Tageszusammenfassung - 02.07.2019

End-of-Day report

Timeframe: Montag 01-07-2019 18:00 - Dienstag 02-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a

News

Network Time Security: Sichere Uhrzeit übers Netz

Fast alle modernen Geräte synchronisieren ihre Uhrzeit übers Internet. Das dafür genutzte Network Time Protocol ist nicht gegen Manipulationen geschützt - bisher. Mit der Erweiterung Network Time Security soll sich das ändern.

https://www.golem.de/news/network-time-security-sichere-uhrzeit-uebers-netz-1907-142137-rss.html

---

IT-Sicherheit: BSI erarbeitet neue Mindeststandards für Browser

Vor zwei Jahren formulierte das Bundesamt für Sicherheit in der Informationstechnik Anforderungen an sichere Browser. Nun soll das Dokument aktualisiert werden, um Kommentierung wird gebeten.

https://www.golem.de/news/it-sicherheit-bsi-erarbeitet-neue-mindeststandards-fuer-browser-1907-142261-rss.html

---

Using Powershell in Basic Incident Response - A Domain Wide "Kill-Switch", (Tue, Jul 2nd)

Now that we have the hashes for all the running processes in the AD Domain, and also have the VT Score for each hash in the system, how can we use this information? Incident Response comes immediately to mind for me. If you've ever been in a medium-to-large-scale "incident", the situation that you often find is 'we know everything seems to be infected, but out of thousands of machines, which ones are actually infected right now?

https://isc.sans.edu/diary/rss/25088

---

Tale of a Windows Error Reporting Zero-Day (CVE-2019-0863)

In December 2018, a hacker who goes by the alias -SandboxEscaper- publicly disclosed a zero-day vulnerability in the Windows Error Reporting (WER) component. Digging deeper into her submission, I discovered another zero-day vulnerability, which could be abused to elevate system privileges. According to the Microsoft advisory, attackers exploited this bug as a zero-day in the wild until the patch was released in May 2019. So how did this bug work exactly?

https://unit42.paloaltonetworks.com/tale-of-a-windows-error-reporting-zero-day-cve-2019-0863/

---

Firefox 68: Mozilla behebt Konflikte zwischen Browser und Antiviren-Software

Frühere Firefox-Versionen kollidierten häufig mit AV-Software; Fehlermeldungen und Verbindungsprobleme waren die Folge. Mit Version 68 soll sich das ändern.

https://heise.de/-4460657

---

The art and science of password hashing

The recent FlipBoard breach shines a spotlight again on password security and the need for organizations to be more vigilant. Password storage is a critical area where companies must take steps to ensure they don-t leave themselves and their customer data vulnerable. Storing passwords in plaintext is recognized as a major cybersecurity blunder.

https://www.helpnetsecurity.com/2019/07/02/password-hashing/

---

SD-WAN Security Assessment: The First Hours

SD-WAN Security Assessment: The First HoursIntroductionSuppose you need to perform a security assessment of an SD-WAN solution.There are several reasons for this and one of them is selecting an SD-WAN provider or product.A traditional SD-WAN system involves many planes, technologies, mechanisms, services, protocols and features.It has distributed and multilayered architecture. So where should you start?

http://www.scada.sl/2019/07/sd-wan-security-assessment-first-hours.html

---

Achtung Fake: cyberino.store

Bestellen Sie nicht bei cyberino.store, denn Sie werden Ihre Ware nie erhalten. Es handelt sich um einen Fake-Shop!

https://www.watchlist-internet.at/news/achtung-fake-cyberinostore/

---

In eigener Sache: CERT.at sucht Verstärkung

Für unsere täglichen Routineaufgaben suchen wir derzeit 1 Berufsein- oder -umsteiger/in mit ausgeprägtem Interesse an IT-Security, welche/r uns bei den täglich anfallenden Standard-Aufgaben unterstützt. Details finden sich auf unserer Jobs-Seite.

http://www.cert.at/services/blog/20190702153623-2489.html

Vulnerabilities

SquirrelMail XSS

When viewing e-mails in HTML mode (not active by default) SquirrelMail applies a custom sanitization step in an effort to remove possibly malicious script and other content from the viewed e-mail. Due to improper handling of RCDATA and RAWTEXT type elements, the HTML parser used in this process shows differences compared to real user agent behavior. Exploiting these differences JavaScript code can be introduced which is not removed.

