End-of-Day report
Timeframe: Donnerstag 13-06-2019 18:00 - Freitag 14-06-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs
Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations- computing resources to use for malicious purposes and it remains a top security concern. In this blog post, we will detail an attack type where an API [...]
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/T-m0jjHJA_o/
Security and Privacy, Two Sides of the Same Coin
ENISA Annual Privacy Forum 2019
https://www.enisa.europa.eu/news/enisa-news/security-and-privacy-two-sides-of-the-same-coin
Phishing-Mails gaukeln Ende von WhatsApp-Abonnement vor
Eine aktuelle Phishing-Welle versucht, WhatsApp-Nutzer über ein angeblich auslaufendes Abonnement zur Preisgabe von Zahlungsdaten zu bewegen.
https://heise.de/-4447165
Linux servers under attack via latest Exim flaw
It didn-t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149). Active campaigns One security enthusiast detected exploitation attempts five days ago: [...]
https://www.helpnetsecurity.com/2019/06/14/exploiting-cve-2019-10149/
Adware and PUPs families add push notifications as an attack vector
Push notifications are being added to the arsenal of PUPs, adware, and even a Trojan browser extension that spams Facebook groups.
https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-push-notifications-as-an-attack-vector/
Yubico Replacing YubiKey FIPS Devices Due to Security Issue
Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA signatures generated on these devices to have reduced strength.
https://www.securityweek.com/yubico-replacing-yubikey-fips-devices-due-security-issue
French Authorities Release Free Decryptor for PyLocky Ransomware
The French Ministry of Interior has released a free decryption tool for the PyLocky ransomware to help victims recover their data.
https://www.securityweek.com/french-authorities-release-free-decryptor-pylocky-ransomware
MISP 2.4.109 released (aka cool-attributes-to-object)
MISP 2.4.109 releasedA new version of MISP (2.4.109) has been released with a host of new features, improvements, bug fixes and a minor security fix. We strongly advise all users to update their MISP installations to this latest version.
https://www.misp-project.org/2019/06/14/MISP.2.4.109.released.html
Vulnerabilities
BD Alaris Gateway Workstation
This medical advisory includes mitigations for improper access control and unrestricted upload of file with dangerous type vulnerabilities reported in BD-s Alaris Gateway Workstation.
https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01
Johnson Controls exacqVision Enterprise System Manager
This advisory includes mitigations for an improper authorization vulnerability reported in Johnson Controls exacqVision Enterprise System Manager.
https://ics-cert.us-cert.gov/advisories/ICSA-19-164-01
Xen Security Advisory XSA-295 - Unlimited Arm Atomics Operations
An attacker in a domU could perform a denial of service attack on Xen by accessing a memory region shared with the hypervisor, while Xen is performing an atomic operation on the same region. As a result Xen could end up looping boundlessly.
https://xenbits.xen.org/xsa/advisory-295.txt
Security updates for Friday
Security updates have been issued by Arch Linux (gvim, lib32-openssl, openssl, and vim), Debian (dbus), Fedora (dovecot, evince, js-jquery-jstree, libxslt, php-phpmyadmin-sql-parser, and phpMyAdmin), openSUSE (neovim and rubygem-rack), Oracle (docker-engine and python), Scientific Linux (python), Slackware (mozilla), and SUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, elfutils, libvirt, and python-requests).
https://lwn.net/Articles/791165/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-content-collector-for-sap-applications-2/
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-secure-proxy-5/
IBM Security Bulletin: IBM Tivoli Netcool Impact Remote Code Execution (CVE-2019-4103)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-netcool-impact-remote-code-execution-cve-2019-4103/
IBM Security Bulletin: IBM InfoSphere Information Server is affected by a XXE (XML External Entity) Injection vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-information-server-is-affected-by-a-xxe-xml-external-entity-injection-vulnerability/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-infosphere-information-server-7/
IBM Security Bulletin: IBM Notes 9 and Domino 9 are affected by Open Source James Clark Expat Vulnerabilities (CVE-2013-0340, CVE-2013-0341)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-notes-9-and-domino-9-are-affected-by-open-source-james-clark-expat-vulnerabilities-cve-2013-0340-cve-2013-0341/
IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cognos-controller-2019q2-security-updater-multiple-vulnerabilities-have-been-identified-in-ibm-cognos-controller/