End-of-Day report
Timeframe: Mittwoch 12-02-2020 18:00 - Donnerstag 13-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Microsoft Urges Exchange Admins to Disable SMBv1 to Block Malware
Microsoft is recommending administrators disable the SMBv1 network communication protocol on Exchange servers to provide better protection against malware threats and attacks.
https://www.bleepingcomputer.com/news/microsoft/microsoft-urges-exchange-admins-to-disable-smbv1-to-block-malware/
VU#597809: IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service
Impact: An unauthenticated remote attacker can execute arbitrary code on a vulnerable system, with SYSTEM privileges on Microsoft Windows.
Solution: ServeRAID Manager is no longer supported and we do not expect IBM to release fixes.
https://kb.cert.org/vuls/id/597809
How to escalate privileges and steal secrets in Google Cloud Platform
The problem? There just isnt a lot of information available about GCP written from an attackers perspective. We set out to learn as much as we could about Google Cloud and how an attacker might work to abuse common design decisions
https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/
From S3 bucket to Laravel unserialize RCE
TLDR: Anyone who have access to the app key can both impersonate other users and, if enabled, make the application deserialize arbitrary data.
https://blog.truesec.com/2020/02/12/from-s3-bucket-to-laravel-unserialize-rce/
Tipps für die Sicherheit Ihrer E-Mail-Adressen
Immer wieder erreichen die Watchlist Internet Meldungen verzweifelter KonsumentInnen zu Problemen mit ihren E-Mail-Accounts. So kann es zur Übernahme von Mail-Adressen oder Hacks kommen. Auch vergessene Passwörter, Sicherheitsfragen oder verdächtige Aktivitäten führen häufig zu Schwierigkeiten.
https://www.watchlist-internet.at/news/tipps-fuer-die-sicherheit-ihrer-e-mail-adressen/
Wireshark Tutorial: Examining Qakbot Infections
Brad Duncan is back with a new Wireshark tutorial. This one examines a recent infection of Qakbot (AKA Qbot), which is an information stealer, so security pros can better understand its traffic patterns for detecting and investigating in the future. The post Wireshark Tutorial: Examining Qakbot Infections appeared first on Unit42.
https://unit42.paloaltonetworks.com/tutorial-qakbot-infection/
Vulnerabilities
Security updates for Thursday
Security updates have been issued by Arch Linux (dovecot, firefox, ksh, and webkit2gtk), Debian (firefox-esr and openjdk-8), Mageia (exiv2, flash-player-plugin, python-waitress, and vim and neovim), openSUSE (pcp and rubygem-rack), Oracle (kernel), Red Hat (sudo), and Slackware (libarchive).
https://lwn.net/Articles/812389/
Security Bulletin: CVE-2019-4666 IBM UrbanCode Deploy (UCD) could allow a local user to obtain sensitive information by unmasking certain secure values in documents.
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4666-ibm-urbancode-deploy-ucd-could-allow-a-local-user-to-obtain-sensitive-information-by-unmasking-certain-secure-values-in-documents/
Security Bulletin: vulnerabilities in Nimbus JOSE+JWT affect IBM Watson Machine Learning Accelerator 1.2.1
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-nimbus-josejwt-affect-ibm-watson-machine-learning-accelerator-1-2-1/
Security Bulletin: Authentication bypass in IBM Tivoli Monitoring Service console
https://www.ibm.com/blogs/psirt/security-bulletin-authentication-bypass-in-ibm-tivoli-monitoring-service-console/
Security Bulletin: OpenSSL vulnerability affects IBM Rational Team Concert
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-affects-ibm-rational-team-concert/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-2/
Security Bulletin: CVE-2019-4666 IBM UrbanCode Build (UCB) could allow a local user to obtain sensitive information by unmasking certain secure values in documents.
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4666-ibm-urbancode-build-ucb-could-allow-a-local-user-to-obtain-sensitive-information-by-unmasking-certain-secure-values-in-documents/
Security Bulletin: CVE-2019-0199 The HTTP/2 implementation in embded Apache Tomcat Denial of Service Vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-0199-the-http-2-implementation-in-embded-apache-tomcat-denial-of-service-vulnerability/
Security Bulletin: IBM Tivoli Monitoring Basic Services component (CVE-2019-15903)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-basic-services-component-cve-2019-15903/