End-of-Day report
Timeframe: Dienstag 28-05-2019 18:00 - Mittwoch 29-05-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Researchers uncover smart padlock's dumb security
Pen Test Partners has found some major security flaws in the Bluetooth Nokelock that consumers might like to know about.
https://nakedsecurity.sophos.com/2019/05/29/researchers-uncover-smart-padlocks-dumb-security/
CVE-2019-0725: An Analysis of Its Exploitability
May's Patch Tuesday saw what is likely to be one of the most prominent vulnerabilities this year with the "wormable" Windows Terminal Services vulnerability (CVE-2019-0708). However, there's another remote code execution (RCE) vulnerability that would be hard to ignore: CVE-2019-0725, an RCE vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) Server.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/3268yMf2sDY/
Learning to Rank Strings Output for Speedier Malware Analysis
Reverse engineers, forensic investigators, and incident responders have an arsenal of tools at their disposal to dissect malicious software binaries. When performing malware analysis, they successively apply these tools in order to gradually gather clues about a binary's function, design detection methods, and ascertain how to contain its damage. One of the most useful initial steps is to inspect its printable characters via the Strings program.
http://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-strings-output-for-speedier-malware-analysis.html
Docker: Lücke erlaubt Root-Zugriff auf Dateien
Über eine Lücke in allen Docker-Versionen könnten Angreifer ihre Privilegien erweitern. Exploit-Code ist verfügbar; der Patch steckt noch im Review-Prozess.
https://heise.de/-4434730
A dive into Turla PowerShell usage
ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only
https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
Google Researcher Finds Code Execution Vulnerability in Notepad
Google Project Zero researcher Tavis Ormandy revealed on Tuesday that he identified a code execution vulnerability in Microsoft-s Notepad text editor.
https://www.securityweek.com/google-researcher-finds-code-execution-vulnerability-notepad
diekundenexperten.at für Versicherungsrücktritte ist unseriös
Auf diekundenexperten.at wird Konsument/innen ein Angebot präsentiert, welches beim Rücktritt von Lebensversicherungen ohne Geldverlust und Risiko helfen soll. Die Behauptungen sind allerdings nicht mit geltendem Recht vereinbar und es sind weder ein Impressum noch sonstige Informationen über die Website-Betreiber/innen auffindbar. Aufgrund dieser Mängel raten wir von einer Übermittlung persönlicher Informationen ab.
https://www.watchlist-internet.at/news/diekundenexpertenat-fuer-versicherungsruecktritte-ist-unserioes/
Proofpoint Q1 2019 Threat Report: Emotet carries the quarter with consistent high-volume campaigns
https://www.proofpoint.com/us/threat-insight/post/proofpoint-q1-2019-threat-report-emotet-carries-quarter-consistent-high-volume
Vulnerabilities
Emerson Ovation OCR400 Controller
This advisory includes mitigations for stack-based buffer overflow and heap-based buffer overflow vulnerabilities reported in Emersons Ovation OCR400 Controller.
https://ics-cert.us-cert.gov/advisories/ICSA-19-148-01
Security updates for Wednesday
Security updates have been issued by Arch Linux (webkit2gtk), Debian (kernel and libav), Fedora (c3p0 and community-mysql), Scientific Linux (pacemaker), SUSE (axis, libtasn1, NetworkManager, sles12sp3-docker-image, sles12sp4-image, system-user-root, and xen), and Ubuntu (freerdp, GNU Screen, keepalived, and thunderbird).
https://lwn.net/Articles/789709/
About the security content of iCloud for Windows 7.12
https://support.apple.com/kb/HT210125
About the security content of iTunes for Windows 12.9.5
https://support.apple.com/kb/HT210124
Security Advisory - Remote Code Execution Vulnerability in Some Microsoft Windows Systems
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190529-01-windows-en
Security Advisory - Some Huawei 4G LTE devices are exposed to a message replay vulnerability
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190529-01-replay-en
IBM Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in Drupal core (CVE-2019-10909 CVE-2019-10910 CVE-2019-10911)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-drupal-core-cve-2019-10909-cve-2019-10910-cve-2019-10911/
IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-cloud-app-management-v2018-4-1-2/
IBM Security Bulletin: A vulnerability in Google Guava could affect IBM Cloud App Management V2018
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-google-guava-could-affect-ibm-cloud-app-management-v2018/
Next End-of-Day report: 2019-05-31