End-of-Day report
Timeframe: Montag 15-04-2019 18:00 - Dienstag 16-04-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Behavioural aspects of cybersecurity
Technical cybersecurity measures do not exist in a vacuum and need to operate in harmony with people. Against this backdrop, ENISA publishes a report comprising four evidence-based reviews of human aspects of cybersecurity: two based on the use and effectiveness of models from social science, one on qualitative studies, and one on current practice within organisations.
https://www.enisa.europa.eu/news/enisa-news/behavioural-aspects-of-cybersecurity
The Outlook Winner is Dash
When trying to abuse the Office groups, I stepped on a single character group Dash . At first, I reserved the group Dash for the mail
- at example.com as it is somewhat uncommon to see a single -special- character mail address. The next morning (after the creation of this group), I had already received 5 mails.
https://blog.ettic.ca/the-outlook-winner-is-dash-ac15dbc4098d
Adobe Flash security tool Flashmingo debuts in open source community
In order to maintain adequate levels of security for Flash until its demise, a balance has to be met between spending time and resources auditing the software and the need for analysis. To assist the cause, cybersecurity firm FireEye has released Flashmingo, a framework for the automatic analysis of SWF files.
https://www.zdnet.com/article/security-tool-for-flash-flashmingo-released-to-open-source-community/
Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered
... the malware gains persistence on infected machines by installing a digitally-signed rootkit driver. Researchers believe attackers obtained the valid digital code-signing certificate fraudulently, which was originally issued to Yun Yu Health Management Consulting (Shanghai) Co., Ltd. and has not been revoked at the time of writing.
https://thehackernews.com/2019/04/scranos-rootkit-spyware.html
Vulnerabilities
New Malicious Medical DICOM Image Files Cause HIPAA Headache
Malicious DICOM files can be crafted to contain both CT and MRI scan imaging data and potentially dangerous PE executables, a process which can be used by threat actors to hide malware inside seemingly harmless files. [...]
https://www.bleepingcomputer.com/news/security/new-malicious-medical-dicom-image-files-cause-hipaa-headache/
Adblock Plus Filters Can Be Exploited to Run Malicious Code
An exploit has been discovered that could allow ad blocking filter list maintainers for the Adblock Plus, AdBlock, and uBlocker browser extensions to create filters that inject remote scripts into web sites. [...]
https://www.bleepingcomputer.com/news/security/adblock-plus-filters-can-be-exploited-to-run-malicious-code/
Security updates for Tuesday
Security updates have been issued by Debian (cacti and libxslt), Fedora (pcsc-lite and samba), Gentoo (gnutls, phpmyadmin, and tiff), openSUSE (apache2, clamav, dovecot23, nodejs10, SDL, and webkit2gtk3), Red Hat (mod_auth_mellon and rh-python36-python), SUSE (firefox, nspr, nss and python), and Ubuntu (libxslt and webkit2gtk).
https://lwn.net/Articles/786106/
IBM Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct for Microsoft Windows
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-for-microsoft-windows/
IBM Security Bulletin: IBM Planning Analytics Local is affected by multiple vulnerabilities (CVE-2018-12116, CVE-2018-12121, CVE-2018-12122, CVE-2018-12123)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-planning-analytics-local-is-affected-by-multiple-vulnerabilities-cve-2018-12116-cve-2018-12121-cve-2018-12122-cve-2018-12123/
IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in GNU glibc (CVE-2017-15804 CVE-2017-15670 CVE-2015-5180)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-vulnerabilities-in-gnu-glibc-cve-2017-15804-cve-2017-15670-cve-2015-5180/
IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in PHP (CVE-2018-14851 CVE-2017-9118)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-vulnerabilities-in-php-cve-2018-14851-cve-2017-9118/
IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in python (CVE-2018-1061 CVE-2018-1060 CVE-2016-5636)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-vulnerabilities-in-python-cve-2018-1061-cve-2018-1060-cve-2016-5636/
IBM Security Bulletin: Security vulnerability in Apache FOP affects IBM® Rational® Quality Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerability-in-apache-fop-affects-ibm-rational-quality-manager/
glibc vulnerability CVE-2019-9169
https://support.f5.com/csp/article/K54823184