End-of-Day report
Timeframe: Donnerstag 21-03-2019 18:00 - Freitag 22-03-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Analysis of SeroMiner Trojan, combine multiple anti-analytic techniques
Foreword Recently, 360 security brain intercepted a mining Trojan 'SeroMiner'. The Trojan behavior is too concealed to be discovered its mining behavior from the security [...]
https://blog.360totalsecurity.com/en/analysis-of-serominer-trojan-combine-multiple-anti-analytic-techniques/
SigSpoof 4: Bypassing signature verification in Yarn package manager (CVE-2018-12556)
This attack on GnuPG signature verification is specific to yarn, thepackage manager. It can give a powerful attacker the ability toreplace the Yarn installation with arbitrary code. There areadditional protections in place, so if you are using Yarn, youprobably do not need to worry too much about it.
https://neopg.io/blog/yarn-signature-bypass/
Over 100,000 GitHub repos have leaked API or cryptographic keys
Thousands of new API or cryptographic keys leak via GitHub projects every day.
https://www.zdnet.com/article/over-100000-github-repos-have-leaked-api-or-cryptographic-keys/
Vulnerabilities
Security updates for Friday
Security updates have been issued by CentOS (firefox), Debian (cron and ntfs-3g), Fedora (firefox, ghostscript, libzip, python2-django1.11, PyYAML, tcpflow, and xen), Mageia (ansible, firefox, and ImageMagick/GraphicsMagick), Red Hat (ghostscript), Scientific Linux (firefox and ghostscript), SUSE (libxml2, unzip, and wireshark), and Ubuntu (firefox, ghostscript, libsolv, ntfs-3g, p7zip, and snapd).
https://lwn.net/Articles/783757/
IBM Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-service-vulnerability-in-websphere-application-server-cve-2019-4046/
IBM Security Bulletin: Potential denial of service in Liberty for Java for IBM Cloud (CVE-2018-10237)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-service-in-liberty-for-java-for-ibm-cloud-cve-2018-10237/
ICMP PMTU messages are forwarded to the server side when the TCP proxy-mss setting is enabled in the associated profile
https://support.f5.com/csp/article/K52510343
The BIG-IP SMTPS virtual server may fail to properly restrict I/O buffering, allowing attackers to insert commands into encrypted SMTP sessions
https://support.f5.com/csp/article/K23284054
BIG-IP SNMPD vulnerability CVE-2019-6608
https://support.f5.com/csp/article/K12139752
REST Framework vulnerability CVE-2019-6602
https://support.f5.com/csp/article/K11818407
BIG-IP snmpd vulnerability CVE-2019-6606
https://support.f5.com/csp/article/K35209601
TMM vulnerability CVE-2019-6603
https://support.f5.com/csp/article/K14632915
When authentication is set to require, the Client SSL or Server SSL profile does not report an error when it has an associated invalid CRL
https://support.f5.com/csp/article/K15732489