrary PHP code execution vulnerability in Drupal (CVE-2019-6340)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-developer-portal-is-affected-by-arbitrary-php-code-execution-vulnerability-in-drupal-cve-2019-6340/

IBM Security Bulletin: IBM API Connect is affected by a critical vulnerability in Kubernetes via runc (CVE-2019-5736)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-a-critical-vulnerability-in-kubernetes-via-runc-cve-2019-5736/

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-transformation-advisor/

IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-in-ibm-cloud-6/

IBM Security Bulletin: IBM QRadar SIEM is vulnerable to publicly disclosed vulnerabilities from OpenSSL (CVE-2018-0739, CVE-2018-0732)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-publicly-disclosed-vulnerabilities-from-openssl-cve-2018-0739-cve-2018-0732/

Tageszusammenfassung - 06.03.2019

End-of-Day report

News

FIRST releases DDoS mitigation training course

Sicherheitsupdate: Chrome-Schwachstelle wird aktiv genutzt

Spotlight on Troldesh ransomware, aka -Shade-

Phishing-Versuch durch gefälschte Bawag-Sicherheits-App

Vulnerabilities

Vuln: SAP NetWeaver J2EE Engine CVE-2018-17861 Cross Site Scripting Vulnerability

Vuln: NetApp SnapCenter CVE-2017-15515 Cross Site Scripting Vulnerability

Vuln: Apache Mesos CVE-2018-11793 Denial of Service Vulnerability

Default Privileged Account Vulnerability in the NetApp Service Processor (CVE-2019-5490)

OpenSSL Security Advisory: ChaCha20-Poly1305 with long nonces (CVE-2019-1543)

Security updates for Wednesday

Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software

PEPPERL+FUCHS Path traversal in WirelessHART Gateway

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability

Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability

Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities

Cisco NX-OS Software Image Signature Verification Vulnerability

Cisco NX-OS Software Privilege Escalation Vulnerability

Cisco NX-OS Software Privilege Escalation Vulnerability

Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability

Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability

Cisco NX-OS Software Netstack Denial of Service Vulnerability

Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability

Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

Cisco NX-OS Software Privilege Escalation Vulnerability

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612)

Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611)

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610)

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)

Cisco NX-OS Software NX-API Command Injection Vulnerability

Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability

Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability

Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability

Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability

Action Recommended to Secure the Cisco Nexus PowerOn Auto Provisioning Feature

Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability

Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities

Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability

Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability

IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2019 CPU

IBM Security Bulletin: IBM API Connect Developer Portal is affected by arbitrary PHP code execution vulnerability in Drupal (CVE-2019-6340)

IBM Security Bulletin: IBM API Connect is affected by a critical vulnerability in Kubernetes via runc (CVE-2019-5736)

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

IBM Security Bulletin: IBM QRadar SIEM is vulnerable to publicly disclosed vulnerabilities from OpenSSL (CVE-2018-0739, CVE-2018-0732)