[USN-3922-2] PHP vulnerabilities

---------- Forwarded message ---------
From: Leonidas S. Barbosa
Date: Apr 23, 2019 10:42PM

USN-3922-1 fixed vulnerabilities in PHP. This update provides the
corresponding update for Ubuntu 14.04 LTS.

It was discovered that PHP incorrectly handled certain files. An
attacker could possibly use this issue to access sensitive information.
(CVE-2019-9022)

It was discovered that PHP incorrectly handled certain files. An
attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-9675)

Original advisory details:

 It was discovered that PHP incorrectly handled certain inputs. An
 attacker could possibly use this issue to expose sensitive
 information. (CVE-2019-9637, CVE-2019-9638, CVE-2019-9639,
 CVE-2019-9640, CVE-2019-9641)

References:
  https://usn.ubuntu.com/usn/usn-3922-2
  https://usn.ubuntu.com/usn/usn-3922-1
  CVE-2019-9022, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639,
  CVE-2019-9640, CVE-2019-9641, CVE-2019-9675

TrendLabs: Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse

Figure 11. Executing the miner payload.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/miner-malware-spreads-beyond-china-uses-multiple-propagation-methods-including-eternalblue-powershell-abuse/

OpenBSD 6.5 released -- Apr 24 2019

---------- Forwarded message ---------
From: Theo de Raadt
Date: Wed, Apr 24, 2019 at 9:49 PM

OpenBSD 6.5 builds finished a week early, so the May 1 dated code can
go out the door 1 week early.

----------------------------------- OpenBSD 6.5 RELEASED -------------------------------------------------

May 1, 2019.

We are pleased to announce the official release of OpenBSD 6.5.
This is our 46th release.  We remain proud of OpenBSD's record of more
than twenty years with only two remote holes in the default install.

As in our previous releases, 6.5 provides significant improvements,
including new features, in nearly all areas of the system...

Introducing Wowza Streaming Cloud™ SDKs

We are excited to introduce the addition of Wowza Streaming Cloud™ Ruby and Java SDKs! The addition of the Ruby and Java client SDKs expands the options you have to easily incorporate live streaming into your applications. You now have the ability to leverage either the RESTful API or client SDKs — providing you robust, scalable, and flexible options for integrating live video programmatically.  With Wowza Streaming Cloud SDKs, You Get:  Faster development time The ability to leverage all of Wowza Streaming Cloud’s capabilities Unparalleled reliability and global scalability

TrendLabs: Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec

Figure 1. Timeline of events that led to the execution of the BitPaymer ransomware variant

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/account-with-admin-privileges-abused-to-install-bitpaymer-ransomware-via-psexec/

[Check_mk Announce] New Check_MK stable release 1.5.0p15

---------- Forwarded message ---------
From: Check_mk Announcements
Date: Thu, Apr 18, 2019 at 8:22 AM
...
WATO:
* 7257 WATO: The host diagnose page now also indicates if there are errors in the agent datasource

User interface:
* 7258 SLA configuration: Percentage values are now always shown with three decimal places
* 7337 FIX: Fix handling of dashlet exception breaking whole dashboard

Notifications:
* 7339 FIX: Fixed broken mail notifications with Nagios core (1.5.0p14 regression)

HW/SW inventory:
* 7367 FIX: oracle_tablespaces: Fixed wrong scaling of free space and increment size

Checks & agents:
* 7438 Perf-O-Meter and Graphs for CPU Utilization in statgrab_cpu check
* 7050 FIX: nginx_status: Add missing metric definitions
* 7364 FIX: check_mk_agent.{aix,solaris}: Fixed possibly disappeared inventory entries
* 7399 FIX: apache_status: regression for local hosts with python < 2.7
* 7372 FIX: agent_aws: Fixed restriction of services by tags
...
You can download Check_MK from our download page:
 * http://mathias-kettner.de/check_mk_download.html

Plex: ASUSTOR + Plex = cool

Ready to dive into the NAS lifestyle? ASUSTOR network attached storage devices run Plex, making it easy to store all your precious personal media and share across all your devices, both in and outside your home. Running an ASUSTOR NAS with Plex is a great solution for adding storage and streamlining your home media set-up.

