2019年9月30日 星期一

Blackmagic Post Production and Camera Update

Now you can test your system’s CPU and GPU performance for working with full resolution Blackmagic RAW video.

the all-new Roku Express

Roku Express. Small but mighty
Meet the all-new Roku Express
Enjoy smooth HD streaming on your TV at our best price, now with a sleek, compact design that fits perfectly on or around your TV.

TrendLabs: September Patch Tuesday Bears More Remote Desktop Vulnerability Fixes and Two Zero-Days

Microsoft’s September Patch Tuesday covered 80 CVEs, 17 of which were rated critical, and included patches for Azure DevOps Server, Chakra Scripting engine, and Microsoft SharePoint. Sixty-two were labeled as important and included patches for Microsoft Excel, Microsoft Edge, and Microsoft Exchange. Only one was rated as moderate.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/september-patch-tuesday-bears-more-remote-desktop-vulnerability-fixes-and-two-zero-days/

ADMIN: Docker image security analysis

Figure 2: The innards of the very popular Nginx container image.
REF: http://www.admin-magazine.com/Articles/Docker-image-security-analysis

Plex: Improved library sharing and management

Improved library sharing and management
Improved library sharing and management
Now all of you iOS, Android, and Plex desktop app users can enjoy a streamlined sharing flow, as well as better management for your shared users.

MagicSoft CG ver 8.1.12


  • Twitter to Text application was updated, now supports long messages.
  • The LiveManager functionality was extended to manage the text files ( enable/disable/edit/delete ) and show the onair messages.

REF: https://www.magicsoft.tv/news.html

TrendLabs: IoT Attack Opportunities Seen in the Cybercrime Underground

Figure 1. A user asking for exploitable vulnerabilities in IoT devices
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/iot-attack-opportunities-seen-in-the-cybercrime-underground/

[USN-4122-1] Firefox vulnerabilities

---------- Forwarded message ---------
From: Chris Coulson
Date: Sep 5, 2019 5:50AM

Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass
Content Security Policy (CSP) protections, bypass same-origin
restrictions, conduct cross-site scripting (XSS) attacks, cause a denial
of service, or execute arbitrary code. (CVE-2019-5849, CVE-2019-11734,
CVE-2019-11735, CVE-2019-11737, CVE-2019-11738, CVE-2019-11740,
CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746,
CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)

It was discovered that a compromised content process could log in to a
malicious Firefox Sync account. An attacker could potentially exploit
this, in combination with another vulnerability, to disable the sandbox.
(CVE-2019-9812)

It was discovered that addons.mozilla.org and accounts.firefox.com could
be loaded in to the same content process. An attacker could potentially
exploit this, in combination with another vulnerability that allowed a
cross-site scripting (XSS) attack, to modify browser settings.
(CVE-2019-11741)

It was discovered that the "Forget about this site" feature in the
history pane removes HTTP Strict Transport Security (HSTS) settings for
sites on the pre-load list. An attacker could potentially exploit this
to bypass the protections offered by HSTS. (CVE-2019-11747)

References:
  https://usn.ubuntu.com/4122-1
  CVE-2019-11734, CVE-2019-11735, CVE-2019-11737, CVE-2019-11738,
  CVE-2019-11740, CVE-2019-11741, CVE-2019-11742, CVE-2019-11743,
  CVE-2019-11744, CVE-2019-11746, CVE-2019-11747, CVE-2019-11748,
  CVE-2019-11749, CVE-2019-11750, CVE-2019-11752, CVE-2019-5849,
  CVE-2019-9812

TrendLabs: ‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell



Figure 1. Purple Fox’s infection chain that abuses PowerShell
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-now-abuses-powershell/

LM: exFAT Is Coming to Linux

exFAT is one of the most popular file systems used on external devices like SD cards and Flash drives. Microsoft collects license fees from the vendors that use exFAT in their products.

In an unexpected move, Microsoft made two decisions that make exFAT an "open" (but not open source) file format that anyone can use.

