End-of-Day report
Timeframe: Mittwoch 07-08-2019 18:00 - Donnerstag 08-08-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
The Fully Remote Attack Surface of the iPhone
While there have been several rumours and reports of fully remote vulnerabilities affecting the iPhone being used by attackers in the last couple of years, limited information is available about the technical details of these vulnerabilities, as well as the underlying attack surface they occur in. I investigated the remote, interaction-less attack surface of the iPhone, and found several serious vulnerabilities.
https://googleprojectzero.blogspot.com/2019/08/the-fully-remote-attack-surface-of.html
[Guest Diary] The good, the bad and the non-functional, or "how not to do an attack campaign", (Thu, Aug 8th)
https://isc.sans.edu/diary/rss/25218
Magento Skimmers: From Atob to Alibaba
Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this: It uses the JavaScript atob function to decode base64-encoded domain names and URL patterns. In the sample above, it-s hxxps://livegetpay[.]com/pay.js?v=2.2.9 and -onepage-, respectively. The campaign used a variety of different domain names and targeted all sorts of payment processing systems, which is well described in the Group IB-s report.
https://blog.sucuri.net/2019/08/magento-skimmers-from-atob-to-alibaba.html
Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V
Remember the Reverse RDP Attack? Earlier this year, researchers disclosed clipboard hijacking and path-traversal issues in Microsofts Windows built-in RDP client that could allow a malicious RDP server to compromise a client computer, reversely.
https://thehackernews.com/2019/08/reverse-rdp-windows-hyper-v.html
ACSC Releases Advisory on Password Spraying Attacks
Original release date: August 8, 2019The Australian Cyber Security Centre (ACSC) has released an advisory on password spraying attacks. Password spraying is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts. The ACSC provides recommendations for organizations to detect and
https://www.us-cert.gov/ncas/current-activity/2019/08/08/acsc-releases-advisory-password-spraying-attacks
Erpressungsversuche mit Masturbations-Video!
Die Wahrscheinlichkeit betrügerische Erpressungs-E-Mails im eigenen Posteingang zu finden, ist momentan äußerst hoch. Kriminelle behaupten, die Systeme ihrer Opfer mit Schadsoftware infiziert, Zugriff auf Webcam und Kontakte erhalten zu haben und nun in Besitz eines Masturbations-Videos zu sein. Betroffene dürfen nichts bezahlen. Die Nachrichten von -Anonymer Hacker- sind erfunden!
https://www.watchlist-internet.at/news/erpressungsversuche-mit-masturbations-video/
Vulnerabilities
Fortinet FortiRecorder 2.7.3 Hardcoded Password
https://cxsecurity.com/issue/WLB-2019080028
Security updates for Thursday
Security updates have been issued by Arch Linux (exim, python-django, python2-django, and sdl2), Debian (proftpd-dfsg), Fedora (php and sqlite), openSUSE (proftpd), Red Hat (kernel), Slackware (kdelibs), SUSE (nodejs10, squid, and tcpdump), and Ubuntu (php5 and ruby-rack).
https://lwn.net/Articles/795725/
Synology-SA-19:32 SWAPGS Spectre Side-Channel Attack
The vulnerability allows local users to obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM) running on an Intel CPU or even if in Virtual Machine Manager.
https://www.synology.com/en-global/support/security/Synology_SA_19_32
Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-multi
Cisco Webex Meetings Server Open Redirection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-wms-oredirect
Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-webex-player
Cisco SPA112 2-Port Phone Adapter Stored Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-spa112-xss
Cisco SD-WAN Solution Packet Filtering Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-sd-wan-bypass
Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfvis-vnc-authbypass
Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfvis-authbypass
Cisco Enterprise NFV Infrastructure Software Cross-site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-xss
Cisco Enterprise NFV Infrastructure Software Arbitrary File Read Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-read
Cisco Enterprise NFV Infrastructure Software Password Recovery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-pwrecov
Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-privescal
Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-fileread
Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-commandinj
Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-cli-path
Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1918
Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1910
Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-hypflex-csrf
Cisco Firepower Threat Defense Software File Policy Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-ftd-bypass
Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-fnd-dos
Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-fmc-xss
Cisco Email Security Appliance Header Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-esm-inject
Cisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-privescala