[openssh-unix-announce] Announce: OpenSSH 8.0 released

---------- Forwarded message ---------
From: Damien Miller
Date: Apr 18, 2019 9:36AM

OpenSSH 8.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
...
This release contains mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.

This release adds client-side checking that the filenames sent from
the server match the command-line request,

The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead.

TrendLabs: Patch With March macOS Updates: Vulnerabilities May Expose Restricted Information, Enable Arbitrary Code Execution

Figure 1. A PoC code segment of CVE-2019-8519 with the graphic card driver flaw abused.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/patch-with-march-macos-updates-vulnerabilities-may-expose-restricted-information-enable-arbitrary-code-execution/

Trello: Stuck In A Rut? How Passion Projects Can Reignite Your Motivation

What do Gmail and “Green Eggs and Ham” have in common? The second most-used email provider and the classic children’s books by Dr. Seuss both started out as passion projects—side work that was given the freedom to flourish. That’s right, if Google and publishing company Houghton Mifflin hadn’t embraced their employees’ interests, the world would be a very different place today.

REF: https://blog.trello.com/passion-projects-at-work

New Proxmox VE 5.4 with Ceph installation wizard

These are the highlights of the new version 5.4:

• Debian Stretch 9.8 and Linux Kernel 4.15,
• New installation wizard for Ceph,
• New HA policies freeze/fail-over/default for greater flexibility,
• Suspend to disk/Hibernation support for Qemu guests,
• Support for Universal 2nd Factor (U2F) authentication,
• Improved ISO installation wizard,
• New options for Qemu guest creation wizard,
• and many more..

Forum announcement

https://forum.proxmox.com/threads/proxmox-ve-5-4-released.53297/

TrendLabs: New Version of XLoader That Disguises as Android Apps and an iOS Profile Holds New Links to FakeSpy

Figure 1. Screenshot of a fake website that hosts XLoader

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/

Plex: Antennas Direct makes Live TV easy!

Antennas Direct makes Live TV easy!

We’ve made it easier than ever for Plex Pass subscribers to enjoy Live TV and DVR, with added support for the ClearStream tuner from Antennas Direct. Now, AD has upped the ante by offering a sweet price on their best antennas, bundled with the ClearStream tuner.

Blackmagic Design Update from NAB 2019

NAB 2019 Update It’s NAB time again and we have been working hard on some exciting new products we would like to update you on. This year, we are introducing a new range of 8K products as well as DaVinci Resolve 16, a major update that also introduces a whole new way to edit. The new 8K products are easily some of our most powerful products, offering more advanced features even when working in HD, Ultra HD or 8K. That means they’re future proof and ready to use for 8K work the moment you need it!

TrendLabs: April’s Patch Tuesday Fixes Two Vulnerabilities Being Exploited in the Wild

Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, .NET Framework and ASP.NET, Exchange Server, Visual Studio, Skype for Business, Azure DevOps Server, Open Enclave SDK, and Team Foundation Server. Two of the vulnerabilities were disclosed via the Zero Day Initiative (ZDI).

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/aprils-patch-tuesday-fixes-two-vulnerabilities-being-exploited-in-the-wild/

EFF: The European Copyright Directive

During the week of March 25, the European Parliament will hold the final vote on the Copyright Directive, the first update to EU copyright rules since 2001; normally this would be a technical affair watched only by a handful of copyright wonks and industry figures, but the Directive has become the most controversial issue in EU history, literally, with the petition opposing it attracting more signatures than any other petition in change.org’s history.

TrendLabs: Malware in Smart Factories: Top Security Threats to Manufacturing Environments

Figure 1. Detections of autorun.inf across industries, with manufacturing having the highest, based on data from the Trend Micro™ Smart Protection Network™ infrastructure for the period from July to December 2018

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/malware-in-smart-factories-top-security-threats-to-manufacturing-environments/

[USN-3939-1] Samba vulnerability

---------- Forwarded message ---------
From: Marc Deslauriers
Date: Apr 8, 2019 10:29PM
...
Michael Hanselmann discovered that Samba incorrectly handled registry
files. A remote attacker could possibly use this issue to create new
registry files outside of the share, contrary to expectations.
...
References:
  https://usn.ubuntu.com/usn/usn-3939-1
  CVE-2019-3880

Plex: New look on Roku and Apple TV!

