End-of-Day report
Timeframe: Freitag 15-03-2019 18:00 - Montag 18-03-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
RFC8482 - Saying goodbye to ANY
Ladies and gentlemen, I would like you to welcome the new shiny RFC8482, which effectively deprecates DNS ANY query type. DNS ANY was a "meta-query" - think about it as a similar thing to the common A, AAAA, MX or SRV query types, but unlike these it wasnt a real query type - it was special.
https://blog.cloudflare.com/rfc8482-saying-goodbye-to-any/
Secure Coding - Top 15 Code Analysis Tools
Keeping code secure is a top objective for any software company. And to ensure secure coding, you need to perform code analysis during the development life cycle. While manual review of code was once the only option, now there are plenty of tools that can take care of this in an automated fashion.
https://resources.infosecinstitute.com/secure-coding-top-15-code-analysis-tools/
Lenovo Patches Intel Firmware Flaws in Multiple Product Lines
Lenovo has issued patches for several serious vulnerabilities in its products stemming from Intel technology fixes.
https://threatpost.com/lenovo-patches-high-severity-arbitrary-code-execution-flaws/142860/
Cryptojacking of businesses' cloud resources still going strong
In the past year or so, many cybercriminals have turned to cryptojacking as an easier and more low-key approach for "earning" money. While the value of cryptocurrencies like Bitcoin and Monero has been declining for a while now and Coinhive, the most popular in-browser mining service, has stopped working, cryptojacking is still a considerable threat. After all, attackers need to expand very little effort and are using someone else's resources for free.
https://www.helpnetsecurity.com/2019/03/18/cryptojacking-cloud-resources/
IPv6 unmasking via UPnP
With tools such as ZMap and Masscan and general higher bandwidth availability, exhaustive internet-wide scans of full IPv4 address space have become the norm after it was once impractical. Projects like Shodan and Scans.io aggregate and publish frequently updated datasets of scan results for public analysis, giving researchers greater insight into the current state of the internet. While IPv4 is the norm, the use of IPv6 [...]
https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html
Gefälschte CIA-Mails fordern Bitcoins wegen Kinderpornografie
Internetnutzer/innen erhalten gefälschte Nachrichten der CIA mit dem Betreff -Central Intelligence Agency - Case #12345678-. In der Nachricht wird behauptet, dass die Empfänger/innen im Rahmen von Ermittlungen gegen Kinderpornografie als Verdächtige aufscheinen. Um eine Verhaftung zu verhindern, sollen 10,000 Dollar in Bitcoins an die Absender/innen überwiesen werden. Der Inhalt der Nachrichten ist frei erfunden und die Zahlungen dürfen nicht [...]
https://www.watchlist-internet.at/news/gefaelschte-cia-mails-fordern-bitcoins-wegen-kinderpornografie/
New Mirai Variant Targets Enterprise Wireless Presentation & Display Systems
Unit 42 has discovered a new Mirai variant that targets business video display systems. It uses additional exploits, boosts the number of credentials for brute-force attacks and hosts payload on the compromised website of a Colombian security firm.
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
Microsoft releases Application Guard extension for Chrome and Firefox
Extensions only available for Windows Insiders for now. To work for everyone once Windows 10 19H1 is live.
https://www.zdnet.com/article/microsoft-releases-application-guard-extension-for-chrome-and-firefox/
Vulnerabilities
Sicherheitslücke: Funktastatur nimmt Befehle von Angreifern entgegen
Die Verschlüsselung der kabellosen Fujitsu-Tastatur LX901 lässt sich von Angreifern auf gleich zwei Arten umgehen - und für Angriffe aus der Distanz nutzen.
https://www.golem.de/news/sicherheitsluecke-funktastatur-nimmt-befehle-von-angreifern-entgegen-1903-140070-rss.html
SSH-Software: Kritische Sicherheitslücken in Putty
In der SSH-Software Putty sind im Rahmen eines von der EU finanzierten Bug-Bounty-Programms mehrere schwerwiegende Sicherheitslücken entdeckt worden. Der verwundbare Code wird auch von anderen Projekten wie Filezilla und WinSCP verwendet.
https://www.golem.de/news/ssh-software-kritische-sicherheitsluecken-in-putty-1903-140081-rss.html
Security updates for Monday
Security updates have been issued by Debian (ikiwiki, liblivemedia, linux-4.9, rdflib, and sqlalchemy), Fedora (advancecomp, kubernetes, mingw-poppler, and php), Mageia (ikiwiki), openSUSE (chromium, file, and sssd), Red Hat (ansible, openstack-ceilometer, and openstack-octavia), Scientific Linux (kernel), SUSE (galera-3, mariadb, mariadb-connector-c, java-1_8_0-ibm, kernel, nodejs10, openwsman, wireshark, and yast2-rmt), and Ubuntu (file, linux, linux-aws, linux-kvm, linux-raspi2, [...]
https://lwn.net/Articles/783370/
[webapps] Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
https://www.exploit-db.com/exploits/46541
Security Advisory - Double Free Vulnerability on Bastet Module of Some Huawei Smartphones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-01-smartphone-en
IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer and IBM Watson Content Analytics (CVE-2018-2579, CVE-2018-2588, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-watson-explorer-and-ibm-watson-content-analytics-cve-2018-2579-cve-2018-2588-cve-2018-2602-cve-2018-2603-cve-2018-2633/