End-of-Day report
Timeframe: Freitag 05-07-2019 18:00 - Montag 08-07-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Anubis Android Malware Returns with Over 17,000 Samples
In mid-January of 2019, we saw Anubis use a plethora of techniques,
including the use of motion-based sensors to elude sandbox analysis and
overlays to steal personally identifiable information.
The latest samples of Anubis (detected by Trend Micro as
AndroidOS_AnubisDropper) we recently came across are no different.
While tracking Anubis- activities, we saw two related servers
containing 17,490 samples.
https://blog.trendmicro.com/trendlabs-security-intelligence
/anubis-android-malware-returns-with-over-17000-samples/
Godlua, Missverständnisse und der Streit um DNS over HTTPS
Der Linux-Schadcode Godlua verschlüsselt seinen DNS-Traffic mit HTTPS,
benutzt allerdings nicht das DoH-Protokoll.
https://heise.de/-4464640
Malicious Code Planted in strong_password Ruby Gem
A developer discovered that an update released for the
'strong_password' Ruby gem contained malicious code that allowed an
attacker to remotely execute arbitrary code.
Developer Tute Costa was updating gems used by a Rails application when
he noticed that version 0.0.7 of strong_password was pushed out on
RubyGems.org, the Ruby community's gem hosting service, but not on
GitHub.
https://www.securityweek.com
/malicious-code-planted-strongpassword-ruby-gem
Vulnerabilities
ZDI-19-640: (0Day) Google Android Bluetooth hci_len Heap-based
Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows attackers in close proximity to execute
arbitrary code on vulnerable installations of Google Android. User
interaction is required to exploit this vulnerability in that the
target must accept a malicious file transfer.
...
06/07/19 - The vendor replied the fix was not public yet but would soon
be included in the next release of a major version
http://www.zerodayinitiative.com/advisories/ZDI-19-640/
Multiple Vulnerabilities in innovaphone VoIP Products Fixed
innovaphone fixed several vulnerabilities in two VoIP products that we
disclosed a while ago. The affected products are the Linux Application
Platform and the IPVA. Unfortunately, the release notes are not public
(yet?) and the vendor does not include information about the
vulnerabilities for the Linux Application Platform. Therefore, we
decided to publish some more technical details for the issues.
https://insinuator.net/2019/07
/multiple-vulnerabilities-in-innovaphone-voip-products-fixed/
ct deckt auf: Tastaturen und Mäuse von Logitech weitreichend
angreifbar
In etlichen Tastaturen, Mäusen und Presentern von Logitech klaffen
Sicherheitslücken. ct erklärt, welche Produkte betroffen sind und was
Sie jetzt tun sollten.
https://heise.de/-4464149
Security updates for Monday
Security updates have been issued by Debian (dosbox, python-django,
squid3, and unzip), Fedora (filezilla, libfilezilla, and samba),
openSUSE (gvfs), Oracle (kernel), Red Hat (firefox and
redhat-virtualization-host), SUSE (bash and libpng16), and Ubuntu
(libvirt).
https://lwn.net/Articles/793057/
CVE-2019-13142: Razer Surround 1.1.63.0 EoP
Version: Razer Surround 1.1.63.0
Operating System tested on: Windows 10 1803 (x64)
Vulnerability: Razer Surround Elevation of Privilege through Insecure
folder/file permissions
https://posts.specterops.io
/cve-2019-13142-razer-surround-1-1-63-0-eop-f18c52b8be0c
IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in
IBM SONAS
https://www.ibm.com/blogs/psirt
/ibm-security-bulletin-multiple-mozilla-firefox-vulnerability-in-ibm
-sonas-2/
IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in
IBM SONAS
https://www.ibm.com/blogs/psirt
/ibm-security-bulletin-multiple-mozilla-firefox-vulnerability-in-ibm
-sonas/
IBM Security Bulletin: Multiple Mozilla Firefox vulnerabilities in
IBM SONAS
https://www.ibm.com/blogs/psirt
/ibm-security-bulletin-multiple-mozilla-firefox-vulnerabilities-in-i
bm-sonas-6/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime
affect IBM Cloud Transformation Advisor
https://www.ibm.com/blogs/psirt
/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-
affect-ibm-cloud-transformation-advisor-2/
IBM Security Bulletin: A vulnerability in IBM Websphere Application
Server could affect IBM Cloud App Management
https://www.ibm.com/blogs/psirt
/ibm-security-bulletin-a-vulnerability-in-ibm-websphere-application-
server-could-affect-ibm-cloud-app-management/
HPESBHF03937 rev.1 - HPE UIoT Unauthorized Remote Access and Access
to Sensitive Information
https://support.hpe.com/hpsc/doc/public
/display?docLocale=en_US&docId=emr_na-hpesbhf03937en_us
HPESBMU03941 rev.1 - HPE IceWall SSO Agent Option and IceWall MFA
Remote Denial of Service
https://support.hpe.com/hpsc/doc/public
/display?docLocale=en_US&docId=emr_na-hpesbmu03941en_us