End-of-Day report
Timeframe: Dienstag 09-04-2019 18:00 - Mittwoch 10-04-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability
A complex attack chain incorporating the CVE-2018-20250 exploit and multiple code execution techniques attempted to run a fileless PowerShell backdoor that could allow an adversary to take full control of compromised machines.
https://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/
Pentesting: Nutzen, Rechtliches und Kosten
Immer mehr Schwachstellen in Produkten des täglichen Bedarfs wie intelligenten Appliances, Routern und anderen verbundenen Geräten werden publik und Benutzer beginnen die zugrunde liegenden Verfahren (oder deren Fehlen) zu hinterfragen, um ihre privaten Informationen zu schützen. Hier finden Sie eine wichtige und effiziente Methode zur Verbesserung des Sicherheitsniveaus von Netzwerken und diversen Anwendungen.
https://sec-consult.com/blog/2019/04/pentesting-nutzen-rechtliches-und-kosten/
A Peek Into the Toolkit of the Dangerous Triton Hackers
Security firm FireEye is naming a collection of tools it says might help identify more of the digital saboteurs intrusions.
https://www.wired.com/story/triton-hacker-toolkit-fireeye
Umfrage: Unternehmen unterschätzen Gefahr durch Cyber-Sicherheitsvorfälle
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Cyber-Sicherheitsumfrage-100419.html
Vulnerabilities
Its raining patches, Hallelujah! Microsoft and Adobe put out their latest major fixes
Hefty patch Tuesday checks in at just under 100 CVEs. For Microsoft, the monthly flaw folder fixes for a total of 74 CVE-listed security bugs in Windows and Office. Of those, 33 are flaws which, if exploited, would allow the attacker to achieve remote code execution. Adobe, meanwhile, has kicked out updates for Acrobat and Reader that address 21 remote code execution flaws in the PDF app. Flash Player also got an update this month. For SAP, the month brings 11 security updates.
https://www.theregister.co.uk/2019/04/09/patch_tuesday_april/
Security updates for Wednesday
Security updates have been issued by Debian (samba and spip), openSUSE (samba), Red Hat (flash-plugin), Scientific Linux (kernel and openssh), SUSE (clamav and xen), and Ubuntu (apache2).
https://lwn.net/Articles/785466/
Vuln: WordPress Wordfence Plugin Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/107804
IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server in IBM Cloud January 2019 CPU
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-in-ibm-cloud-january-2019-cpu/
IBM Security Bulletin: BigFix WebUI is affected by vulnerabilities CVE-2019-4013 and CVE-2019-4012
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-webui-is-affected-by-vulnerabilities-cve-2019-4013-and-cve-2019-4012/
IBM Security Bulletin: IBM MQ Console is vulnerable to a man in the middle attack (CVE-2018-1925)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-console-is-vulnerable-to-a-man-in-the-middle-attack-cve-2018-1925/
IBM Security Bulletin: BigFix Platform 9.2.x affected by multiple vulnerabilities (CVE-2017-1231, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-2-x-affected-by-multiple-vulnerabilities-cve-2017-1231-cve-2018-5407-cve-2012-5883-cve-2012-6708-cve-2015-9251/
IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-in-ibm-cloud-7/
IBM Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-embedded-websphere-application-server-6/
IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect for Workstations Central Administration Console (CVE-2014-7810, CVE-2018-8039, CVE-2018-1901)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-websphere-application-server-liberty-affect-ibm-spectrum-protect-for-workstations-central-administration-console-cve-2014-7810-cve-2018-8039-cve-2/