End-of-Day report
Timeframe: Dienstag 04-06-2019 18:00 - Mittwoch 05-06-2019 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
We Decide What You See: Remote Code Execution on a Major IPTV Platform
Check Point Research discerned there to be over 1000 providers of this service with quite likely very high numbers of worldwide customers. As this vulnerability has been patched, we can now reveal what was involved.
https://research.checkpoint.com/we-decide-what-you-see-remote-code-execution-on-a-major-iptv-platform/
Its alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign
Cisco Talos recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. We assess that the attackers carried out these operations between January and April 2019 in an effort to install malware on users machines via malicious documents.
https://blog.talosintelligence.com/2019/06/frankenstein-campaign.html
Warnung vor den Geschäftspraktiken bei FutureNet
FutureNet der BCU Trading LLC aus Dubai verspricht User/innen leicht zu verdienendes Geld. Zum einen soll durch das Kaufen von -AdPacks- und Anklicken von Werbungen, zum anderen durch das Anwerben neuer Nutzer/innen Geld verdient werden können. Es häufen sich aber die Meldungen zu ausbleibenden Zahlungen und das polnische Amt für Wettbewerb und Verbraucherschutz (UOKIK) warnt wegen dem Verdacht auf ein Pyramidensystem vor dem Unternehmen.
https://www.watchlist-internet.at/news/warnung-vor-den-geschaeftspraktiken-bei-futurenet/
Vulnerabilities
Sicherheitslücke: VIM-Modelines erlauben Codeausführung
Im Texteditor VIM wurde eine Sicherheitslücke gefunden, bei der ein speziell präpariertes Dokument Code ausführen kann. Die dafür genutzte Funktion der Modelines ist nur auf manchen Systemen aktiv.
https://www.golem.de/news/sicherheitsluecke-vim-modelines-erlauben-codeausfuehrung-1906-141710-rss.html
phpmyadmin: PMASA-2019-4
CSRF vulnerability in login form
Affected Versions: All versions prior to phpMyAdmin 4.9.0 are affected, probably at least as old as version 4.0 (perhaps even earlier)
CVE ID: CVE-2019-12616
https://www.phpmyadmin.net/security/PMASA-2019-4/
phpmyadmin: PMASA-2019-3
SQL injection in Designer feature
Affected Versions: phpMyAdmin versions prior to 4.8.6 are affected.
CVE ID: CVE-2019-11768
https://www.phpmyadmin.net/security/PMASA-2019-3/
Django security releases issued: 2.2.2, 2.1.9 and 1.11.21
* CVE-2019-12308: AdminURLFieldWidget XSS
* Patched bundled jQuery for CVE-2019-11358: Prototype pollution
https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
Wireless Presenter von Logitech und Inateck anfällig für Angriffe über Funk
Die Pentesting-Firma SySS hat bereits zum wiederholten Male Sicherheitslücken in Wireless-Presenter-Systemen gefunden, über die sich Systeme kapern lassen.
https://heise.de/-4439795
Security updates for Wednesday
Security updates have been issued by Debian (python-django), openSUSE (curl and libtasn1), Oracle (kernel), Red Hat (etcd, kernel-alt, and rh-python36-python-jinja2), Scientific Linux (thunderbird), SUSE (libvirt), and Ubuntu (db5.3, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws-hwe, linux-hwe, linux-oracle, linux-hwe, and linux-raspi2, linux-snapdragon).
https://lwn.net/Articles/790411/
PHOENIX CONTACT PLCNext AXC F 2152
https://ics-cert.us-cert.gov/advisories/ICSA-19-155-01
PHOENIX CONTACT FL NAT SMx
https://ics-cert.us-cert.gov/advisories/ICSA-19-155-02
Geutebrück G-Cam and G-Code
https://ics-cert.us-cert.gov/advisories/ICSA-19-155-03
2019-06-05: Multiple Vulnerabilities in ABB CP635 HMI
https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&LanguageCode=en&DocumentPartId=&Action=Launch
2019-06-05: Vulnerabilities in ABB PB610
https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch
2019-06-05: Vulnerabilities in ABB CP651 HMI
https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&LanguageCode=en&DocumentPartId=&Action=Launch
Security Advisory - XSS Vulnerability in Huawei HedEx products
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190605-01-hedex-en
IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server in IBM Cloud April 2019 CPU
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-in-ibm-cloud-april-2019-cpu/
IBM Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server used in IBM WebSphere Application Server in IBM Cloud (CVE-2019-0211 CVE-2019-0220)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-the-ibm-http-server-used-in-ibm-websphere-application-server-in-ibm-cloud-cve-2019-0211-cve-2019-0220/
IBM Security Bulletin: IBM Security Information Queue reveals internal data in application error messages
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-information-queue-reveals-internal-data-in-application-error-messages/
IBM Security Bulletin: IBM Security Information Queue does not prevent caching of sensitive pages
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-information-queue-does-not-prevent-caching-of-sensitive-pages/
IBM Security Bulletin: IBM Security Information Queue web application is vulnerable to clickjacking attack
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-information-queue-web-application-is-vulnerable-to-clickjacking-attack/
IBM Security Bulletin: IBM Security Information Queue web server allows downgrading to non-secure HTTP
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-information-queue-web-server-allows-downgrading-to-non-secure-http/
IBM Security Bulletin: IBM Security Information Queue discloses internal data left over from the product development phases
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-information-queue-discloses-internal-data-left-over-from-the-product-development-phases/
IBM Security Bulletin: Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-watson-openscale-liberty-java-node-js/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-rational-application-developer-for-websphere-software-7/
IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-the-java-runtime-environment-that-ibm-provides-affect-websphere-datapower-xc10-appliance-2/
TECSON/GOK Improper Authentication and Access Control on multiple devices
https://cert.vde.com/de-de/advisories/vde-2019-012