Our mission is to provide a beautiful and unified media experience across all of your devices, and we are always striving to get mo’ betta. As such, we are proud to announce our brand new big screen experience, which we are really excited to share with you all. The new interface includes a brand new sidebar that lets you see all the stuff you care about, and none of the stuff you don’t.

TrendLabs: Phishing Attack Uses Browser Extension Tool SingleFile to Obfuscate Malicious Log-in Pages

Figure 1. Tool options for the Chrome version of SingleFile

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/phishing-attack-uses-browser-extension-tool-singlefile-to-obfuscate-malicious-log-in-pages/

[USN-3931-1] Linux kernel vulnerabilities

---------- Forwarded message ---------
From: Steve Beattie
Date: Apr 3 2019, 9:54AM

M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not
properly set up all arguments to an error handler callback used when
running as a paravirtualized guest. An unprivileged attacker in a
paravirtualized guest VM could use this to cause a denial of service (guest
VM crash). (CVE-2018-14678)

It was discovered that the KVM implementation in the Linux kernel on ARM
64bit processors did not properly handle some ioctls. An attacker with the
privilege to create KVM-based virtual machines could use this to cause a
denial of service (host system crash) or execute arbitrary code in the
host. (CVE-2018-18021)

Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the
Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2018-19824)

Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information
leak in the Bluetooth implementation of the Linux kernel. An attacker
within Bluetooth range could use this to expose sensitive information
(kernel memory). (CVE-2019-3459, CVE-2019-3460)

Jann Horn discovered that the KVM implementation in the Linux kernel
contained a use-after-free vulnerability. An attacker in a guest VM with
access to /dev/kvm could use this to cause a denial of service (guest VM
crash). (CVE-2019-6974)

Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in
the KVM subsystem of the Linux kernel, when using nested virtual machines.
A local attacker in a guest VM could use this to cause a denial of service
(system crash) or possibly execute arbitrary code in the host system.
(CVE-2019-7221)

Felix Wilhelm discovered that an information leak vulnerability existed in
the KVM subsystem of the Linux kernel, when nested virtualization is used.
A local attacker could use this to expose sensitive information (host
system memory to a guest VM). (CVE-2019-7222)

Jann Horn discovered that the eBPF implementation in the Linux kernel was
insufficiently hardened against Spectre V1 attacks. A local attacker could
use this to expose sensitive information. (CVE-2019-7308)

It was discovered that a use-after-free vulnerability existed in the user-
space API for crypto (af_alg) implementation in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2019-8912)

It was discovered that the Linux kernel did not properly deallocate memory
when handling certain errors while reading files. A local attacker could
use this to cause a denial of service (excessive memory consumption).
(CVE-2019-8980)

Jann Horn discovered that the mmap implementation in the Linux kernel did
not properly check for the mmap minimum address in some situations. A local
attacker could use this to assist exploiting a kernel NULL pointer
dereference vulnerability. (CVE-2019-9213)

References:
  https://usn.ubuntu.com/usn/usn-3931-1
  CVE-2018-14678, CVE-2018-18021, CVE-2018-19824, CVE-2019-3459,
  CVE-2019-3460, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222,
  CVE-2019-7308, CVE-2019-8912, CVE-2019-8980, CVE-2019-9213

TrendLabs: Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole

Figure 1. Soula’s attack chain.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/desktop-mobile-phishing-campaign-targets-south-korean-websites-steals-credentials-via-watering-hole/

[USN-3923-1] QEMU vulnerabilities

---------- Forwarded message ---------
From: Marc Deslauriers
Date: Mar 27, 2019 8:44PM

Michael Hanselmann discovered that QEMU incorrectly handled the Media
Transfer Protocol (MTP). An attacker inside the guest could use this issue
to read or write arbitrary files and cause a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 18.10.
(CVE-2018-16867)

Michael Hanselmann discovered that QEMU incorrectly handled the Media
Transfer Protocol (MTP). An attacker inside the guest could use this issue
to read arbitrary files, contrary to expectations. This issue only affected
Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16872)

Zhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System
support. An attacker inside the guest could use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2018-19489)

