End-of-Day report
Timeframe:   Mittwoch 23-10-2019 18:00 - Donnerstag 24-10-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a
      News       
Your Supply Chain Doesnt End At Receiving: How Do You Decommission Network Equipment?, (Thu, Oct 24th)
Trying to experiment with cutting edge security tools, without breaking the bank, often leads me to used equipment on eBay. High-end enterprise equipment is usually available at a bargain-basement price. For experiments or use in a home/lab network, I am willing to take the risk to receive the occasional "dud," and I usually can do without the support and other perks that come with equipment purchased full price.
https://isc.sans.edu/diary/rss/25448
Windows Debugging & Exploiting Part 1 - Environment Setup
In this blog series, I will try to set some base knowledge for Windows system debugging & exploitation and present how to setup an environment for remote kernel debugging. This environment will be useful for learning Windows internals and indispensable for our future posts about its exploitation. About Windows internals, I really recommend the training from Pavel Yosifovich on Pluralsight that will expand your familiarity with the system if you are new to the topic.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debugging-exploiting-part-1-environment-setup/
Warnung vor Handybezahlfalle auf Facebook
Bei der Rundfunk und Telekom Regulierungs-GmbH (RTR) häufen sich derzeit Beschwerden über unerwartet hohe Handyrechnungen. Die Betroffenen wurden über Facebook in eine Handyfalle gelockt. Sie tätigten unwissentlich teure Einkäufe, die dann über ihr Handy bezahlt wurden.
https://help.orf.at/stories/2993419/
Android Adware-Entwickler aufgespürt
ESET-Forscher beschreiben, wie sie eine einjährige Adware-Kampagne bei Google Play entdeckten, die Millionen von Usern beeinträchtigte.
https://www.welivesecurity.com/deutsch/2019/10/24/android-adware-entwickler-aufgespuert/
Some ICS Security Incidents Resulted in Injury, Loss of Life: Survey
ATLANTA - SECURITYWEEK 2019 ICS CYBER SECURITY CONFERENCE - Some of the recent cybersecurity incidents involving industrial control systems (ICS) have resulted in injury and even loss of life, according to a survey conducted by Control Systems Cyber Security Association International (CS2AI).
https://www.securityweek.com/some-ics-security-incidents-resulted-injury-loss-life-survey
Führerscheine legal online kaufen? Mitnichten!
KonsumentInnen, die sich im Internet über den Führerschein informieren, stoßen womöglich auch auf Websites wie billigerfuehrerschein.com oder fuhrerschein-online.com. Die betrügerischen Websites werben mit dem legalen Verkauf von Führerscheinen ohne Fahr- und Theorieprüfungen. Achtung: Sowohl die Herstellung als auch die Nutzung derartiger Dokumente ist illegal, es kommt zu keiner Lieferung und bezahltes Geld ist weg.
https://www.watchlist-internet.at/news/fuehrerscheine-legal-online-kaufen-mitnichten/
Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 2)
Part 2 of a 3-part blog series that offers a more technical perspective and begins looking at common obfuscation techniques and methods for hiding data within PowerShell that can be reversed.
https://unit42.paloaltonetworks.com/practical-behavioral-profiling-of-powershell-scripts-through-static-analysis-part-2/
 Vulnerabilities 
EOL D-Link Routers Vulnerable to Remote Command Execution
Original release date: October 24, 2019The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2019-16920) affecting multiple D-Link routers. A remote attacker could exploit this vulnerability to take control of an affected device.D-Link no longer provides support to the affected end-of-life (EOL) devices, and updates will not be made available.
https://www.us-cert.gov/ncas/current-activity/2019/10/24/eol-d-link-routers-vulnerable-remote-command-execution
SYSS-2019-009, SYSS-2019-010 und SYSS-2019-011: Schwachstellen in weiterer Funktastatur mit "sicherer" 2,4-GHz-Technologie
SySS IT-Sicherheitsexperte Matthias Deeg fand im Rahmen eines Forschungsprojekts zu drahtlosen Eingabegeräten (siehe auch 1 und 2) drei Sicherheitsschwachstellen im Fujitsu Wireless Keyboard Set LX390. Diese drei Schwachstellen betreffen einen fehlenden Schutz vor Replay-Angriffen, eine fehlende Verschlüsselung von per Funkkommunikation übertragenen sensiblen Daten und die Möglichkeit für Keystroke Injection-Angriffe.
https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/
Sicherheitspatches: Angreifer könnten mit Admin-Rechten auf Junos OS zugreifen
Die Entwickler des Betriebssystems für Netzwerkgeräte Junos OS haben eine gefährliche Sicherheitslücke geschlossen.
https://heise.de/-4567444
Security updates for Thursday
Security updates have been issued by Debian (file), Mageia (bind, chromium-browser-stable, java-1.8.0-openjdk, libsndfile, mediawiki, and virtualbox), Oracle (firefox), Red Hat (firefox and sudo), Scientific Linux (firefox and OpenAFS), SUSE (kernel, lz4, rust, and xen), and Ubuntu (firefox).
https://lwn.net/Articles/803068/
IBM Security Bulletin: Multiple vulnerabilities in MongoDB server affect IBM Cloud App Management
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-mongodb-server-affect-ibm-cloud-app-management/
IBM Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2019-10197)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-samba-affects-ibm-spectrum-scale-smb-protocol-access-method-cve-2019-10197/
IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-cloud-app-management-2/
IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-cloud-app-management/
IBM Security Bulletin: Multiple vulnerabilities in the IBM i HTTP Server affect IBM i.
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-the-ibm-i-http-server-affect-ibm-i/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-2/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-cloud-manager-with-openstack-6/
IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud (CVE-2019-4304, CVE-2019-4305)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-liberty-for-java-for-ibm-cloud-cve-2019-4304-cve-2019-4305/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-cloud-manager-with-openstack-5/
libcurl vulnerability CVE-2018-16890
https://support.f5.com/csp/article/K03314397
Linux kernel vulnerability CVE-2019-15916
https://support.f5.com/csp/article/K57418558