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt

---

Patchday: Android und das löchrige Media Framework

Google hat Sicherheitsupdates veröffentlicht, die kritische Lücken in Pixel-Smartphones schließen.

https://heise.de/-4460308

---

VMSA-2019-0010

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)

https://www.vmware.com/security/advisories/VMSA-2019-0010.html

---

Security updates for Tuesday

Security updates have been issued by Arch Linux (firefox, firefox-developer-edition, libarchive, and vlc), CentOS (firefox, thunderbird, and vim), Debian (firefox-esr, openssl, and python-django), Fedora (glpi and xen), Mageia (thunderbird), openSUSE (ImageMagick, irssi, libheimdal, and phpMyAdmin), Red Hat (libssh2 and qemu-kvm), Scientific Linux (firefox, thunderbird, and vim), SUSE (389-ds, cf-cli, curl, dbus-1, dnsmasq, evolution, glib2, gnutls, graphviz, java-1_8_0-openjdk, and libxslt), [...]

https://lwn.net/Articles/792595/

---

Linux kernel vulnerability CVE-2019-3896

https://support.f5.com/csp/article/K04327111

---

TMM vulnerability CVE-2019-6628

https://support.f5.com/csp/article/K04730051

---

F5 TMUI and iControl Rest vulnerability CVE-2019-6634

https://support.f5.com/csp/article/K64855220

---

iControl REST vulnerability CVE-2019-6637

https://support.f5.com/csp/article/K29149494

---

TMM vulnerability CVE-2019-6629

https://support.f5.com/csp/article/K95434410

---

BIG-IP HTTP profile vulnerability CVE-2019-6631

https://support.f5.com/csp/article/K19501795

---

iControl REST vulnerability CVE-2019-6620

https://support.f5.com/csp/article/K20445457

---

iControl REST and tmsh vulnerability CVE-2019-6621

https://support.f5.com/csp/article/K20541896

---

iControl REST vulnerability CVE-2019-6641

https://support.f5.com/csp/article/K22384173

---

BIG-IP TMUI vulnerability CVE-2019-6625

https://support.f5.com/csp/article/K79902360

---

iControl REST vulnerability CVE-2019-6638

https://support.f5.com/csp/article/K67825238

---

SNMP vulnerability CVE-2019-6640

https://support.f5.com/csp/article/K40443301

---

BIG-IP Appliance mode vulnerability CVE-2019-6633

https://support.f5.com/csp/article/K73522927

---

BIG-IP Appliance mode vulnerability CVE-2019-6635

https://support.f5.com/csp/article/K11330536

---

vCMP vulnerability CVE-2019-6632

https://support.f5.com/csp/article/K01413496

---

F5 SSL Orchestrator vulnerability CVE-2019-6630

https://support.f5.com/csp/article/K33444350

---

F5 SSL Orchestrator vulnerability CVE-2019-6627

https://support.f5.com/csp/article/K36320691

---

BIG-IP AFM and PEM TMUI XSS vulnerability CVE-2019-6639

https://support.f5.com/csp/article/K61002104

---

iControl REST vulnerability CVE-2019-6622

https://support.f5.com/csp/article/K44885536

---

TMM vulnerability CVE-2019-6623

https://support.f5.com/csp/article/K72335002

---

BIG-IP TMUI XSS vulnerability CVE-2019-6626

https://support.f5.com/csp/article/K00432398

---

IP Intelligence Feed List TMUI vulnerability CVE-2019-6636

https://support.f5.com/csp/article/K68151373