End-of-Day report
Timeframe: Dienstag 19-03-2019 18:00 - Mittwoch 20-03-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Videos für mehr Cyber-Sicherheit: BSI startet YouTube-Kanal
Ab sofort ist das BSI auch bei der Videoplattform YouTube zu finden. Unter dem Namen "Bundesamt für Sicherheit in der Informationstechnik" finden Interessierte zunächst Tipps und Hinweise für Privatanwender sowie spannende Karriereinformationen oder Neuigkeiten über das BSI.
https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Youtube-200319.html
https://www.youtube.com/channel/UC_VgLyJQsChxKfDJcdI-Tcg
SilkETW: Because Free Telemetry is...Free!
In the following example, we will collect process event data from the Kernel provider and use image loads to identify Mimikatz execution. We can collect the required data with this command: SilkETW.exe -t kernel -kk ImageLoad -ot file -p C:\Users\b33f\Desktop\mimikatz.json With data in hand it is easy to sort, grep and filter for the properties we are interested in (Figure 2).
http://www.fireeye.com/blog/threat-research/2019/03/silketw-because-free-telemetry-is-free.html
Fake-Shop btckraken.de stielt Daten und liefert nicht!
Die Suche nach günstiger Technik führt manche Konsument/innen zu btckraken.de. Aus angeblichen Sicherheitsgründen werden bei einer Bestellung Ausweisdokumente verlangt. Eine Zahlung erfolgt vorab. Hier darf nicht bestellt werden: Es handelt sich um schweren Identitätsdiebstahl für weitere Verbrechen unter fremden Namen und die Waren werden nie geliefert!
https://www.watchlist-internet.at/news/fake-shop-btckrakende-stielt-daten-und-liefert-nicht/
Ransomware is not dead - a light analysis of LockerGoga
Despite many reports saying that the number of Ransomware samples is on the decrease, we see again and again big multinational companies suffering from these attacks.Just two days ago, Norway based Norsk Hydro - one of the Worlds largest Aluminium producers - was hit by a severe Ransomware attack: [...]
http://blog.joesecurity.org/2019/03/ransomware-is-not-dead-light-analysis.html
Severe security bug found in popular PHP library for creating PDF files
Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years.
https://www.zdnet.com/article/severe-security-bug-found-in-popular-php-library-for-creating-pdf-files/
Vulnerabilities
Cisco IP Phone 7800 Series and 8800 Series Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipab
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipfudos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-csrf
Security updates for Wednesday
Security updates have been issued by Arch Linux (libelf and wordpress), CentOS (cloud-init, cockpit, openssl, and tomcat), Gentoo (openssh), openSUSE (ovmf), Scientific Linux (cloud-init), and SUSE (go1.11, ldb, lftp, libssh2_org, and openwsman).
https://lwn.net/Articles/783566/
Security Advisory - Digital Signature Verification Bypass Vulnerability in Some Huawei Routers
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-01-ar-en
Security Advisory - Signature Verification Bypass Vulnerability in Some Huawei Mobile Phones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-01-phone-en
OpenSSL vulnerability CVE-2019-1559
https://support.f5.com/csp/article/K18549143
HPESBST03915 rev.1 - HPE CVAE products, and Hitachi Infrastructure Analytics Advisor(HIAA) using JDK, Multiple Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us
IBM Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cloudant-local-apache-couchdb-cve-2018-17188-remote-privilege-escalations/
IBM Security Bulletin: This Power System update is being released to address CVE 2018-1992
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-update-is-being-released-to-address-cve-2018-1992/
IBM Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Oct 2018 - Includes Oracle Oct 2018 CPU
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2018-includes-oracle-oct-2018-cpu/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator (CVE-2018-2800, CVE-2018-2783)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-security-directory-integrator-cve-2018-2800-cve-2018-2783-2/
IBM Security Bulletin: Vulnerabilities in deserialization of openid connect cookie
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-deserialization-of-openid-connect-cookie/
IBM Security Bulletin: Vulnerability in Apache CXF
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apache-cxf/
IBM Security Bulletin: Vulnerabilities in WAS traditional and liberty
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-was-traditional-and-liberty/
IBM Security Bulletin: Vulnerability in IBM SDK, Java Technology Edition Quarterly CPU
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-sdk-java-technology-edition-quarterly-cpu/
IBM Security Bulletin: Vulnerabilities in 3RD PARTY XSS in IBM WebSphere CacheMonitor
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-3rd-party-xss-in-ibm-websphere-cachemonitor/
IBM Security Bulletin: Publicly Disclosed Vulnerability Found By vFinder (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vulnerability-found-by-vfinder-cve-2017-7656-cve-2017-7657-cve-2017-7658-cve-2018-12536/