End-of-Day report
Timeframe: Montag 09-09-2019 18:00 - Dienstag 10-09-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
How to Audit & Cleanup WordPress Plugins & Themes
In an interview with Smashing Magazine our CoFounder (now Head of
Security Products at GoDaddy) Tony Perez was asked the following
question. What Makes WordPress Vulnerable? "Here's the simple answer.
Old versions of WordPress, along with theme and plugin vulnerabilities,
multiplied by the CMS' popularity, with the end user thrown into the
mix, make for a vulnerable website."
https://blog.sucuri.net/2019/09/wordpress-plugin-audit.html
IoT Attack Opportunities Seen in the Cybercrime Underground
We looked into IoT-related discussions from several cybercrime
underground communities. We found discussions ranging from tutorials to
actual monetization schemes for IoT-related attacks.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/i588EjgxMnI/
When corporate communications look like a phish
Before organizations engage in gnashing of teeth over the "ignorant
user" and the cost of training, think about how much email users
encounter and whether corporate communications look like phishes
themselves.
https://blog.malwarebytes.com/business-2/2019/09/when-corporate-communications-look-like-a-phish/
Evolution of Malware Sandbox Evasion Tactics - A Retrospective Study
Executive Summary Malware evasion techniques are widely used to
circumvent detection as well as analysis and understanding. One of the
dominant categories of evasion is anti-sandbox detection, simply
because today-s sandboxes are becoming the fastest and easiest way to
have an overview of the threat.
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/evolution-of-malware-sandbox-evasion-tactics-a-retrospective-study/
Achung Phishing: betrügerische Raiffeisen E-Mails im Umlauf
Kriminelle behaupten Ihre Kreditkarte wäre gesperrt: Mit der neuen
EU-Richtlinie als Vorwand, erhalten momentan zahlreiche Bank-Kundinnen
und Kunden Phishing-Mails. Laut den E-Mails schreibt die Richtlinie
angeblich die Bestätigung Ihrer persönlichen Daten vor. Der angeführte
Link führt Sie jedoch auf eine gefälschte Login-Seite. Kriminelle
erspähen Ihre Daten.
https://www.watchlist-internet.at/news/achung-phishing-betruegerische-raiffeisen-e-mails-im-umlauf/
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe Application Manager
(APSB19-45) and Adobe Flash Player (APSB19-46). Adobe recommends users
update their product installations to the latest versions using the
instructions referenced in the bulletin. This posting is provided "AS
IS" with no warranties and confers no rights.
https://blogs.adobe.com/psirt/?p=1785
Multiple Vulnerabilities in Comba and D-Link Routers
There are five new credential leaking vulnerabilities discovered and
disclosed by Simon Kenin. Two are in a D-Link DSL modem typically
installed to connect a home network to an ISP. The other three are in
multiple Comba Telecom WiFi devices. All the vulnerabilities involve
insecure storage of credentials including three where cleartext
credentials available to any user with network access to the device.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-vulnerabilities-in-comba-and-d-link-routers/
Security updates for Tuesday
Security updates have been issued by Debian (docker.io, icedtea-web,
and trafficserver), openSUSE (opera), Red Hat (bind, firefox,
go-toolset:rhel8, kernel, nghttp2, and polkit), SUSE (buildah, curl,
java-1_7_1-ibm, and skopeo), and Ubuntu (freetype, memcached,
python2.7, python3.4, and python2.7, python3.5, python3.6, python3.7).
https://lwn.net/Articles/798883/
MISP 2.4.115 released (aka CVE-2019-16202 and sync speed
improvement)
A new version of MISP (2.4.115) with a major security fix
(CVE-2019-16202) and various small improvements has been released. We
strongly recommend all MISP users update to this version.
https://www.misp-project.org/2019/09/10/MISP.2.4.115.released.html
SSA-187667 (Last Update: 2019-09-10): DejaBlue Vulnerabilities - Siemens Healthineers Products
https://cert-portal.siemens.com/productcert/pdf/ssa-187667.pdf
SSA-189842 (Last Update: 2019-09-10): TCP URGENT/11 Vulnerabilities in RUGGEDCOM Win
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
SSA-191683 (Last Update: 2019-09-10): Cross-Site Scripting Vulnerability in IE/WSN-PA Link WirelessHART Gateway
https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf
SSA-250618 (Last Update: 2019-09-10): Denial-of-Service Vulnerability in SIMATIC TDC CP51M1
https://cert-portal.siemens.com/productcert/pdf/ssa-250618.pdf
SSA-462066 (Last Update: 2019-09-10): Vulnerability known as TCP SACK PANIC in Industrial Products
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
SSA-834884 (Last Update: 2019-09-10): Vulnerability in SINETPLAN
https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf
SSA-884497 (Last Update: 2019-09-10): Multiple Vulnerabilities in SINEMA Remote Connect Server
https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf
GnuPG vulnerability CVE-2019-13050
https://support.f5.com/csp/article/K08654551
Wireshark vulnerability CVE-2019-12295
https://support.f5.com/csp/article/K06725231