End-of-Day report
Timeframe: Dienstag 02-07-2019 18:00 - Mittwoch 03-07-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Trickbot Trojan Now Has a Separate Cookie Stealing Module
Trickbot trojan now comes with a separate module for stealing browser cookies, threat researchers found on Tuesday, marking new progress in the malwares development.
https://www.bleepingcomputer.com/news/security/trickbot-trojan-now-has-a-separate-cookie-stealing-module/
Heres a great idea: Why dont we hardcode the same private key into all our smart home hubs?
Another day, another appalling Internet of S**t security flaw Smart home company Zipato hardcoded the same private SSH key into every one of its hubs, leaving its system open to hacking, researchers revealed this week.
http://go.theregister.com/feed/www.theregister.co.uk/2019/07/03/zipato_hardcoded_key/
Vulnerabilities in Nexus Repository left thousands of artifacts exposed
In the Nexus repository there are 2 main problems (unrelated to each other) that arise from the default settings: * The default user is always set to be admin/admin123 - CWE-521 * Any unauthenticated user can read/download resources from Nexus - CWE-276 This means all the images in the repository can be download just by accessing the repository, with no authentication needed, or by authenticating as the default admin account if unchanged.
https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed/
Vulnerabilities
Security Camera Firm Arlo Zaps High-Severity Bugs
Bugs in Arlo Technologies- equipment allow a local attacker to take control of Alro wireless home video security cameras.
https://threatpost.com/arlo-zaps-high-severity-bugs/146216/
Magento 2.3.1: Unauthenticated Stored XSS to RCE
This blog post shows how the combination of a HTML sanitizer bug and a Phar Deserialization in the popular eCommerce solution Magento <=2.3.1 lead to a high severe exploit chain. This chain can be abused by an unauthenticated attacker to fully takeover certain Magento stores and to redirect payments.
https://blog.ripstech.com/2019/magento-rce-via-xss/
Websites can feed Tridactyl fake key events
Malicious websites could feed keys to Tridactyl which it would execute as if a user had pressed them, outside of the command line. If the native messenger was installed, an attacker could execute arbitrary programs ... All Tridactyl versions released between September 2018 and June 14th 2019 were affected, i.e. 1.14.0 <= v <= 1.14.10 and 1.15.0.
https://github.com/tridactyl/tridactyl/security/advisories/GHSA-7qr7-93pf-hr8f
Security updates for Wednesday
Security updates have been issued by Debian (pdns), Fedora (kernel and kernel-headers), Mageia (cgit and firefox), Oracle (libssh2 and qemu-kvm), Red Hat (openstack-ironic-inspector, openstack-tripleo-common, and qemu-kvm-rhev), Scientific Linux (libssh2 and qemu-kvm), SUSE (bzip2, cronie, libtasn1, nmap, php7, php72, python-Twisted, and taglib), and Ubuntu (thunderbird and znc).
https://lwn.net/Articles/792705/
QEMU: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.
Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
http://www.cert-bund.de/advisoryshort/CB-K19-0563
FreeBSD Project FreeBSD OS: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen in FreeBSD Project FreeBSD OS ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand hervorrufen, Informationen einzusehen oder seine Privilegien zu eskalieren.
http://www.cert-bund.de/advisoryshort/CB-K19-0561
Vuln: Schneider Electric Modicon Controllers CVE-2019-6819 Denial of Service Vulnerability
http://www.securityfocus.com/bid/109004
Cisco Prime Infrastructure and Evolved Programmable Network Manager Virtual Domain Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-prime-privescal
IBM Security Bulletin: Security vulnerability in IBM Java SDK affect Rational Build Forge (CVE-2019-2684)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerability-in-ibm-java-sdk-affect-rational-build-forge-cve-2019-2684/
IBM Security Bulletin:IBM Content Navigator is affected by a local file inclusion vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletinibm-content-navigator-is-affected-by-a-local-file-inclusion-vulnerability/
IBM Security Bulletin: Vulnerability in kernel affects Power Hardware Management Console (CVE-2018-14633)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-kernel-affects-power-hardware-management-console-cve-2018-14633/
IBM Security Bulletin: Guardium StealthBits Integration is affected by an SQLite vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-guardium-stealthbits-integration-is-affected-by-an-sqlite-vulnerability-2/
IBM Security Bulletin: IBM Tivoli Netcool Impact Session Management - Session Fixation
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-netcool-impact-session-management-session-fixation/
IBM Security Bulletin: IBM Application Performance Management could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names (CVE-2019-4131)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-application-performance-management-could-allow-a-remote-attacker-to-induce-the-application-to-perform-server-side-dns-lookups-of-arbitrary-domain-names-cve-2019-4131/
IBM Security Bulletin: Vulnerability in IBM® WebSphere- Application Server and IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2018-1901)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-websphere-application-server-and-ibm-websphere-application-server-liberty-affects-ibm-spss-analytic-server-cve-2018-1901/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-collaboration-and-deployment-services-3/
IBM Security Bulletin: It is possible to download arbitrary server files via ViewONE server (CVE-2019-4260)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-it-is-possible-to-download-arbitrary-server-files-via-viewone-server-cve-2019-4260/
IBM Security Bulletin: Vulnerability in IBM HTTP Server affects IBM Netezza Performance Portal
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-http-server-affects-ibm-netezza-performance-portal/
HPESBHF03943 rev.1 - Certain HPE Servers using AMD EPYC 7001 series Processors, Local Disclosure of Information
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_us