REF: http://www.linux-magazine.com/Online/News/exFAT-Is-Coming-to-Linux

2019年9月20日 星期五

TrendLabs: Malware Classification with ‘Graph Hash,’ Applied to the Orca Cyberespionage Campaign


Figure 1. An example of a call graph plotted via Interactive Disassembler Pro (IDA Pro)
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/malware-classification-with-graph-hash-applied-to-the-orca-cyberespionage-campaign/

2019年9月19日 星期四

[Checkmk Announce] New Checkmk stable release 1.5.0p22

---------- Forwarded message ---------
From: Checkmk Announcements
Date: Mon, Sep 9, 2019 at 8:47 PM

Livestatus:
* 8954 FIX: livestatus: Fixed possible decode error

HW/SW inventory:
* 8825 FIX: win_wmi_updates: Do not inventorize header line
* 8951 FIX: HW/SW inventory: Fixed active service state if software/packages information is missing

Event console:
* 7939 FIX: Fixed address => host name mapping for events

Checks & agents:
* 8808 FIX: zfsget: readd fallback for very old zfs pool versions
* 8938 FIX: websphere_mq_queues: Skip lines if agent sends testing or invalid data
* 8922 FIX: veeam_tapejobs: Fixed crash because of missing columns
* 8831 FIX: ups_test: Show generic message 'Item not found' if needed values (UPS diagnostics) are missing
* 8936 FIX: tsm_scratch: Do not crash and skip check if agent sends invalid data
* 7959 FIX: statgrab_mem,aix_memory,docker_conteiner_mem,solaris_mem,mem: Fixed wrong unit of SWAP in service output
* 8977 FIX: skype.mobile: Fix crash in case of missing counters
* 8921 FIX: sansymphony_serverstatus: Do not discover if info empty
* 8934 FIX: rstcli: Skip check plugin if command rstcli is not found
* 8829 FIX: netapp_api_volumes: Fixed wrong scaling of latency values
* 8925 FIX: netapp_api_aggr: Do not discover if needed values about available and total size are missing
* 8900 FIX: mysql_capacity: Fix problem with warn/crit size
NOTE: Please refer to the migration notes!
* 8947 FIX: mq_queues: Fixed crash because default parameters were not discovered correctly
* 8950 FIX: mknotifyd: Do not crash if agent output contains invalid lines
* 8806 FIX: mk_oracle: Fixed discovery of XE instances on Oracle 18c
NOTE: Please refer to the migration notes!
* 8804 FIX: mk_oracle: Fixed compatibility to oracle 19c
* 8920 FIX: megaraid_ldisks: Show generic message 'Item not found' if state information is missing
* 8940 FIX: mbg_lantime_ng_refclock: Fixed crash if field strength cannot be calculated
* 8943 FIX: kemp_loadmaster_services: Treat unknown service state as UNKNOWN
* 8939 FIX: juniper_trpz_aps_sessions: Skip radios which do not provide useful data
* 8792 FIX: ipmi_sensors: Fix crash in the parse function
* 8956 FIX: ipmi_common.include: Fixed detecting temperature performance data
* 8927 FIX: hp_psu.temp: Use generic 'Item not found' if data of an item is missing
* 8807 FIX: hp_proliant_temp: crash if temp device is not known
* 8833 FIX: hp_msa_fan: Translate status and health status regardless of language
* 8948 FIX: heartbeat_crm: Fixed crash while checking status of the resource
* 8785 FIX: fileinfo.groups: don't crash if the service is clustered
* 8933 FIX: fast_lta_headunit: Do not crash if states about head unit, slave and replication are missing
* 7961 FIX: f5_bigip_vserver: Handle imcomplete information
* 8955 FIX: esx_vsphere_hostsystem: Fixed evaluating additional CPU levels
* 8834 FIX: enterasys_powersupply: Do not crashed while translating redundancy and supply types
* 8980 FIX: docker_node_info: Support yet another output format
* 8935 FIX: dell_om_processors: Unknown device or CPU state cause an UNKNOWN service state
* 8926 FIX: dell_idrac_info: Fixed crash if BIOS date cannot be converted or is missing
* 8957 FIX: dell_compellent_controller, dell_compellent_disks, dell_compellent_enclosure: Fixed unknown device state crash
* 8941 FIX: db2_bp_hitratios: Do not crash if no hit ratio data is available on the related node
* 8931 FIX: cmctc_state: Handle unknown states
* 8928 FIX: citrix_controller: Add the licensing grace state 'Expired'
* 8944 FIX: cisco_wlc_clients: Fixed crash if lower levels but no upper levels are set
* 8945 FIX: cisco_temperature: If the SNMP device does not send a temperature value, use the device state instead
* 8929 FIX: cisco_fan: Fixed crash if device status is unknown
* 7932 FIX: check_sftp: support for custom ports for SFTP
* 8972 FIX: check_icmp: Bug fix for connecting option IPv6
* 8826 FIX: canon_pages: Fixed SNMP scan of Canon printers
* 8949 FIX: aws_ec2.disk_io: Do not crash if some values about disk IO are missing
* 8832 FIX: akcp_sensor_humidity: Do not crash if percentual value about humidity is missing
* 8937 FIX: aix_diskiod: Skip lines which do not contain data about DISK IO
* 7272 FIX: agent_netapp: now able to continue on malformed xml data
* 8830 FIX: MSSQL checks: Do not crash if line contains invalid data
* 8908 FIX: Fixes calculations of latency for netapp_api_vs_traffic
* 7962 FIX: Fix various bugs in the liebert* check plugins
* 7449 FIX: Fix Remove spurious perfdata in IF checks
* 8932 FIX: Do not crash if at least one data set of resources, groups, system or cluster is missing
* 8822 FIX: 3par_hosts: Do not crash if OS info is missing

