End-of-Day report
Timeframe: Freitag 13-09-2019 18:00 - Montag 16-09-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Gefährliche Sicherheitslücken in Überwachungskameras von Dahua
Angreifer könnten einige Dahua-Überwachungskameras attackieren und in ein Botnetz zwingen. Sicherheitsupdates stehen zum Download bereit.
https://heise.de/-4523355
Fake-Bewerbung von "Eva Richter" hat Erpressungstrojaner Ordinypt im Gepäck
Vorsicht: Derzeit sind wieder gefälschte Bewerbungen mit gefährlichem Dateianhang in Umlauf. Wer darauf reinfällt, steht vor einem digitalen Scherbenhaufen.
https://heise.de/-4523365
How to Enable Ransomware Protection in Windows 10
Windows Defender includes a security feature called "Ransomware Protection" that allows you to enable various protections against ransomware infections. This feature is disabled by default in Windows 10, but with ransomware running rampant, it is important to enable this feature in order to get the most protection on your computer.
https://www.bleepingcomputer.com/news/microsoft/how-to-enable-ransomware-protection-in-windows-10/
iPhone: PIN-Sperre in iOS 13 umgangen
Der Sperrbildschirm in iOS 13 kann mit einem einfachen Trick umgangen werden. So kann auf das Adressbuch des Besitzers zugegriffen werden. iOS 13 soll am 19. September veröffentlicht werden - die Lücke will Apple bis dahin nicht schließen.
https://www.golem.de/news/iphone-pin-sperre-in-ios-13-umgangen-1909-143860-rss.html
WordPress XSS Bug Allows Drive-By Code Execution
Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover.
https://threatpost.com/wordpress-xss-drive-by-code-execution/148324/
Dissecting the WordPress 5.2.3 Update
Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to day work is to analyse these security releases, discover what security issue it is fixing and come up with a Proof of Concept for further internal testing.
https://blog.sucuri.net/2019/09/dissecting-the-wordpress-5-2-3-update.html
Smishing Explained: What It Is and How to Prevent It
Do you remember the last time you-ve interacted with a brand, political cause, or fundraising campaign via text message? Have you noticed these communications occurring more frequently as of late? It-s no accident. Whereas marketers and communications professionals can-t count on email opens or users accepting push notifications from apps, they-re well aware that around [...]
https://www.webroot.com/blog/2019/09/16/smishing-explained-what-it-is-and-how-you-can-prevent-it/
You Can Run, But You Can't Hide - Detecting Process Reimaging Behavior
Around 3 months ago, a new attack technique was introduced to the InfoSec community known as "Process Reimaging." This technique was released by the McAfee Security team in a blog titled - "In NTDLL I Trust - Process Reimaging and Endpoint Security Solution Bypass." A few days after this attack technique was released, a co-worker and friend of mine - Dwight Hohnstein - came out with proof of concept code demonstrating this technique, [...]
https://posts.specterops.io/you-can-run-but-you-cant-hide-detecting-process-reimaging-behavior-e6bb9a10c40b
Open source breach and attack simulation tool Infection Monkey gets new features
Guardicore, a leader in internal data center and cloud security, unveiled new capabilities for its Infection Monkey that make it the industry-s first Zero Trust assessment tool. Added features extend the functionality of the already successful Infection Monkey, a free, open source breach and attack simulation tool used by thousands to demonstrate and analyze their environments against lateral movement and attacks.
https://www.helpnetsecurity.com/2019/09/16/infection-monkey-tool/
LastPass Patches Bug Leaking Last-Used Credentials
A vulnerability recently addressed in LastPass could be abused by attackers to expose the last site credentials filled by LastPass. A freemium password manager, LastPass stores encrypted passwords online and provides users with a web interface to access them, as well as with plugins for web browsers and apps for smartphones.
https://www.securityweek.com/lastpass-patches-bug-leaking-last-used-credentials
Sophos open-sources Sandboxie, a utility for sandboxing any application
Sandboxie is now a free download. Source code to be open-sourced at a later date.
https://www.zdnet.com/article/sophos-open-sources-sandboxie-a-utility-for-sandboxing-any-application/
Vulnerabilities
VMSA-2019-0013
VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities. (CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534)
https://www.vmware.com/security/advisories/VMSA-2019-0013.html
Security updates for Monday
Security updates have been issued by Debian (ansible, faad2, linux-4.9, and thunderbird), Fedora (jbig2dec, libextractor, sphinx, and thunderbird), Mageia (expat, kconfig, mediawiki, nodejs, openldap, poppler, thunderbird, webkit2, and wireguard), openSUSE (buildah, ghostscript, go1.12, libmirage, python-urllib3, rdesktop, and skopeo), SUSE (python-Django), and Ubuntu (exim4, ibus, and Wireshark).
https://lwn.net/Articles/799324/
[remote] Inteno IOPSYS Gateway - Improper Access Restrictions
https://www.exploit-db.com/exploits/47390