End-of-Day report
Timeframe: Dienstag 17-09-2019 18:00 - Mittwoch 18-09-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin-one of the most popular applications for managing the MySQL and MariaDB databases.
https://thehackernews.com/2019/09/phpmyadmin-csrf-exploit.html
Clever New DDoS Attack Gets a Lot of Bang for a Hackers Buck
By exploiting the WS-Discovery protocol, a new breed of DDoS attack can get a huge rate of return.
https://www.wired.com/story/ddos-attack-ws-discovery
FAQ: Emotet (bei Heise)
Seit die Heise Gruppe von einer Emotet-Infektion betroffen war, erreichen uns immer wieder Rückfragen. Hier die Antworten auf die häufigsten davon.
https://heise.de/-4517354
SMS von "PostInfo" führt in Abo-Falle
Zahlreiche HandynutzerInnen erhalten momentan eine SMS von PostInfo. Sie haben angeblich etwas bei einer Verlosung gewonnen. Um den Gewinn einzulösen, müssen sie einem Link folgen. Dieser führt zu einer Umfrage auf einer gefälschten Post-Seite. Achtung: dieses SMS stammt nicht von der Post, sondern von Kriminellen. Sie werden in eine Abo-Falle gelockt.
https://www.watchlist-internet.at/news/sms-von-postinfo-fuehrt-in-abo-falle/
Daily Emotet IoCs and Notes for 09/16/19
Emotet Malware Document links/IOCs for 09/16/19 as of 09/17/19 02:30 EDTNotes and Credits at the bottom Follow us on twitter @cryptolaemus1 for more updates.
https://paste.cryptolaemus.com/emotet/2019/09/16/emotet-malware-IoCs_09-16-19.html
Vulnerabilities
Advantech WebAccess
This advisory contains mitigations for code injection, command injection, stack-based buffer overflow, and improper authorization vulnerabilities in Advantechs WebAccess HMI platform.
https://www.us-cert.gov/ics/advisories/icsa-19-260-01
Honeywell Performance IP Cameras and Performance NVRs
This advisory includes mitigations for an information exposure vulnerability in the Honeywell Performance IP Cameras and Performance NVRs product.
https://www.us-cert.gov/ics/advisories/icsa-19-260-03
HPESBHF03844 rev.3 - HPE Integrated Lights-Out 4, 5 (iLO 4, 5) iLO Moonshot and Moonshot iLO Chassis Manager, Remote or Local Code Execution
Version:3 (rev.3) - 17 September 2019 added iLO Moonshot and Moonshot iLO Chassis Manager
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03844en_us
HPESBHF03866 rev.3 - HPE Integrated Lights-Out 3,4,5 iLO Moonshot and Moonshot iLO Chassis Manager, using SSH, Remote Execution of Arbitrary Code, Local Disclosure of Sensitive Information
Version:3 (rev.3) - 17 September 2019 added iLO Moonshot and Moonshot iLO Chassis Manager
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03866en_us
Security update available in Foxit Studio Photo 3.6.6.913
Foxit has released Foxit Studio Photo 3.6.6.913, which addresses potential security and stability issues.
https://www.foxitsoftware.com/support/security-bulletins.php
Kritisches Update für AMD-Grafikkarten löst spezielles Sicherheitsproblem
Die Kombination von VMware Workstation Pro und AMD-GPUs könnte die Computersicherheit gefährden.
https://heise.de/-4533148
Security updates for Wednesday
Security updates have been issued by CentOS (firefox and kernel), Debian (thunderbird), Fedora (curl), openSUSE (curl and python-Werkzeug), Oracle (kernel and thunderbird), Red Hat (rh-nginx114-nginx), SUSE (curl, ibus, MozillaFirefox, firefox-glib2, firefox-gtk3, openldap2, openssl, openssl1, python-urllib3, and util-linux and shadow), and Ubuntu (linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial, linux-oracle, linux-raspi2, linux-snapdragon, and wpa).
https://lwn.net/Articles/799765/
WAGO Series PFC100/PCF200 Information Disclosure
The reported vulnerability allows a remote attacker to check paths and file names that are used in filesystem operations.
https://cert.vde.com/de-de/advisories/vde-2019-017
IBM Security Bulletin: IBM Security Key Lifecycle Manager uses Weak password policy (CVE-2019-4565)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-lifecycle-manager-uses-weak-password-policy-cve-2019-4565/
IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2019 - Includes Oracle Jul 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2019-includes-oracle-jul-2019-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/
IBM Security Bulletin: Vulnerability in Eclipse Jetty affecting Rational Functional Tester
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-eclipse-jetty-affecting-rational-functional-tester/
IBM Security Bulletin: Multiple vulnerabilities have been identified in bundled libraries of IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2019-12086, CVE-2019-0201)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-have-been-identified-in-bundled-libraries-of-ibm-tivoli-netcool-omnibus-common-integration-libraries-cve-2019-12086-cve-2019-0201/
IBM Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-0732, CVE-2018-0734, CVE-2018-0737)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-affects-watson-explorer-foundational-components-cve-2018-0732-cve-2018-0734-cve-2018-0737/
Reflected Cross-Site Scripting (XSS) in Oracle Mojarra JSF
https://sec-consult.com/en/blog/advisories/reflected-cross-site-scripting-xss-in-oracle-mojarra-jsf/