End-of-Day report
Timeframe:   Mittwoch 10-07-2019 18:00 - Donnerstag 11-07-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a
      News       
Magento Killer
A malicious PHP script, aptly given the name -Magento Killer- by its creator(s), has been found targeting Magento websites. While it doesn-t actually kill the Magento installation, it does allow the attacker to modify data in the core_config_data table of the targeted Magento database. 
https://blog.sucuri.net/2019/07/magento-killer.html
AMDs SEV tech that protects cloud VMs from rogue servers may as well stand for... Still Extremely Vulnerable
Evil hypervisors can work out what apps are running, extract data from encrypted guests Five boffins from four US universities have explored AMDs Secure Encrypted Virtualization (SEV) technology - and found its defenses can be, in certain circumstances, bypassed with a bit of effort.-
http://go.theregister.com/feed/www.theregister.co.uk/2019/07/10/amd_secure_enclave_vulnerability/
Wondering how to whack Zooms dodgy hidden web server on your Mac? No worries, Apples done it for you
iGiant acts to protect users Apple has pushed a silent update to Macs, disabling the hidden web server installed by the popular Zoom web-conferencing software.-
http://go.theregister.com/feed/www.theregister.co.uk/2019/07/11/apple_removes_zooms_dodgy_hidden_web_server_on_mac/
Awesome-Cellular-Hacking
Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the communitys knowledge. Thank you, I plan on frequently updating this "Awesome Cellular Hacking" curated list with the most up to date exploits, blogs, research, and papers.
https://github.com/W00t3k/Awesome-Cellular-Hacking
Your Pa$$word doesnt matter
Every week I have at least one conversation with a security decision maker explaining why a lot of the hyperbole about passwords - -never use a password that has ever been seen in a breach,- -use really long passwords-, -passphrases-will-save-us-, and so on - is inconsistent with our research and with the reality our team sees as we defend against 100s of millions of password-based attacks every day. Focusing on password rules, rather than things that can really help - like multi-factor authentication (MFA), or great threat detection - is just a distraction.
https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa-word-doesn-t-matter/ba-p/731984
Wenn Shoppen per Smartphone zur Falle wird
Online-Shoppen wird immer beliebter. Bereits 60 % der Österreicher/innen bestellen im Internet und klicken sich via Computer, Laptop oder Smartphone durch das Angebot. Speziell mobiles Einkaufen mit dem Smartphone hat jedoch neben den vielen Vorteilen einen großen Nachteil: betrügerische Shops sind am Handy schwieriger zu entlarven, als am Computer.
https://www.watchlist-internet.at/news/wenn-shoppen-per-smartphone-zur-falle-wird/
 Vulnerabilities 
Jira Server and Data Center Update Patches Critical Vulnerability
Atlassian has patched a critical vulnerability affecting Jira Server and Data Center since version 4.4.0, launched in the summer of 2011.
https://www.bleepingcomputer.com/news/security/jira-server-and-data-center-update-patches-critical-vulnerability/
Custom Permissions - Critical - Access bypass - SA-CONTRIB-2019-055
This module enables you to add and manage additional custom permissions through the administration UI.The module doesnt sufficiently check for the proper access permissions to this page.
https://www.drupal.org/sa-contrib-2019-055
Nagios XI CVE-2018-17147 Cross-Site Scripting Vulnerability
Nagios XI is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
https://www.securityfocus.com/bid/109116/discuss
Exiv2 CVE-2019-13504 Remote Denial of Service Vulnerability
An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.
https://www.securityfocus.com/bid/109117/discuss
Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability
A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly.
...
Note: Only traffic directed to the affected system can be used to exploit this vulnerability.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190710-asa-ftd-dos
Citrix SD-WAN Multiple Security Updates
Multiple vulnerabilities have been identified in the management console of the Citrix SD-WAN Center and NetScaler SD-WAN Center. Multiple Vulnerabilities have also been identified on the Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. Collectively, these vulnerabilities could result in an unauthenticated attacker executing commands as root against the SD-WAN Center management console, or potentially be used to gain root privileges on the SD-WAN appliance.
https://support.citrix.com/article/CTX251987
FSC-2019-3: Unauthenticated Remote Code Execution in F-Secure Internet Gatekeeper
A vulnerability was discovered in the web user interface of the F-Secure Internet Gatekeeper product. An unauthenticated user can cause a heap overflow by issuing a malformed HTTP request to the web user interface. A successful attack can lead to remote code execution on the F-Secure Internet Gatekeeper server.
https://www.f-secure.com/en/web/labs_global/fsc-2019-3
Security updates for Thursday
Security updates have been issued by Debian (dosbox and openjpeg2), Oracle (dbus and kernel), Scientific Linux (dbus), Slackware (mozilla), and SUSE (fence-agents, libqb, postgresql10, and sqlite3).
https://lwn.net/Articles/793442/
IBM Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-bind-affects-ibm-integrated-analytics-system/
IBM Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting (XSS) (CVE-2019-4211)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-xss-cve-2019-4211/
IBM Security Bulletin: IBM Jazz for Service Management is missing function level access control that could allow a user to delete authorized resources (CVE-2019-4194)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-jazz-for-service-management-is-missing-function-level-access-control-that-could-allow-a-user-to-delete-authorized-resources-cve-2019-4194/
IBM Security Bulletin: IBM QRadar SIEM is vulnerable to an Information exposure (CVE-2019-4054)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-an-information-exposure-cve-2019-4054/
IBM Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a publicly disclosed vulnerability in Apache Tika (CVE-2018-17197)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-incident-forensics-is-vulnerable-to-a-publicly-disclosed-vulnerability-in-apache-tika-cve-2018-17197/
IBM Security Bulletin: IBM QRadar SIEM is vulnerable to an Information Exposure (CVE-2018-2022)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-an-information-exposure-cve-2018-2022/
IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-2021)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-cve-2018-2021/
IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to OpenSSL vulnerability CVE-2018-5407
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-released-unified-extensible-firmware-interface-uefi-fixes-in-response-to-openssl-vulnerability-cve-2018-5407/
IBM Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Campaign (CVE-2018-1921)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-vulnerability-affects-ibm-campaign-cve-2018-1921/
IBM Security Bulletin: IBM QRadar Incident Forensics is vulnerable to publicly disclosed vulnerabilities from Apache Tika (CVE-2018-11761, CVE-2018-11762, CVE-2018-8017, CVE-2018-11796)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-incident-forensics-is-vulnerable-to-publicly-disclosed-vulnerabilities-from-apache-tika-cve-2018-11761-cve-2018-11762-cve-2018-8017-cve-2018-11796/
Excess resource consumption due to low MSS values vulnerability CVE-2019-11479
https://support.f5.com/csp/article/K35421172
Juniper JUNOS: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K19-0597