Li Quang and Saar Amar discovered multiple issues in the QEMU PVRDMA
device. An attacker inside the guest could use these issues to cause a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 18.10. These issues were resolved by disabling PVRDMA
support in Ubuntu 18.10. (CVE-2018-20123, CVE-2018-20124, CVE-2018-20125,
CVE-2018-20126, CVE-2018-20191, CVE-2018-20216)

Michael Hanselmann discovered that QEMU incorrectly handled certain i2c
commands. A local attacker could possibly use this issue to read QEMU
process memory. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2019-3812)

It was discovered that QEMU incorrectly handled the Slirp networking
back-end. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service, or possibly execute arbitrary
code on the host. In the default installation, when QEMU is used with
libvirt, attackers would be isolated by the libvirt AppArmor profile.
(CVE-2019-6778)

References:
  https://usn.ubuntu.com/usn/usn-3923-1
  CVE-2018-16867, CVE-2018-16872, CVE-2018-19489, CVE-2018-20123,
  CVE-2018-20124, CVE-2018-20125, CVE-2018-20126, CVE-2018-20191,
  CVE-2018-20216, CVE-2019-3812, CVE-2019-6778

Google: Join us for the livestream of Next ’19, April 9–11

Get momentum with Google Cloud.

Explore a range of topics – including migrating production instances of SAP to GCP, and working in multi-cloud and hybrid-cloud environments – in day one of our keynote sessions.

Top 5 open source network monitoring tools

Prometheus is an open source network monitoring tool with a large community following. It was built specifically for monitoring time-series data. You can identify time-series data by metric name or key-value pairs. Time-series data is stored on local disks so that it's easy to access in an emergency.

REF: https://opensource.com/article/19/2/network-monitoring-tools

[Check_mk Announce] New Check_MK stable release 1.5.0p13

---------- Forwarded message ---------
From: Check_mk Announcements
Date: Tue, Mar 19, 2019 at 5:08 PM

Dear friends of Check_MK,

the new stable release 1.5.0p13 of Check_MK is ready for download.

This maintenance release ships with 48 changes affecting all editions of Check_MK,
5 Enterprise Edition specific changes and 0 Managed Services Edition specific changes.
...
You can download Check_MK from our download page:
 * http://mathias-kettner.de/check_mk_download.html

TrendLabs: Emotet-Distributed Ransomware Loader for Nozelesn Found via Managed Detection and Response

Figure 2. PowerShell script that shows it connecting to various IP addresses and creating 942.exe

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/emotet-distributed-ransomware-loader-for-nozelesn-found-via-managed-detection-and-response/

Windows 10 OpenSSH Client Installed by Default in April 2018 Update

Windows security researcher Oddvar Moe first spotted that the OpenSSH Client for Windows was now being installed by default and posted about it on Twitter.

Windows 10 1803 has some interesting new binaries.

I don't need to explain this picture....

- Well, they are signed at least#LOLBins #LOLBin #DFIR #RedTeampic.twitter.com/CZyVGQ0PPt

— Oddvar Moe [MVP] (@Oddvarmoe) May 14, 2018

REF: https://www.bleepingcomputer.com/news/microsoft/windows-10-openssh-client-installed-by-default-in-april-2018-update/

Plex: Five Ways to Level Up Your SHIELD with Plex

If you already own an NVIDIA SHIELD TV then you likely know why it has been called “the supercharged Ferrari” of Android TV devices by Android Central. Fine-tuning it with Plex makes it even better!

[USN-3901-1] Linux kernel vulnerabilities

---------- Forwarded message ---------
From: Steve Beattie
Date: Mar 6, 2019 5:18AM
To:

Jann Horn discovered that the userfaultd implementation in the Linux kernel
did not properly restrict access to certain ioctls. A local attacker could
use this possibly to modify files. (CVE-2018-18397)

It was discovered that the crypto subsystem of the Linux kernel leaked
uninitialized memory to user space in some situations. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2018-19854)

Jann Horn discovered a race condition in the fork() system call in
the Linux kernel. A local attacker could use this to gain access to
services that cache authorizations. (CVE-2019-6133)

References:
  https://usn.ubuntu.com/usn/usn-3901-1
  CVE-2018-18397, CVE-2018-19854, CVE-2019-6133