You can download Checkmk from our download page:
 * https://checkmk.com/download.php

Emotional intelligence: How to stay calm in high-pressure situations

Effective leaders know how to regulate and manage powerful emotions. Indeed, the ability to maintain composure and steadiness in times of crisis is a key element of so-called “executive presence.” It not only has a calming effect on others but also inspires confidence. This ability falls within the realm of emotional intelligence – and like other aspects of EQ, it requires learning and practice.
REF: https://enterprisersproject.com/article/2019/8/emotional-intelligence-how-stay-calm-under-pressure

[USN-4135-1] Linux kernel vulnerabilities

---------- Forwarded message ---------
From: Steve Beattie
Date: Sep 18, 2019 7:44PM

Peter Pi discovered a buffer overflow in the virtio network backend
(vhost_net) implementation in the Linux kernel. An attacker in a guest may
be able to use this to cause a denial of service (host OS crash) or
possibly execute arbitrary code in the host OS. (CVE-2019-14835)

It was discovered that the Linux kernel on PowerPC architectures did not
properly handle Facility Unavailable exceptions in some situations. A local
attacker could use this to expose sensitive information. (CVE-2019-15030)

It was discovered that the Linux kernel on PowerPC architectures did not
properly handle exceptions on interrupts in some situations. A local
attacker could use this to expose sensitive information. (CVE-2019-15031)

References:
  https://usn.ubuntu.com/4135-1
  CVE-2019-14835, CVE-2019-15030, CVE-2019-15031

Kali Linux NetHunter for Nexus and OnePlus

The Kali Linux NetHunter project is the first Open Source Android penetration testing platform for Nexus devices, created as a joint effort between the Kali community member “BinkyBear” and Offensive Security. NetHunter supports Wireless 802.11 frame injection, one-click MANA Evil Access Point setups, HID keyboard (Teensy like attacks), as well as BadUSB MITM attacks – and is built upon the sturdy shoulders of the Kali Linux distribution and toolsets. Whether you have a Nexus 5Nexus 6Nexus 7Nexus 9, Nexus 10 or OnePlus One we’ve got you covered. Our freely downloadable images come with easy to follow installation and setup instructions to get you up and running in no time at all.
Nexus NetHunter Devices

2019年9月15日 星期日

[USN-4120-1] systemd vulnerability

---------- Forwarded message ---------
From: Chris Coulson
Date: Sep 4, 2019 6:48AM

It was discovered that the systemd-resolved D-Bus interface did not
enforce appropriate access controls. A local unprivileged user could
exploit this to modify a system's DNS resolver settings.

References:
  https://usn.ubuntu.com/4120-1
  CVE-2019-15718

2019年9月14日 星期六

TrendLabs: Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion

Figure 4. A spam mail snippet with the targeted email address
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-abuses-php-functions-for-persistence-uses-compromised-devices-for-evasion-and-intrusion/

2019年9月13日 星期五

Plex: Desktop AF

Desktop AF
As you may have noticed, we recently released our new desktop app for Mac and Windows, supercharged with the best-in-class mpv playback engine. And for our Plex Pass subscribers, you can now download media content directly to your desktop app.

