End-of-Day report
Timeframe: Montag 08-07-2019 18:00 - Dienstag 09-07-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
FPM-Sicherheitslücke: Daten exfiltrieren mit Facebooks HHVM
Server für den sogenannten FastCGI Process Manager (FPM) können, wenn sie übers Internet erreichbar sind, unbefugten Zugriff auf Dateien eines Systems geben. Das betrifft vor allem HHVM von Facebook, bei PHP sind die Risiken geringer.
https://www.golem.de/news/fpm-sicherheitsluecke-daten-exfiltrieren-mit-facebooks-hhvm-1907-142418-rss.html
Fileless Attack Attempts to Run Astaroth Backdoor Directly in Memory
Microsoft says it recently detected and stopped a fileless campaign looking to deliver the Astaroth Trojan to unsuspecting victims. read more
https://www.securityweek.com/fileless-attack-attempts-run-astaroth-backdoor-directly-memory
Fake-Shops entertaini.eu & gartenhimmel.eu mit gefälschtem Klarna-Checkout!
Vorsicht vor betrügerischen Online-Shops, die vorgeben, Klarnas Sofort-Überweisung anzubieten, Konsument/innen aber auf eine gefälschte Klarna-Website weiterleiten. Das geschieht bei entertaini.eu, der Gaming- und Entertainment-Artikel anbietet, sowie gartenhimmel.eu, der Haushaltsware und Sportartikel führt. Nicht bestellen! Eingegebene Daten sind in Gefahr und die Ware existiert nicht.
https://www.watchlist-internet.at/news/fake-shops-entertainieu-gartenhimmeleu-mit-gefaelschtem-klarna-checkout/
IT-Security - Videokonferenz-App gibt Unbekannten Zugriff auf Mac-Webcam
Lücke in Zoom erlaubte "Videoanrufe", selbst wenn das Programm nicht mehr installiert war - Millionen User und bis zu 750.000 Firmen betroffen
https://derstandard.at/2000106075694/Videokonferenz-App-gibt-Unbekannten-Zugriff-auf-Mac-Webcam
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe Bridge CC (APSB19-37), Adobe Experience Manager (APSB19-38) and Adobe Dreamweaver (APSB19-40). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
https://blogs.adobe.com/psirt/?p=1765
[20190701] - Core - Filter attribute in subform fields allows remote code execution
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.9.7 - 3.9.8 Exploit type: Remote Code Execution Reported Date: 2019-June-20 Fixed Date: 2019-July-09 CVE Number: CVE-2019-xxx Description Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/6jkIqCFwOTE/787-20190701-core-filter-attribute-in-subform-fields-allows-remote-code-execution.html
Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to insufficient validation of input SIP traffic.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos
Xen Security Advisory XSA-300
Guest may be able to crash domain 0 (Host Denial-of-Service); or may be able to starve out I/O requests from other guests (Guest Denial-of-Service).
https://xenbits.xen.org/xsa/advisory-300.html
Xpdf: CERT-Bund warnt vor ungepatchten Schwachstellen in freiem PDF-Viewer
Die aktuelle Version des freien PDF-Betrachters enthält mehrere Schwachstellen. Fixes gibt es bislang noch nicht.
https://heise.de/-4465908
Linux kernel vulnerability CVE-2019-11811
https://support.f5.com/csp/article/K01512680
HPESBST03918 rev.1 - HPE 3PAR Service Processor (SP), remote Disclosure of Privileged Information
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03918en_us
Security updates for Tuesday
Security updates have been issued by Arch Linux (irssi, python-django, and python2-django), Debian (libspring-security-2.0-java and zeromq3), Red Hat (python27-python), SUSE (ImageMagick, postgresql10, python-Pillow, and zeromq), and Ubuntu (apport, Docker, glib2.0, gvfs, whoopsie, and zeromq3).
https://lwn.net/Articles/793235/
SAP Patchday Juli: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K19-0580
Citrix Hypervisor Security Update.
CTX256725 NewApplicable Products : Citrix Hypervisor 8.0, XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 2, XenServer 7.6A vulnerability has been found in Citrix Hypervisor (formerly Citrix XenServer) that may allow an unauthenticated attacker with the ability to send traffic to a host over a management or storage network to cause the host to crash.
https://support.citrix.com/article/CTX256725
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Governance and Intelligence
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-security-identity-governance-and-intelligence-2/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-2/
IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect Rational Publishing Engine
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-in-ibm-java-runtime-affect-rational-publishing-engine/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11/
IBM Security Bulletin: IBM Multicloud Manager contains sensitive information upon deployment (CVE-2019-4118)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-multicloud-manager-contains-sensitive-information-upon-deployment-cve-2019-4118/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus, IBM App Connect Enterpise v11 and WebSphere Message Broker
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-ibm-app-connect-enterpise-v11-and-websphere-message-broker-2/
SSA-121293 (Last Update: 2019-07-09): Code Upload Vulnerability in SIMATIC WinCC and SIMATIC PCS7
https://cert-portal.siemens.com/productcert/txt/ssa-121293.txt
SSA-307392 (Last Update: 2019-07-09): Denial-of-Service in OPC UA in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt
SSA-556833 (Last Update: 2019-07-09): TLS Vulnerabilities in SIMATIC RF6XXR
https://cert-portal.siemens.com/productcert/txt/ssa-556833.txt
SSA-616472 (Last Update: 2019-07-09): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-616472.txt
SSA-697412 (Last Update: 2019-07-09): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal
https://cert-portal.siemens.com/productcert/txt/ssa-697412.txt
SSA-721298 (Last Update: 2019-07-09): Missing Authentication Vulnerability in TIA Administrator (TIA Portal)
https://cert-portal.siemens.com/productcert/txt/ssa-721298.txt
SSA-747162 (Last Update: 2019-07-09): Cross-Site Scripting Vulnerability in Spectrum Power-
https://cert-portal.siemens.com/productcert/txt/ssa-747162.txt
SSA-899560 (Last Update: 2019-07-09): Vulnerabilities in SIPROTEC 5 relays and DIGSI 5
https://cert-portal.siemens.com/productcert/txt/ssa-899560.txt