End-of-Day report
Timeframe: Donnerstag 19-09-2019 18:00 - Freitag 20-09-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Forcepoint Fixes Privilege Escalation Bug in Windows VPN Client
A vulnerability affecting all versions of Forcepoint VPN Client for Windows, save the latest release, can be used to achieve persistence and evade detection.
https://www.bleepingcomputer.com/news/security/forcepoint-fixes-privilege-escalation-bug-in-windows-vpn-client/
Fake SSO Used In Multi-Email Provider Phishing
Single sign-on (SSO) allows users to sign into a single account (e.g Google) and access other services like YouTube or Gmail without authenticating with a separate username and password. This feature also extends to third party services such as the popular Dropbox file sharing application, which offers users the option to access their account using Google-s authentication from their sign in page. Malicious Pages Mimic Popular Login Workflows [...]
https://blog.sucuri.net/2019/09/fake-sso-used-in-multi-email-provider-phishing.html
Blacklisting or Whitelisting in the Right Way
Its Friday today, Id like to talk about something else. Black (or white) lists are everywhere today. Many security tools implement a way to allow/deny accesses or actions on resources based on "lists" bsides the automated processing of data. The approach to implement them is quite different:
https://isc.sans.edu/forums/diary/Blacklisting+or+Whitelisting+in+the+Right+Way/25338/
Wenn Instagram- und Facebook-Freunde nach der Handynummer fragen
Zahlreiche NutzerInnen berichten derzeit, dass sie von FreundInnen über den Instagram-Chat oder den Facebook-Messenger nach ihrer Handynummer gefragt werden. Anschließend wird noch nach einem 4-stelligen PIN Code gefragt. Achtung! Hier schreiben nicht die FreundInnen. Deren Zugang wurde gehackt. Kriminelle versuchen so, ein kostenpflichtiges Abo abzuschließen.
https://www.watchlist-internet.at/news/wenn-instagram-und-facebook-freunde-nach-der-handynummer-fragen/
Vulnerabilities
Tridium Niagara
This advisory contains mitigations for information exposure and improper authorization vulnerabilities in Tridiums Niagara business application framework software.
https://www.us-cert.gov/ics/advisories/icsa-19-262-01
WECON LeviStudioU (Update A)
WECON has produced Version 1.8.69 to fix the reported vulnerabilities in Version 1.8.56; however, exploits are still successful against this updated version.
https://www.us-cert.gov/ics/advisories/ICSA-19-036-03
VMSA-2019-0014
VMware ESXi, Workstation, Fusion, VMRC and Horizon Client updates address use-after-free and denial of service vulnerabilities. (CVE-2019-5527, CVE-2019-5535)
https://www.vmware.com/security/advisories/VMSA-2019-0014.html
Security updates for Friday
Security updates have been issued by Debian (bird, opendmarc, php7.3, and qemu), Fedora (bird, dino, nbdkit, and openconnect), Oracle (nginx:1.14, patch, and thunderbird), Red Hat (dovecot, kernel, kernel-alt, and kernel-rt), Scientific Linux (thunderbird), and SUSE (kernel, openssl, openssl-1_1, python-SQLAlchemy, and python-Werkzeug).
https://lwn.net/Articles/800149/
Western Digital My Book World II NAS 1.02.12 Hardcoded Credential
https://cxsecurity.com/issue/WLB-2019090130
IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross-Site Request Forgery (CVE-2019-4515 )
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-lifecycle-manager-is-affected-by-cross-site-request-forgery-cve-2019-4515/
IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-oracle-outside-in-technology-affect-ibm-rational-doors-next-generation-7/
IBM Security Bulletin: Synthetic Playback Agent 8.1.4 is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-synthetic-playback-agent-8-1-4-is-affected-by-multiple-vulnerabilities/
IBM Security Bulletin: Synthetic Playback Agent 8.1.4.x is affected by multiple vulnerabilities of Mozilla Firefox
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-synthetic-playback-agent-8-1-4-x-is-affected-by-multiple-vulnerabilities-of-mozilla-firefox/