End-of-Day report
Timeframe: Montag 03-06-2019 18:00 - Dienstag 04-06-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
VU#576688: Microsoft windows RDP Network Level Authenticaion can bypass the Windows lock screen
Microsoft Windows Remote Desktop supports a feature called Network Level Authentication(NLA),which moves the authentication aspect of a remote session from the RDP layer to the network-layer. The use of NLA is recommended to reduce the attack surface of systems exposed using the RDP protocol.
https://kb.cert.org/vuls/id/576688
VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles
The Lazarus Group, generally linked to the North Korean government, is one of the most notorious threat groups seen in recent years. At VB2018 ESET researchers Peter Kálnai and Michal Poslu-ný presented a paper looking at the groups various campaigns. Today, we publish their paper and the recording of their presentation. Read more
https://www.virusbulletin.com:443/blog/2019/06/vb2018-paper-lazarus-group-mahjong-game-played-different-sets-tiles/
So schützen Sie sich vor Kleinanzeigen-Betrug
Kleinanzeigen-Plattformen erfreuen sich großer Beliebtheit. Sie bieten eine hervorragende Möglichkeit, alte Gegenstände zu verkaufen, die nicht mehr gebraucht werden, oder wahre Schnäppchen aus zweiter Hand zu ergattern. Doch Vorsicht: Sowohl hinter angeblichen Interessent/innen als auch Verkäufer/innen verstecken sich oft Kriminelle, die es nur auf das Geld oder die Ware ihrer Opfer abgesehen haben.
https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-kleinanzeigen-betrug/
Vulnerabilities
Android Security Bulletin - June 2019
The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
https://source.android.com/security/bulletin/2019-06-01.html
Potentielles Sicherheitsproblem in Mailserver-Software Exim - Patches ab 11. 6. verfügbar
Das Exim-Projekt hat am 4. 6. 2019 Vorab-Informationen zu einer schwerwiegenden Sicherheitslücke veröffentlicht. Entsprechende Patches sind bereits für Linux-Distributionen etc. verfügbar, und so können von diesen - zeitgleich mit Veröffentlichung des Patches - ab 11. 6. fehlerbereinigte Pakete ausgerollt werden.
http://www.cert.at/warnings/all/20190604.html
Security updates for Tuesday
Security updates have been issued by Arch Linux (python-django and python2-django), Debian (heimdal), Fedora (kernel, kernel-headers, kernel-tools, and sqlite), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork and GraphicsMagick), Oracle (thunderbird), Red Hat (systemd and thunderbird), SUSE (bind and firefox), and Ubuntu (qtbase-opensource-src).
https://lwn.net/Articles/790266/
IBM Security Bulletin: IBM InfoSphere Information Analyzer and Information Governance Catalog is affected by an Information Disclosure vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-information-analyzer-and-information-governance-catalog-is-affected-by-an-information-disclosure-vulnerability/
IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js denial of service vulnerability (CVE-2019-5737)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-node-js-denial-of-service-vulnerability-cve-2019-5737/
IBM Security Bulletin: Jazz for Service Management (JazzSM) could allow a remote attacker to conduct phishing attacks, using an open redirect attack (CVE-2019-4201)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-jazz-for-service-management-jazzsm-could-allow-a-remote-attacker-to-conduct-phishing-attacks-using-an-open-redirect-attack-cve-2019-4201/
IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere eXtreme Scale
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-the-java-runtime-environment-that-ibm-provides-affect-websphere-extreme-scale/
IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Malicious File Upload attack (CVE-2019-4056)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-malicious-file-upload-attack-cve-2019-4056/
IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Back and Refresh Attack (CVE-2019-4048)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-back-and-refresh-attack-cve-2019-4048/
IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4046)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2019-4046/
IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Reverse Tabnabbing (CVE-2018-2028)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-reverse-tabnabbing-cve-2018-2028/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/