End-of-Day report
Timeframe: Freitag 07-06-2019 18:00 - Dienstag 11-06-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Paketmanagement: Java-Dependencies über unsichere HTTP-Downloads
In zahlreichen Java-Projekten werden Abhängigkeiten ungeprüft über HTTP ohne TLS heruntergeladen. Ein Netzwerkangreifer kann dadurch trivial die Downloads manipulieren und Schadcode ausführen.
https://www.golem.de/news/paketmanagement-java-dependencies-ueber-unsichere-http-downloads-1906-141810-rss.html
Tip: Sysmon Will Log DNS Queries
[...] Mark announced a new version of Sysmon that will log DNS queries (and replies): [...]
https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/
Microsoft Office: Gefährliches RTF-Dokument bringt Backdoor-Trojaner mit
Derzeit nutzen Angreifer vermehrt eine zwei Jahre alte Office-Lücke aus, für die es bereits einen Patch gibt. Dabei stehen vor allem Ziele in Europa im Fokus.
https://heise.de/-4444187
China Telecom Routes European Traffic to Its Network for Two Hours
For two hours last week, a BGP route leak resulted in large portions of European Internet traffic being routed through China Telecom-s network. read more
https://www.securityweek.com/china-telecom-routes-european-traffic-its-network-two-hours
Bitcoin-Erpressungs-Mail mit erfundenen Webcam-Aufnahmen
Kriminelle versenden massenhaft E-Mails an Internet-Nutzer/innen, in denen sie behaupten, dass die Systeme der Empfänger/innen gehackt wurden. Sie geben an, dadurch Videos über die Webcam aufgenommen zu haben, die die Empfänger/innen beim Masturbieren zeigen sollen. Um eine Verbreitung der Aufnahmen zu verhindern, werden 2000 Euro in Bitcoins gefordert. Es besteht kein Grund zur Sorge, denn es handelt sich um einen Erpressungsversuch und die Videos existieren nicht.
https://www.watchlist-internet.at/news/bitcoin-erpressungs-mail-mit-erfundenen-webcam-aufnahmen/
Major HSM vulnerabilities impact banks, cloud providers, governments
Researchers disclose major vulnerabilities in HSMs (Hardware Security Modules).
https://www.zdnet.com/article/major-hsm-vulnerabilities-impact-banks-cloud-providers-governments/
Das CERT, das Wolf rief
Die Fabel ist bekannt: dem Hirtenjungen war fad, er schlug Alarm ("Wolf!"), um die Eintönigkeit zu vertreiben, und als dann der Wolf wirklich da war, hörte keiner mehr auf seinen Hilferuf. Wir haben regelmäßig ein ähnliches Thema: Wir sollen möglichst früh vor kommenden Problemen warnen, aber wenn der vorhergesagte Notfall doch nicht eintritt, dann senkt das unsere Glaubwürdigkeit.
http://www.cert.at/services/blog/20190611093533-2484.html
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe ColdFusion (APSB19-27), Adobe Flash Player (APSB19-30) and Adobe Campaign (APSB19-28). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided -AS IS- with no warranties and confers no rights.
https://blogs.adobe.com/psirt/?p=1760
SAP Security Patch Day - June 2019
This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242
Vulnerability Spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, including denial of service and the disclosure of sensitive information.
https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-multiple.html
Security updates for Monday
Security updates have been issued by Arch Linux (chromium and pam-u2f), Debian (cyrus-imapd), Fedora (curl, cyrus-imapd, kernel, kernel-headers, php, and vim), openSUSE (axis, bind, bubblewrap, evolution, firefox, gnome-shell, libpng16, and rmt-server), Oracle (edk2 and kernel), and SUSE (bind, cloud7, and libvirt).
https://lwn.net/Articles/790818/
Security updates for Tuesday
Security updates have been issued by CentOS (bind and thunderbird), Mageia (firefox, ghostscript, graphicsmagick, imagemagick, postgresql, and thunderbird), Oracle (kernel), Red Hat (Advanced Virtualization and rh-haproxy18-haproxy), SUSE (bind, gstreamer-0_10-plugins-base, thunderbird, and vim), and Ubuntu (elfutils, glib2.0, and libsndfile).
https://lwn.net/Articles/790875/
Synology-SA-19:26 Photo Station
These vulnerabilities allow remote attackers to obtain sensitive information or modify system settings via a susceptible version of Photo Station.
https://www.synology.com/en-global/support/security/Synology_SA_19_26
IBM Security Bulletin: IBM MQ Advanced Cloud Pak may print out plain text credentials in logs. (CVE-2019-4239)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud-pak-may-print-out-plain-text-credentials-in-logs-cve-2019-4239/
[20190603] - Core - ACL hardening of com_joomlaupdate
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_M8Ux7hoaTM/785-20190603-core-acl-hardening-of-com-joomlaupdate.html
[20190602] - Core - XSS in subform field
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/pYcjfxwUS9o/784-20190602-core-xss-in-subform-field.html
[20190601] - Core - CSV injection in com_actionlogs
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/XjAgqEhAS7g/783-20190601-core-csv-injection-in-com-actionlogs.html
# SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt
# SSA-557804: Mirror Port Isolation Vulnerability in SCALANCE X switches
https://cert-portal.siemens.com/productcert/txt/ssa-557804.txt
# SSA-480230: Denial-of-Service in Webserver of Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-480230.txt
# SSA-307392: Denial-of-Service in OPC UA in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt
# SSA-254686: Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt
# SSA-181018: Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C
https://cert-portal.siemens.com/productcert/txt/ssa-181018.txt
# SSA-816980: Multiple Web Vulnerabilities in SIMATIC Ident MV420 and MV440 families
https://cert-portal.siemens.com/productcert/txt/ssa-816980.txt
# SSA-774850: Vulnerabilities in SIEMENS LOGO!8 devices
https://cert-portal.siemens.com/productcert/txt/ssa-774850.txt
# SSA-646841: Recoverable Password from Configuration Storage in SCALANCE X Switches
https://cert-portal.siemens.com/productcert/txt/ssa-646841.txt
# SSA-212009: Vulnerabilities in Siveillance VMS
https://cert-portal.siemens.com/productcert/txt/ssa-212009.txt