End-of-Day report
Timeframe:   Dienstag 13-08-2019 18:00 - Mittwoch 14-08-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a
      News       
New Bluetooth KNOB Flaw Lets Attackers Manipulate Traffic
A new Bluetooth vulnerability named "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.
https://www.bleepingcomputer.com/news/security/new-bluetooth-knob-flaw-lets-attackers-manipulate-traffic/
Dejablue: Erneut Sicherheitslücken im Windows-Remote-Desktop
Microsoft warnt vor zwei Remote-Code-Execution-Bugs im Remote Desktop Service. Damit lassen sich Windows-Rechner übers Netz kapern, wenn sie die Remoteadministration aktiviert haben. Alle aktuellen Windows-Versionen sind betroffen.
https://www.golem.de/news/dejablue-erneut-sicherheitsluecken-im-windows-remote-deskt-1908-143192-rss.html
Project Zero: Windows-Texteingabesystem bietet viele Angriffsmöglichkeiten
Ein Systemdienst für Texteingabemethoden, das es seit Windows XP gibt, wurde offenbar mit wenig Sicherheitsbewusstsein entwickelt. Tavis Ormandy von Google gelang es damit, als Nutzer Systemrechte zu erlangen. Es gibt ein Update von Microsoft, doch das behebt wohl nicht alle Probleme.
https://www.golem.de/news/project-zero-windows-texteingabesystem-bietet-viele-angriffsmoeglichkeiten-1908-143199-rss.html
Debugging for Malware Analysis
This article provides an overview of debugging and how to use some of the most commonly used debuggers. We will begin by discussing OllyDbg; using it, we will explore topics such as setting up breakpoints, stepping through the instructions and modifying the flow of execution. We will then discuss WinDbg, which can be used [...]
https://resources.infosecinstitute.com/debugging-for-malware-analysis/
Nehmen Sie sich vor gefälschten Zahlungsanweisungen in Acht!
Zahlreiche Unternehmen wenden sich mit erfundenen Überweisungs-Aufforderungen im Namen der Geschäftsführung oder anderer Führungspersonen an uns. Die E-Mails stammen von Kriminellen, die die Mail-Adressen durch -Spoofing- imitieren und dadurch nichtsahnende Mitarbeiter/innen zu Überweisungen auf fremde Konten bringen wollen.
https://www.watchlist-internet.at/news/nehmen-sie-sich-vor-gefaelschten-zahlungsanweisungen-in-acht/
This new cryptojacking malware uses a sneaky trick to remain hidden
Norman cryptomining malware was found to have infected almost every system in one organisation during an investigation by security researchers.
https://www.zdnet.com/article/this-new-cryptojacking-malware-uses-a-sneaky-trick-to-remain-hidden/
 Vulnerabilities 
Intel Releases Security Updates
Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates: RAID Web Console 2 Advisory INTEL-SA-00246 NUC Advisory INTEL-SA-00272 [...]
https://www.us-cert.gov/ncas/current-activity/2019/08/13/intel-releases-security-updates
Trend Micro Password Manager - Privilege Escalation to SYSTEM
SafeBreach Labs discovered a new vulnerability in Trend Micro Password Manager software. In this post, we will demonstrate how this vulnerability could have been used in order to achieve privilege escalation and persistence by loading an arbitrary unsigned DLL into a service that runs as NT AUTHORITY\SYSTEM.
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM
DoS-Attacken: Viele Web-Server mit HTTP/2 angreifbar
Forschern zufolge ist ein Großteil von Web-Servern mit HTTP/2 nicht optimal konfiguriert, sodass die Sicherheit gefährdet ist. Patches sind verfügbar.
https://heise.de/-4496647
Security updates for Wednesday
Security updates have been issued by Debian (kernel, linux-4.9, otrs2, and tomcat8), Fedora (igraph and jhead), openSUSE (ansible, GraphicsMagick, kconfig, kdelibs4, live555, mumble, phpMyAdmin, proftpd, python-Django, and znc), Oracle (kernel and openssl), Red Hat (kernel, openssl, and rh-mysql80-mysql), Scientific Linux (kernel and openssl), Slackware (kernel), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork and mariadb-100), and Ubuntu (linux, linux-aws, linux-kvm, [...]
https://lwn.net/Articles/796193/
SAP Patches Highest Number of Critical Flaws Since 2014
SAP-s Security Patch Day updates for August 2019 address three new critical vulnerabilities affecting the company-s products. This is the highest number of critical flaws fixed on the same day since 2014.
https://www.securityweek.com/sap-patches-highest-number-critical-flaws-2014
Mitsubishi Electric smartRTU and INEA ME-RTU
CISA is aware of a public report of a proof-of-concept (PoC) exploit code vulnerability affecting Mitsubishi Electric smartRTU devices. According to this report, there are multiple vulnerabilities that could result in remote code execution with root privileges. CISA is issuing this alert to provide early notice of the report.
https://www.us-cert.gov/ics/alerts/ics-alert-19-255-01
Delta Industrial Automation DOPSoft
This advisory includes mitigations for out-of-bounds read and use after free vulnerabilities reported in Delta Electronics- Delta Industrial Automation DOPSoft HMI editing software.
https://www.us-cert.gov/ics/advisories/icsa-19-225-01
OSIsoft PI Web API
This advisory includes mitigations for inclusion of sensitive information in log files and protection mechanism failure vulnerabilities reported in OSIsoft LLC-s OSIsoft PI Web API.
https://www.us-cert.gov/ics/advisories/icsa-19-225-02
Key Negotiation of Bluetooth Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190813-bluetooth
Two Denial of Service Vulnerabilities on Some Huawei Smartphones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190814-01-mobile-en
August 13, 2019   TNS-2019-05   [R1] Nessus 8.6.0 Fixes One Vulnerability
http://www.tenable.com/security/tns-2019-05
Synology-SA-19:33 HTTP/2 DoS Attacks
https://www.synology.com/en-global/support/security/Synology_SA_19_33