Archive for February, 2019

Rewterz Threat Alert – Fraudulent Phishing Emails – IoCs

Severity

Medium

Analysis Summary

Another MalSpam campaign has been observed containing malicious file attachments, which also have malicious URLs embedded in them. Following IoCs have been retrieved from this phishing campaign.

Impact

  • Loss of sensitive information
  • Credential theft
  • Malware infection

Indicators of Compromise

URLs

  • googlex.alibobomoneyman[.]xyz
  • hxxps://www.dropbox[.]com/s/yk7m01jp5xq67bz/confirm_invoice.zip?dl=1 voicewaves[.]com/abnow/usa/myway/index2.php.
  • voicewaves[.]com/abnow/
  • voicewaves[.]com/verifyab/
  • voicemail-listen[.]com

Email Address

  • linda[@]alliedmortgage[.]com
  • ap[@]voicemail-listen[.]com

Malware Hash (MD5/SHA1/SH256)

cfd7c140e37c9a6ff608205f087b8325

37210ce95cd3faa0a757d67f06d8e4af

Remediation

Block the threat indicators at their respective controls.

Do not download email attachments and do not click on links attached in emails from unknown sources.


Rewterz Threat Advisory – CVE-2019-0251/ CVE-2019-0259 – SAP BusinessObjects BI Multiple Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2019-0251

The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

CVE-2019-0259

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.

Impact

Cross Site Scripting

Security Bypass

Affected Products

SAP BusinessObjects BI 4.2

SAP BusinessObjects BI 4.3

Remediation

Apply SAP Notes 2727564 and 2638175.


Rewterz Threat Advisory – CVE-2019-1691 – Cisco Firepower Management Center Snort

Severity

Medium

Analysis Summary

An error during a connection handshake when handling SSL or TLS packet headers can be exploited to restart the Snort detection engine via a specially crafted SSL or TLS packet.

Impact

Denial of Service

Affected Products

Cisco Firepower Management Center (formerly Cisco FireSIGHT Management Center)

Remediation

Currently there are no workarounds available for this product.


Rewterz Threat Advisory – CVE-2019-1684 – Cisco IP Phone 8800/ Cisco IP Phone 7800 Vulnerability

Severity: Medium

Analysis Summary

An error when handling Cisco Discovery Protocol (CDP) or Link Layer Discovery Protocol (LLDP) packet header fields can be exploited to reload the device via a specially crafted CDP or LLDP packet.

Impact: 

Denial of Service

Affected Products

Cisco Unified IP Phones 7800 Series

Cisco IP Phone 8800 Series

Remediation

Vendor has released updates for the following products. Update to version 12.5(1)SR1.


Rewterz Threat Alert – Critical WinRAR Flaw Affects All Versions Released In Last 19 Years

Severity

Medium

Analysis Summary

The flaw resides in the way an old third-party library, called UNACEV2.DLL, used by the software handled the extraction of files compressed in ACE data compression archive file format. However, since WinRAR detects the format by the content of the file and not by the extension, attackers can merely change the .ace extension to .rar extension to make it look normal.

“Absolute Path Traversal” bug in the library that could be leveraged to execute arbitrary code on a targeted system attempting to uncompress a maliciously-crafted file archive using the vulnerable versions of the software.

The path traversal flaw allows attackers to extract compressed files to a folder of their choice rather than the folder chosen by the user, leaving an opportunity to drop malicious code into Windows Startup folder where it would automatically run on the next reboot.

Impact

System access.

Loss of sensitive information.

Affected Products

WinRAR (all versions)

Remediation

Install the latest version of WinRAR.

WINRar version 5.70 beta 1.


Rewterz Threat Advisory – CVE-2019-8956 – Linux Kernel “sctp_sendmsg()” Use-After-Free Vulnerability

Severity: Medium

Analysis Summary

A use-after-free error in the “sctp_sendmsg()” function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

Impact


Memory Corruption

Denial of Service

Affected Products

Linux Kernel

versions 4.20.x prior to 4.20.8

4.19.x prior to 4.19.21

Remediation

Update to version 4.20.8 or 4.19.21.


Copyright © Rewterz. All rights reserved.