End-of-Day report
Timeframe: Dienstag 11-06-2019 18:00 - Mittwoch 12-06-2019 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
News
Microsoft Releases June 2019 Office Updates With Security Fixes
Microsoft released the June 2019 Office Updates today, which consist of 13 security updates and 13 non-security updates. Given that some of the Microsoft Office security updates issued today also resolve critical vulnerabilities, it is strongly advised to install them as soon as possible.
https://www.bleepingcomputer.com/news/security/microsoft-releases-june-2019-office-updates-with-security-fixes/
Bad Cert Vulnerability Can Bring Down Any Windows Server
A Google security expert today revealed that an unpatched issue in the main cryptographic library in Microsofts operating system can cause a denial-of-service (DoS) condition on Windows 8 servers and above.
https://www.bleepingcomputer.com/news/security/bad-cert-vulnerability-can-bring-down-any-windows-server/
Ransomware identification for the judicious analyst
When facing a ransomware infection, it helps to be familiar with some tools as well as key points to identify ransomware correctly.
https://www.gdatasoftware.com/blog/2019/06/31666-ransomware-identification-for-the-judicious-analyst
RAMBleed: Rowhammer kann auch Daten auslesen
Mit Angriffen durch RAM-Bitflips lassen sich unberechtigt Speicherinhalte auslesen. Als Demonstration zeigen Forscher, wie sie mit Nutzerrechten einen RSA-Key eines SSH-Daemons auslesen können.
https://www.golem.de/news/rambleed-rowhammer-kann-auch-daten-auslesen-1906-141840-rss.html
DICOM Standard in Medical Devices
NCCIC is aware of a public report of a vulnerability in the DICOM (Digital Imaging and Communications in Medicine) standard with proof-of-concept (PoC) exploit code. The DICOM standard is the international standard to transmit, store, retrieve, print, process, and display medical imaging information. According to this report, the vulnerability is exploitable by embedding executable code into the 128 byte preamble. This report was released without coordination with NCCIC or any known vendor.
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-19-162-01
AVML - Acquire Volatile Memory for Linux
AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary. AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori. No on-target compilation or fingerprinting is needed.
https://github.com/microsoft/avml
Windows-Schwachstelle -Bluekeep-: Erneute Warnung vor wurmartigen Angriffen
Wurmartige Cyber-Angriffe mit den Schadprogrammen WannaCry und NotPetya haben im Jahr 2017 weltweit Millionenschäden verursacht und einzelne Unternehmen in Existenznöte gebracht. Ein vergleichbares Szenario ermöglicht die kritische Schwachstelle Bluekeep, die im Remote-Desktop-Protocol-Dienst (RDP) von Microsoft-Windows enthalten ist. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hatte bereits im Mai ebenso wie Microsoft vor dieser Schwachstelle gewarnt und
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Windows-Schwachstelle-Bluekeep_110619.html
Achtung vor angeblichen Microsoft-Anrufen
Eine neue Welle angeblicher Microsoft Anrufe rollt momentan über Österreich hinweg. Die Anrufer/innen behaupten, Probleme auf den Geräten der Betroffenen gefunden zu haben. Vorsicht: Es handelt sich um Betrüger/innen, die versuchen, Zugriff auf das System ihrer Opfer zu erhalten und Daten zu stehlen. Konsument/innen sollten derartige Anrufe umgehend beenden.
https://www.watchlist-internet.at/news/achtung-vor-angeblichen-microsoft-anrufen/
Vulnerabilities
Intel Releases Security Updates, Mitigations for Multiple Products
Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products
Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities resulting from old software components embedded in the firmware.
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-wago-852-industrial-managed-switch-series-cve-2019-12550-cve-2019-12549/
Patchday: Gefährliche Lücke in Aufgabenplanung von Windows 10 gepatcht
Microsoft hat jede Menge Sicherheitsupdates für Windows, Office und weitere Software veröffentlicht. Viele Lücke gelten als kritisch.
https://heise.de/-4444614
Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine
The Preempt research team found two critical Microsoft vulnerabilities that consist of three logical flaws in NTLM, the company-s proprietary authentication protocol. These vulnerabilities allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS. The research shows that all Windows versions are vulnerable.
https://www.helpnetsecurity.com/2019/06/11/microsoft-ntlm-vulnerabilities/
Security updates for Wednesday
Security updates have been issued by Debian (libgd2, mediawiki, otrs2, vlc, and zookeeper), Fedora (containernetworking-plugins, kernel, kernel-headers, nodejs-tough-cookie, podman, python-django, and python-urllib3), openSUSE (virtualbox), SUSE (gnome-shell, libcroco, and php7), and Ubuntu (dbus, Neovim, and vim).
https://lwn.net/Articles/790976/
Flaw in Evernote Extension Allows Hackers to Steal Data
A vulnerability identified by researchers in a popular Evernote extension for Chrome can be exploited by hackers to steal sensitive information from the websites accessed by a user. read more
https://www.securityweek.com/flaw-evernote-extension-allows-hackers-steal-data
MISP: Schwachstelle ermöglicht Privilegieneskalation
MISP ist eine Open-Source-Plattform für den Informationsaustausch über Bedrohungen.
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in MISP ausnutzen, um seine Privilegien zu erhöhen.
http://www.cert-bund.de/advisoryshort/CB-K19-0491
Security Advisory - DLL Hijacking Vulnerability on Huawei HiSuite
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190612-01-dllhijacking-en
IBM Security Bulletin: A security vulnerability has been idenfied in IBM SDK which affects IBM Db2 Query Management Facility for z/OS
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-has-been-idenfied-in-ibm-sdk-which-affects-ibm-db2-query-management-facility-for-z-os/