End-of-Day report
Timeframe: Mittwoch 10-04-2019 18:00 - Donnerstag 11-04-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Introducing the security configuration framework: A prioritized guide to hardening Windows 10
The security configuration framework is designed to help simplify security configuration while still allowing enough flexibility to allow you to balance security, productivity, and user experience. We are defining discrete prescriptive Windows 10 security configurations (levels 5 through 1) to meet many of the common device scenarios we see today in the enterprise.
https://www.microsoft.com/security/blog/2019/04/11/introducing-the-security-configuration-framework-a-prioritized-guide-to-hardening-windows-10/
Selfie: reflections on TLS 1.3 with PSK
TLS 1.3 allows two parties to establish a shared session key from an out-of-band agreed Pre Shared Key (PSK). ... We identify a security vulnerability in this TLS 1.3 path, by showing a new reflection attack that we call ``Selfie. The Selfie attack breaks the mutual authentication. It leverages the fact that TLS does not mandate explicit authentication of the server and the client in every message.
https://eprint.iacr.org/2019/347
Amazon-Phishing-Mail im Umlauf
Kriminelle geben sich als amazon-Kundenservice aus und versuchen persönliche Daten abzugreifen. Angeblich arbeitet amazon derzeit daran, den Kundendatenschutz zu verbessern und bittet um die Überprüfung der persönlichen Kontodaten. Folgen Nutzer/innen den Anweisungen, übmittlen sie Betrüger/innen sämtliche Daten.
https://www.watchlist-internet.at/news/amazon-phishing-mail-im-umlauf/
Vulnerabilities
VU#192371: Multiple VPN applications insecurely store session cookies
Virtual Private Networks(VPNs)are used to create a secure connection with another network over the internet. Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. CWE-311:Missing Encryption of Sensitive Data The following products and versions store the cookie insecurely in log files: - Palo Alto Networks GlobalProtect prior to 4.1.0(CVE-2019-15373)- Pulse Secure Connect Secure prior to 8.1R14,8.2,8.3R6,and 9.0R2 The following products [...]
https://kb.cert.org/vuls/id/192371
Dragonblood: Angreifer können bei WPA3 unter Umständen WLAN-Passwörter knacken
Mehrere Sicherheitslücken in der WPA3-Personal-Anmeldung von WLANs erlauben es Angreifern unter bestimmten Umständen, den Traffic von Geräten abzuhören.
http://heise.de/-4393108
Juniper Networks fixt teils kritische Schwachstellen
Zahlreiche Netzwerkgeräte von Juniper sind anfällig für Remote-Angriffe. Der Hersteller hat Sicherheitshinweise und Updates veröffentlicht.
http://heise.de/-4397797
Security updates for Thursday
Security updates have been issued by Arch Linux (apache, evolution, gnutls, and thunderbird), Debian (wpa), Gentoo (git), Mageia (dovecot, flash-player-plugin, gpac, gpsd, imagemagick, koji, libssh2, libvirt, mariadb, ming, mumble, ntp, python, python3, squirrelmail, and wget), openSUSE (apache2), Red Hat (httpd24-httpd and httpd24-mod_auth_mellon), SUSE (libqt5-qtbase, openldap2, tar, and xmltooling), and Ubuntu (ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 and wpa).
https://lwn.net/Articles/785676/
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002
https://webkitgtk.org/security/WSA-2019-0002.html
IBM Security Bulletin: IBM API Connect-s Developer Portal(V5) is impacted by a critical local file Inclusion vulnerability (CVE-2019-4203)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-developer-portalv5-is-impacted-by-a-critical-local-file-inclusion-vulnerability-cve-2019-4203/
IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a CNI security vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-service-is-affected-by-a-cni-security-vulnerability/
IBM Security Bulletin: IBM API Connect-s Developer Portal(V5) is vulnerable to command injection (CVE-2019-4202)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-developer-portalv5-is-vulnerable-to-command-injection-cve-2019-4202/
IBM Security Bulletin: Security vulnerability in FlexNet Publisher affects IBM Rational License Key Server
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerability-in-flexnet-publisher-affects-ibm-rational-license-key-server/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-financial-transaction-manager-for-corporate-payment-services-for-multi-platform/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Check Services for Multi-Platform
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-financial-transaction-manager-for-check-services-for-multi-platform/
IBM Security Bulletin: A security vulnerabiltiy has been addressed in IBM Cognos Analytics (CVE-2019-4178)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabiltiy-has-been-addressed-in-ibm-cognos-analytics-cve-2019-4178/
IBM Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability (CVE-2018-0734)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-an-openssl-vulnerability-cve-2018-0734/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow, IBM Business Process Manager, and IBM WebSphere Lombardi Edition
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-process-designer-used-in-ibm-business-automation-workflow-ibm-business-process-manager-and-ibm-websphere-lombardi-editi/
BIG-IP APM URL classification vulnerability CVE-2019-6610
https://support.f5.com/csp/article/K42465020
HPESBHF03912 rev.2 - Certain HPE Servers with a UEFI-based BIOS, Multiple Local Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us
Apache Tomcat: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes
http://www.cert-bund.de/advisoryshort/CB-K19-0306
Red Hat OpenShift: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
http://www.cert-bund.de/advisoryshort/CB-K19-0305