End-of-Day report
Timeframe: Mittwoch 28-08-2019 18:00 - Donnerstag 29-08-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Malware Samples Compiling Their Next Stage on Premise, (Wed, Aug 28th)
I would like to cover today two different malware samples I spotted two days ago. They have one interesting behaviour in common: they compile their next stage on the fly directly on the victim's computer. At a first point, it seems weird but, after all, its an interesting approach to bypass low-level detection mechanisms that look for PE files.
https://isc.sans.edu/diary/rss/25278
-Heatstroke- Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information
Despite having an apparent lull in the first half of 2019, phishing will remain a staple in a cybercriminal-s arsenal, and theyre not going to stop using it. The latest example is a phishing campaign dubbed Heatstroke, based on a variable found in their phishing kit code.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/9hQZwZfgZ7U/
Vulnerabilities
Sicherheitslücke: Buffer Overflow in Dovecot-Mailserver
Eine Sicherheitslücke im Dovecot-Mailserver könnte es Angreifern erlauben, Code auszuführen. Updates stehen bereit.
https://www.golem.de/news/sicherheitsluecke-buffer-overflow-in-dovecot-mailserver-1908-143508-rss.html
Kritische Lücke mit Höchstwertung in Ciscos Betriebssystem ISO EX
Es gibt Sicherheitsupdates für verschiedene Betriebssystem-Versionen für Netzwerkgeräte von Cisco.
https://heise.de/-4509454
Security updates for Thursday
Security updates have been issued by Debian (apache2 and faad2), openSUSE (schismtracker), Red Hat (ceph and pango), Scientific Linux (pango), SUSE (apache-commons-beanutils, ceph, php7, and qemu), and Ubuntu (ceph, dovecot, and ghostscript).
https://lwn.net/Articles/797775/
Nextgen Gallery < 3.2.11 - SQL Injection
https://wpvulndb.com/vulnerabilities/9816
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-ilog-cplex-optimization-studio-and-ibm-cplex-enterprise-server/
IBM Security Bulletin: Vulnerability CVE-2019-1543 in OpenSSL affects IBM i
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-2019-1543-in-openssl-affects-ibm-i/
IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2019-1559)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-master-data-management-standard-and-advanced-editions-are-affected-by-vulnerabilities-in-openssl-cve-2019-1559/
External DNS Requests in Zyxel USG/UAG/ATP/VPN/NXC series
https://sec-consult.com/en/blog/advisories/external-dns-requests-in-zyxel-usg-uag-atp-vpn-nxc-series/
Hardcoded FTP Credentials in Zyxel NWA/NAP/WAC wireless access point series
https://sec-consult.com/en/blog/advisories/hardcoded-ftp-credentials-in-zyxel-wireless-access-point-series/
A specifically crafted HTTP request may lead the BIG-IP system to pass malformed HTTP requests to a target pool member webserver (HTTP Desync Attack)
https://support.f5.com/csp/article/K50375550
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004
https://webkitgtk.org/security/WSA-2019-0004.html
Atlassian Confluence: Schwachstelle ermöglicht Offenlegung von Informationen
http://www.cert-bund.de/advisoryshort/CB-K19-0768
Kubernetes: Schwachstelle ermöglicht Offenlegung von Informationen
http://www.cert-bund.de/advisoryshort/CB-K19-0769