End-of-Day report
Timeframe: Donnerstag 18-07-2019 18:00 - Freitag 19-07-2019 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Elusive MegaCortex Ransomware Found - Here is What We Know
A sample of the ransomware called MegaCortex that is known to target the enterprise in targeted attacks has been found and analyzed. In this article, we will provide a brief look at the MegaCortex Ransomware and how it encrypts a computer.
https://www.bleepingcomputer.com/news/security/elusive-megacortex-ransomware-found-here-is-what-we-know/
The Strange Case of the Malicious Favicon
During the past year, our Remediation department has seen a large increase in the number of fully spammed sites. The common factors are strangely named and unusually located favicon.ico files, along with the creation of -bak.bak- index files peppered around the website. In the majority of the cases, the pattern is similar regardless of the size of the website or the CMS being used. We have found WordPress, Magento, Joomla, and even HTML-only sites impacted by this campaign.
https://blog.sucuri.net/2019/07/the-strange-case-of-the-malicious-favicon.html
[webapps] fuelCMS 1.4.1 - Remote Code Execution
fuelCMS 1.4.1 - Remote Code Execution
https://www.exploit-db.com/exploits/47138
Vulnerabilities
Johnson Controls exacqVision Server
This advisory includes mitigations for an unquoted search path or element vulnerability reported in the Johnson Controls exacqVision Server.
https://www.us-cert.gov/ics/advisories/icsa-19-199-01
Security updates for Friday
Security updates have been issued by Debian (bzip2), Fedora (freetds, kernel, kernel-headers, and knot-resolver), openSUSE (bubblewrap, fence-agents, kernel, libqb, libu2f-host, pam_u2f, and tomcat), Oracle (vim), SUSE (kernel, LibreOffice, libxml2, and tomcat), and Ubuntu (libmspack and squid, squid3).
https://lwn.net/Articles/794190/
IBM Security Bulletin: Buffer overflow vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4267)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-buffer-overflow-vulnerability-in-ibm-spectrum-protect-backup-archive-client-cve-2019-4267/
IBM Security Bulletin: ACLs not backed up on VxFS-HP-UX filesystems by IBM Spectrum Protect Backup-Archive Client (CVE-2019-4236)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-acls-not-backed-up-on-vxfs-hp-ux-filesystems-by-ibm-spectrum-protect-backup-archive-client-cve-2019-4236/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMWare (CVE-2018-12547, CVE-2019-2426)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2018-12547-cve-2019-2426/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-12547, CVE-2019-2426)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-for-virtual-environments-cve-2018-12547-cve-2019-2426/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Backup-Archive Client on Windows, Linux, and Macintosh (CVE-2018-12547, CVE-2019-2426)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-the-ibm-spectrum-protect-backup-archive-client-on-windows-linux-and-macintosh-cve-2018-12547-cve-2019-2426/
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1559)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-openssl-affects-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2019-1559/
IBM Security Bulletin: Vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-node-js-affects-ibm-integration-bus-ibm-app-connect-enterprise-v11/
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Integration Bus , IBM App Connect and WebSphere Message Broker
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-integration-bus-ibm-app-connect-and-websphere-message-broker/
IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-1902, CVE-2019-4046)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-and-denial-of-service-vulnerabilities-in-websphere-application-liberty-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2018-1902-cve-2019-4046/
IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Client web user interface and IBM Spectrum Protect for Virtual Environments (CVE-2018-1902, CVE-2019-4046)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-and-denial-of-service-vulnerabilities-in-websphere-application-server-liberty-affect-ibm-spectrum-protect-client-web-user-interface-and-ibm-spectrum-protect-for-virtual/
IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by an Apache Zookeeper vulnerability (CVE-2019-0201)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-netcool-agile-service-manager-is-affected-by-an-apache-zookeeper-vulnerability-cve-2019-0201/
IBM Security Bulletin: Multiple vulnerabilities in Jetty affect Netcool Agile Service Manager (CVE-2019-10247, CVE-2019-10246)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-jetty-affect-netcool-agile-service-manager-cve-2019-10247-cve-2019-10246/
Expat XML parser vulnerability CVE-2018-20843
https://support.f5.com/csp/article/K51011533
VLC: Schwachstelle ermöglicht Codeausführung
http://www.cert-bund.de/advisoryshort/CB-K19-0634