End-of-Day report
Timeframe: Freitag 26-07-2019 18:00 - Montag 29-07-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Rare Steganography Hack Can Compromise Fully Patched Websites
An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP code into JPEG files- EXIF headers in order to upload malware onto targeted websites.
https://threatpost.com/rare-steganography-hack-can-compromise-fully-patched-websites/146701/
A VxWorks Operating System Bug Exposes 200 Million Critical Devices
VxWorks is designed as a secure, "real-time" operating system for continuously functioning devices, like medical equipment, elevator controllers, or satellite modems.
https://www.wired.com/story/vxworks-vulnerabilities-urgent11
Finding Evil in Windows 10 Compressed Memory, Part One: Volatility andRekall Tools
Paging all digital forensicators, incident responders, and memory manager enthusiasts! Have you ever found yourself at a client site working around the clock to extract evil from a Windows 10 image? Have you hit the wall at step zero, running into difficulties viewing a process tree, or enumerating kernel modules? Or even worse, had to face the C-Suite and let them know you couldn-t find any evil? Well fear no more - FLARE has you covered.
http://www.fireeye.com/blog/threat-research/2019/07/finding-evil-in-windows-ten-compressed-memory-part-one.html
Examining the Link Between TLD Prices and Abuse
Briefing Over the years, McAfee researchers have observed that certain new top-level Domains (TLDs) are more likely to be abused by cyber criminals for malicious activities than others. Our investigations reveal a negative relationship between the likelihood for abuse and registration price of some TLDs, as reported by the McAfee URL and email intelligence team.
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/examining-the-link-between-tld-prices-and-abuse/
Vulnerabilities
BlackBerry Powered by Android Security Bulletin - July 2019
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build.
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000057910
iTunes und iCloud für Windows mit Sicherheitslücken - Updates einspielen
iTunes 12.9.6 und iCloud für Windows sollen kritische Schwachstellen beseitigen, die Apple auch in eigenen Betriebssystemen behoben hat.
https://heise.de/-4480524
Security updates for Monday
Security updates have been issued by Debian (patch, sdl-image1.2, and unzip), Fedora (deepin-clone, dtkcore, dtkwidget, and sqlite), Mageia (virtualbox), openSUSE (firefox), and SUSE (cronie and firefox).
https://lwn.net/Articles/794838/
LibreOffice: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in LibreOffice ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen.
http://www.cert-bund.de/advisoryshort/CB-K19-0662
Trend Micro OfficeScan: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode und DoS
Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro OfficeScan ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen und um einen Denial of Service zu verursachen.
http://www.cert-bund.de/advisoryshort/CB-K19-0666
OpenLDAP: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
OpenLDAP ist eine frei verfügbare Implementierung des Verzeichnisdienstes LDAP. Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenLDAP ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
http://www.cert-bund.de/advisoryshort/CB-K19-0665
xpdf: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen in xpdf ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herzustellen oder Informationen auszuspähen.
http://www.cert-bund.de/advisoryshort/CB-K19-0663
IBM Security Bulletin: IBM Cloud Automation Manager is affected by an issue with API endpoints behind the -docker cp-
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-automation-manager-is-affected-by-an-issue-with-api-endpoints-behind-the-docker-cp/
IBM Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center (CVE-2019-4285)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-clickjacking-vulnerability-in-websphere-application-server-liberty-admin-center-cve-2019-4285/
IBM Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-digital-payments/
IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Asset Analyzer.
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-asset-analyzer/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Digital Payments
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-financial-transaction-manager-for-digital-payments-2/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-monitoring-8/
IBM Security Bulletin: IBM i2 Intelligent Analyis Platform is affected by a XML External Entity (XXE) vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i2-intelligent-analyis-platform-is-affected-by-a-xml-external-entity-xxe-vulnerability/
IBM Security Bulletin: Financial Transaction Manager for Digital Payments for Multi-Platform is affected by vulnerabilities in IBM Java Runtime
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-digital-payments-for-multi-platform-is-affected-by-vulnerabilities-in-ibm-java-runtime/
IBM Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics/
IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-digital-payments-is-affected-by-a-potential-cross-site-scripting-xss-vulnerability-cve-2018-1871/
HPESBUX03927 rev.1 - HP-UX BIND, Remote Denial of Service (DoS) and Remote Unauthorized Data Modification
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us
HPESBHF03944 rev.1 - HPE HP2910al-48G switches, local Arbitrary Command Execution
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03944en_us