End-of-Day report
Timeframe: Dienstag 10-09-2019 18:00 - Mittwoch 11-09-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
OpenDMARC: Aktiv ausgenutzte DMARC-Sicherheitslücke ohne Fix
Mitarbeiter von Protonmail haben in OpenDMARC eine Sicherheitslücke entdeckt, mit der sich die Signaturprüfung austricksen lässt. Angreifer haben die Lücke bereits für Phishingangriffe gegen Journalisten genutzt. OpenDMARC wird offenbar nicht weiterentwickelt und es gibt kein Update.
https://www.golem.de/news/opendmarc-aktiv-ausgenutzte-dmarc-sicherheitsluecke-ohne-fix-1909-143798-rss.html
Office 365: prone to security breaches?
Author: Willem Zeeman "Office 365 again?". At the Forensics and Incident Response department of Fox-IT, this is heard often. Office 365 breach investigations are common at our department. You'll find that this blog post actually doesn't make a case for Office 365 being inherently insecure - rather, it discusses some of the predictability of Office [...]
https://blog.fox-it.com/2019/09/11/office-365-prone-to-security-breaches/
NetCAT
NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). With NetCAT, we show this threat extends to untrusted clients over the network, which can now leak sensitive data such as keystrokes in a SSH session from remote servers with no local access.
https://www.vusec.net/projects/netcat/
Vulnerabilities
Patchday: Angreifer attackieren Windows und machen sich zum Admin
Microsoft hat wichtige Sicherheitsupdates für Office, Windows & Co. veröffentlicht. Einige Lücken gelten als kritisch.
https://heise.de/-4519699
Patchday: SAP behebt unter anderem kritische Lücke in NetWeaver
Am September-Patchday hat SAP zahlreiche Lücken geschlossen und überdies einige ältere Security Advisories aktualisiert.
https://heise.de/-4519758
Delta Electronics TPEditor
This advisory contains mitigations for stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds write vulnerabilities in Delta Electronics TPEditor, a programming software for Delta text panels.
https://www.us-cert.gov/ics/advisories/icsa-19-253-01
OSIsoft PI SQL Client
This advisory contains mitigations for an integer overflow or wraparound vulnerability in OSIsofts PI SQL Client component interface.
https://www.us-cert.gov/ics/advisories/icsa-19-253-06
Intel Releases Security Updates
Original release date: September 10, 2019Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine.
https://www.us-cert.gov/ncas/current-activity/2019/09/10/intel-releases-security-updates
OpenSSL Security Advisory [10 September 2019]
ECDSA remote timing attack (CVE-2019-1547)
Fork Protection (CVE-2019-1549)
Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
https://openssl.org/news/secadv/20190910.txt
Security updates for Wednesday
Security updates have been issued by Fedora (python38), openSUSE (nginx, nodejs10, nodejs8, python-Twisted, python-Werkzeug, SDL2_image, SDL_image, and util-linux and shadow), Oracle (firefox and nghttp2), Red Hat (.NET Core, firefox, kernel, libwmf, pki-deps:10.6, and poppler), Scientific Linux (firefox), SUSE (ghostscript, libgcrypt, podman, python-SQLAlchemy, qemu, and webkit2gtk3), and Ubuntu (curl, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, systemd, and tomcat8).
https://lwn.net/Articles/798966/
Citrix SD-WAN Security Update
CTX256918 NewApplicable Products : Citrix SD-WANMultiple denial of service vulnerabilities have been identified in the Citrix SD-WAN Appliance and Citrix SD-WAN Center Management Console.
https://support.citrix.com/article/CTX256918
IBM Security Bulletin: Spectrum Protect Operations Center vulnerable to Logjam (CVE-2015-4000)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spectrum-protect-operations-center-vulnerable-to-logjam-cve-2015-4000/