End-of-Day report
Timeframe: Mittwoch 03-07-2019 18:00 - Donnerstag 04-07-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device
Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victims computer.
https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html
New Golang malware plays the Linux field in quest for cryptocurrency
F5 researchers say that Golang spreads through a total of seven methods; four exploits targeting ThinkPHP, Drupal, and Confluence; the use of SSH and Redis database misconfigurations or credentials, and the subsequent spread to other machines using any SSH keys the malware stumbles across.
https://www.zdnet.com/article/new-golang-malware-plays-the-field-in-quest-for-cryptocurrency/
Unfixable Seed Extraction on Trezor - A practical and reliable attack
An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$. This vulnerability affects Trezor One, Trezor T, Keepkey and all other Trezor clones. Unfortunately, this vulnerability cannot be patched and, for this reason, we decided not to give technical details about the attack to mitigate a possible exploitation in the field. However SatoshiLabs and Keepkey suggested users to either exclude physical attacks
https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/
File-Storage App 4shared Caught Serving Invisible Ads and Making Purchases Without Consent
With more than 100 million installs, file-sharing service 4shared is one of the most popular apps in the Android app store. But security researchers say the app is secretly displaying invisible ads and subscribes users to paid services, racking up charges without the users knowledge -- or their permission
https://it.slashdot.org/story/19/07/03/1738253/file-storage-app-4shared-caught-serving-invisible-ads-and-making-purchases-without-consent
Hohe finanzielle Verluste durch betrügerische Investments!
Konsument/innen stoßen auf aggressiv beworbene Investment-Möglichkeiten bei unzähligen Offshore-Unternehmen, die unglaubliche Gewinne versprechen. Angebote wie FXLeader, KeyMarkets, ELCurrency oder CFReserve sind hier beispielsweise zu nennen. Während einige Betroffene lediglich die 250 Euro Mindesteinsatz verlieren, gehen die Schäden bei anderen häufig in den fünf- oder gar sechsstelligen Bereich!
https://www.watchlist-internet.at/news/hohe-finanzielle-verluste-durch-betruegerische-investments/
Vulnerabilities
Benutzt hier jemand Little Snitch?Das ist so eine Personal ...
Benutzt hier jemand Little Snitch?Das ist so eine Personal Firewall für OS X, falls das jemandem nichts sagt. Immerhin ist das wohl nur eine locale privilege escalation, nicht über Netz.
http://blog.fefe.de/?ts=a3e3de34
Sicherheitsupdates: Cisco-Produkte für DoS-Angriffe und Schadcode anfällig
Es gibt abgesicherte Software für beispielsweise Web Security Appliance und Small Business Series Switches von Cisco.
https://heise.de/-4462730
Security updates for Thursday
Security updates have been issued by CentOS (libssh2 and qemu-kvm), Debian (lemonldap-ng), Fedora (tomcat), Oracle (kernel), and SUSE (elfutils, kernel, and php5).
https://lwn.net/Articles/792831/
Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-amp-commandinj
Cisco Web Security Appliance HTTPS Certificate Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-wsa-dos
Cisco Small Business Series Switches Memory Corruption Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-memcorrupt
Cisco Small Business Series Switches HTTP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-dos
Multiple Issues in Cisco Small Business 250/350/350X/550X Series Switches Firmware and Cisco FindIT Network Probe
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sb-switches-findit
Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-file-readwrite
Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-commandinj
Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass
Cisco Jabber for Windows DLL Preloading Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-jabber-dll
Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ip-phone-sip-dos
Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-iosxr-bgp-dos
Cisco Firepower Management Center RSS Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-fmc-xss
Cisco Email Security Appliance Content Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-esa-filterpass
Cisco Email Security Appliance Content Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-esa-bypass
Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos
Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucdm-rsh
Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ccapic-restapi
Cisco Web Security Appliance Web Proxy Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-asyncos-wsa
IBM Security Bulletin: Security vulnerability has been identified in IBM Java Runtime shipped with AppScan Standard (CVE-2019-2602)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerability-has-been-identified-in-ibm-java-runtime-shipped-with-appscan-standard-cve-2019-2602/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Governance and Intelligence
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-security-identity-governance-and-intelligence/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-5/
IBM Security Bulletin: Brocade Fabric OS (FOS) Advisory vulnerabilities affect Brocade 8Gb SAN Switch Module for BladeCenter and IBM Flex System FC5022 16Gb SAN Scalable Switch
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-brocade-fabric-os-fos-advisory-vulnerabilities-affect-brocade-8gb-san-switch-module-for-bladecenter-and-ibm-flex-system-fc5022-16gb-san-scalable-switch/
IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerability/
IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2018-1902, CVE-2018-1968, CVE-2019-4046)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity-manager-virtual-appliance-is-affected-by-multiple-vulnerabilities-cve-2018-1902-cve-2018-1968-cve-2019-4046/
IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-multiple-vulnerabilities/
BIG-IP DNS and GTM DNSSEC security exposure
https://support.f5.com/csp/article/K00724442