TrendLabs: Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions

Figure. 1
Figure 1. Glupteba campaign attack flow
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/glupteba-campaign-hits-network-routers-and-updates-cc-servers-with-data-from-bitcoin-transactions/

LM: Debian 10 "Buster"

Debian 10 "Buster"


The legendary Debian is an independent, community-based distro with an impressive worldwide network of volunteers. Careful testing and an extra-long development cycle give Debian a reputation for stability. Debian, which contains no proprietary components, serves as the basis for several popular Linux systems, including Ubuntu, Knoppix, and more. The latest release comes with both Wayland and Xorg display servers. AppArmor and the nftables firewall are included by default, along with simplified UEFI support and updates to thousands of packages in the vast Debian repositories.
REF: http://www.linux-magazine.com/Issues/2019/227/This-Month-s-DVD

ADMIN: Open Source Webmin had Backdoor for More Than a Year

Webmin developer's have disclosed the critical zero-day vulnerability found last week wasn’t a flaw; it was planted by a hacker.

Someone planted a backdoor into the build infrastructure of Webmin, and it remained undetected through version 1.882 to 1.921.

REF: http://www.admin-magazine.com/News/Open-Source-Webmin-had-Backdoor-for-More-Than-a-Year

2019年9月9日 星期一

TrendLabs: Hiding in Plain Text: Jenkins Plugin Vulnerabilities

Figure 3. Storing credentials using the Jenkins Credentials reference
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-text-jenkins-plugin-vulnerabilities/

2019年9月8日 星期日

[USN-4121-1] Samba vulnerability

---------- Forwarded message ---------
From: Steve Beattie
Date: Sep 4, 2019 6:03AM

Stefan Metzmacher discovered that the Samba SMB server did not properly
prevent clients from escaping outside the share root directory in
some situations. An attacker could use this to gain access to files
outside of the Samba share, where allowed by the permissions of the
underlying filesystem.

References:
  https://usn.ubuntu.com/4121-1
  CVE-2019-10197

TrendLabs: TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy

Figure 3. .LNK shortcut in .ISO file
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/ta505-at-it-again-variety-is-the-spice-of-servhelper-and-flawedammyy/

Updated Debian 9: 9.10 released

---------- Forwarded message ---------
From Donald Norwood
Date: Sep 8, 2019 2:23AM
------------------------------------------------------------------------
The Debian Project                               https://www.debian.org/
Updated Debian 9: 9.10 released                         press@debian.org
September 7th, 2019          https://www.debian.org/News/2019/2019090702
------------------------------------------------------------------------
The Debian project is pleased to announce the tenth update of its
oldstable distribution Debian 9 (codename "stretch"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
...
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to , or contact the
stable release team at .

TrendLabs: Analysis: New Remcos RAT Arrives Via Phishing Email

Figure 3. Sample of string decoding
Figure 3. Sample of string decoding
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/analysis-new-remcos-rat-arrives-via-phishing-email/

Proxmox Mail Gateway 6.0

The highlights of the new major relase include:
  • Based on Debian 10.0 (Buster) and Linux Kernel 5.0.21
  • Improved support for ZFS on UEFI and on NVMe devices
  • Updated Spam Assassin rules.
  • The Mail filter now logs the rule name.
  • The system logs get displayed faster in the GUI because they now use the ‘mini-journalreader’ instead of ‘journalctl’.
  • and more...

Forum announcement

Download

TrendLabs: Adware Posing as 85 Photography and Gaming Apps on Google Play Installed Over 8 Million Times

Figure 1. Screenshot of the applications embedded with adware
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/adware-posing-as-85-photography-and-gaming-apps-on-google-play-installed-over-8-million-times/

Updated Debian 10: 10.1 released

---------- Forwarded message ---------
From: Donald Norwood
Date: Sep 8, 2019 2:20AM
------------------------------------------------------------------------
The Debian Project                               https://www.debian.org/
Updated Debian 10: 10.1 released                        press@debian.org
September 7th, 2019            https://www.debian.org/News/2019/20190907
------------------------------------------------------------------------
The Debian project is pleased to announce the first update of its stable
distribution Debian 10 (codename "buster"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
...
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to , or contact the
stable release team at .

