End-of-Day report
Timeframe: Dienstag 21-05-2019 18:00 - Mittwoch 22-05-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
New Zero-Day Exploit [Local Privilege Escalation, Anm.] for Bug in Windows 10 Task Scheduler
Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsofts monthly cycle of security updates.
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-bug-in-windows-10-task-scheduler/
Forthcoming OpenSSL Releases
These releases will be made available on 28th May 2019 between approximately 1200-1600 UTC. OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not address any CVEs. OpenSSL 1.1.1c is a bug-fix release (and contains the equivalent security hardening fixes as for 1.1.0k and 1.0.2s where relevant).
https://mta.openssl.org/pipermail/openssl-announce/2019-May/000150.html
Sophisticated Spear Phishing Campaigns using Homograph Attacks
Over the last few months we did some research on how to create phishing emails which are good enough to fool even security professionals. Therefore, we were looking into quite an old topic: Punycode domains and IDN homograph attacks.
https://www.offensity.com/en/newsroom/sophisticated-spear-phishing-campaigns-using-homograph-attacks/
Gefälschte Gewinn-SMS im Namen der Post führt in Abo-Falle
Konsument/innen erhalten eine gefälschte SMS-Nachricht im Namen der Post AG aufgrund einer angeblichen Gewinnspielteilnahme zugesandt. Wer dem Link folgt, an einer kurzen Umfrage teilnimmt und einen Gewinn auswählt, tappt in eine Abo-Falle. Es bleibt nämlich nicht bei der einmaligen Zahlung von 2 Euro für Adidas Schuhe, die nie geliefert werden, sondern es folgen laufend weitere Abbuchungen durch die ILS Company ApS.
https://www.watchlist-internet.at/news/gefaelschte-gewinn-sms-im-namen-der-post-fuehrt-in-abo-falle/
Vulnerabilities
Mozilla Firefox und Thunderbird: Mehrere Schwachstellen
Es bestehen mehrere Schwachstellen in Mozilla Thunderbird, Mozilla Firefox und Mozilla Firefox ESR. Ein Angreifer kann dies ausnutzen, um den Browser zum Absturz zu bringen, um Daten zu manipulieren, um Sicherheitsmechanismen zu umgehen, um vertrauliche Daten einzusehen oder schädlichen Programmcode auszuführen.
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/05/warnmeldung_tw-t19-0073.html
DoS Vulnerability in Huawei S Series Switch Products
Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. ... CVE-2019-5285.
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-01-switch-en
Security updates for Wednesday
Security updates have been issued by CentOS (ruby and wget), Debian (proftpd-dfsg), Fedora (firefox, mupdf, nss, and wavpack), openSUSE (evolution, GraphicsMagick, graphviz, libxslt, openssl-1_0_0, ovmf, and sqlite3), Red Hat (dotnet, python27-python and python27-python-jinja2, and rh-mariadb102-mariadb and rh-mariadb102-galera), Slackware (mozilla), SUSE (gnutls, java-1_7_1-ibm, and java-1_8_0-ibm), and Ubuntu (curl, firefox, php5, and webkit2gtk).
https://lwn.net/Articles/789132/
Computrols CBAS Web
https://ics-cert.us-cert.gov/advisories/ICSA-19-141-01
Mitsubishi Electric MELSEC-Q Series Ethernet Module
https://ics-cert.us-cert.gov/advisories/ICSA-19-141-02
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-algo-credit-manager-7/
IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM License Key Server Administration and Reporting Tool and Agent
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-in-ibm-java-runtime-affect-ibm-license-key-server-administration-and-reporting-tool-and-agent/
IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack due to incorrect permissions on MQ directories. (CVE-2019-4078)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-to-a-privilege-escalation-attack-due-to-incorrect-permissions-on-mq-directories-cve-2019-4078/
IBM Security Bulletin: IBM MQ is vulnerable to a denial of service attack within the error logging function (CVE-2019-4039)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-within-the-error-logging-function-cve-2019-4039/