End-of-Day report
Timeframe: Freitag 14-06-2019 18:00 - Montag 17-06-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
U.S. Govt Achieves BlueKeep Remote Code Execution, Issues Alert
The Cybersecurity and Infrastructure Security Agency (CISA) published an alert for Windows users to patch the critical severity Remote Desktop Services (RDS) RCE security flaw dubbed BlueKeep.
https://www.bleepingcomputer.com/news/security/us-govt-achieves-bluekeep-remote-code-execution-issues-alert/
Ermittler entschlüsselten neue Version der GandCrab-Ransomware
Wer Opfer der Ransomware wurde, kann die Schadsoftware mit dem neuen Tool kostenfrei entfernen.
https://futurezone.at/netzpolitik/ermittler-entschluesselten-neue-version-der-gandcrab-ransomware/400526458
An infection from Rig exploit kit, (Mon, Jun 17th)
[...] Today's diary reviews a recent example of infection traffic caused by Rig EK.
https://isc.sans.edu/diary/rss/25040
Überteuertes Visum für Kanada auf kanadaeta.com und kanada-eta.de
Zahlreiche verärgerte Konsument/innen berichten uns von überteuerten ETA-Anträgen (Electronic Travel Authorization) - also Reisegenehmigungen - auf kanadaeta.com und kanada-eta.de. Statt etwa 5 Euro auf der offiziellen Website der kanadischen Regierung werden hier zwischen 50 und 80 Euro für ein Visum verrechnet. Die Watchlist Internet empfiehlt: Die offizielle Regierungswebsite nutzen!
https://www.watchlist-internet.at/news/ueberteuertes-visum-fuer-kanada-auf-kanadaetacom-und-kanada-etade/
Security researcher finds critical XSS bug in Googles Invoice Submission Portal
Security bug would have allowed hackers access to one of Googles backend apps.
https://www.zdnet.com/article/security-researcher-finds-critical-xss-bug-in-googles-invoice-submission-portal/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Arch Linux (chromium and thunderbird), Debian (php-horde-form, pyxdg, thunderbird, and znc), Fedora (containernetworking-plugins, mediawiki, and podman), openSUSE (chromium), Red Hat (bind, chromium-browser, and flash-plugin), SUSE (docker, glibc, gstreamer-0_10-plugins-base, gstreamer-plugins-base, postgresql10, sqlite3, and thunderbird), and Ubuntu (firefox).
https://lwn.net/Articles/791277/
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-for-unix-2/
IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-platform-ui-is-vulnerable-to-a-cross-site-request-forgery-attack-cve-2019-4142/
IBM Security Bulletin: Vulnerability in strongswan affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-strongswan-affects-qlogic-8gb-intelligent-pass-thru-module-and-san-switch-module-for-ibm-bladecenter/
IBM Security Bulletin: Vulnerabilities in OpenSSL and strongswan affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-openssl-and-strongswan-affect-ibm-flex-system-fc3171-8gb-san-switch-san-pass-thru/
IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-fabric-os-firmware-for-brocade-8gb-san-switch-module-for-bladecenter-is-affected-by-vulnerabilities-in-openssl-and-openssh/