2019年9月1日 星期日

TrendLabs: Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities

Figure 1. Infection chain of Asruex
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/asruex-backdoor-variant-infects-word-documents-and-pdfs-through-old-ms-office-and-adobe-vulnerabilities/

[USN-4113-1] Apache HTTP Server vulnerabilities

---------- Forwarded message ---------
From: Steve Beattie
Date: Aug 30, 2019 7:57AM

Stefan Eissing discovered that the HTTP/2 implementation in Apache
did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in
some situations. A remote attacker could use this to cause a denial
of service (daemon crash). This issue only affected Ubuntu 18.04 LTS
and Ubuntu 19.04. (CVE-2019-0197)

Craig Young discovered that a memory overwrite error existed in
Apache when performing HTTP/2 very early pushes in some situations. A
remote attacker could use this to cause a denial of service (daemon
crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.
(CVE-2019-10081)

Craig Young discovered that a read-after-free error existed in the
HTTP/2 implementation in Apache during connection shutdown. A remote
attacker could use this to possibly cause a denial of service (daemon
crash) or possibly expose sensitive information. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)

Matei Badanoiu discovered that the mod_proxy component of
Apache did not properly filter URLs when reporting errors in some
configurations. A remote attacker could possibly use this issue to
conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)

Daniel McCarney discovered that mod_remoteip component of Apache
contained a stack buffer overflow when parsing headers from a trusted
intermediary proxy in some situations. A remote attacker controlling a
trusted proxy could use this to cause a denial of service or possibly
execute arbitrary code. This issue only affected Ubuntu 19.04.
(CVE-2019-10097)

Yukitsugu Sasaki discovered that the mod_rewrite component in Apache
was vulnerable to open redirects in some situations. A remote attacker
could use this to possibly expose sensitive information or bypass
intended restrictions. (CVE-2019-10098)

Jonathan Looney discovered that the HTTP/2 implementation in Apache did
not properly limit the amount of buffering for client connections in
some situations. A remote attacker could use this to cause a denial
of service (unresponsive daemon). This issue only affected Ubuntu
18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)

References:
  https://usn.ubuntu.com/4113-1
  CVE-2019-0197, CVE-2019-10081, CVE-2019-10082, CVE-2019-10092,
  CVE-2019-10097, CVE-2019-10098, CVE-2019-9517

Live streaming help from Wowza

With Wowza Professional Services, you can rely on the experts who live and breathe streaming. Our engineers will work with you to accelerate time to value, optimize your integration, and tailor your workflow with a custom solution.

[LSN-0054-1] Linux kernel vulnerability

---------- Forwarded message ---------
From:
Date: Aug 29, 2019 4:35AM

It was discovered that the USB video device class implementation in the
Linux kernel did not properly validate control bits, resulting in an out of
bounds buffer read. A local attacker could use this to possibly expose
sensitive information (kernel memory). (CVE-2019-2101)

It was discovered that the Marvell Wireless LAN device driver in the Linux
kernel did not properly validate the BSS descriptor. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-3846)

It was discovered that a heap buffer overflow existed in the Marvell
Wireless LAN device driver for the Linux kernel. An attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-10126)

It was discovered that the PowerPC dlpar implementation in the Linux kernel
did not properly check for allocation errors in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2019-12614)

It was discovered that a NULL pointer dereference vulnerabilty existed in
the Near-field communication (NFC) implementation in the Linux kernel. An
attacker could use this to cause a denial of service (system crash).
(CVE-2019-12818)

It was discovered that the MDIO bus devices subsystem in the Linux kernel
improperly dropped a device reference in an error condition, leading to a
use-after-free. An attacker could use this to cause a denial of service
(system crash). (CVE-2019-12819)

It was discovered that a NULL pointer dereference vulnerability existed in
the Near-field communication (NFC) implementation in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2019-12984)

Jann Horn discovered that the ptrace implementation in the Linux kernel did
not properly record credentials in some situations. A local attacker could
use this to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2019-13272)

References:
  CVE-2018-1129, CVE-2019-2101, CVE-2019-3846, CVE-2019-10126,
  CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984,
  CVE-2019-13272

TrendLabs: LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script

Figure. 1
Figure 1. The LLDBFuzzer Architecture
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/lldbfuzzer-debugging-and-fuzzing-the-apple-kernel-with-lldb-script/