[CERT-daily] Tageszusammenfassung - 06.12.2017

Wed Dec 6 18:16:10 CET 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 05-12-2017 18:00 − Mittwoch 06-12-2017 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ PSA: Do not Trust Reverse DNS (and why does an address resolve to "localhost")., (Wed, Dec 6th) ∗∗∗
---------------------------------------------
Reverse DNS can be a valuable to find out more about an IP address. For example: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/23105


∗∗∗ A new issue of our SWITCH Security Report is available! ∗∗∗
---------------------------------------------
Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: Dresscode for apps in the Google Play Store: malicious Quad9 – does it offer a data protection-friendly alternative to Google [...]
---------------------------------------------
https://securityblog.switch.ch/2017/12/06/a-new-issue-of-our-switch-security-report-is-available-4/


∗∗∗ Daten von 31 Millionen Nutzern der App ai.type Keyboard geleakt ∗∗∗
---------------------------------------------
In dem riesigen Datenleak stehen unter anderen E-Mail-Adressen, Namen und IMEI- und Telefon-Nummern von Nutzern der App. Auch Kontakte aus Telefonbüchern sollen sich darin finden.
---------------------------------------------
https://heise.de/-3910522


∗∗∗ Sicherheitsupdates: Angreifer könnten TeamViewer-Sessions entern ∗∗∗
---------------------------------------------
Unter bestimmten Voraussetzungen sind TeamViewer-Sessions gefährdet. Sicherheitsupdates sind zum Teil schon verfügbar.
---------------------------------------------
https://heise.de/-3911170


∗∗∗ Recam Redux - DeConfusing ConfuserEx ∗∗∗
---------------------------------------------
This post is authored by Holger Unterbrink and Christopher MarczewskiOverviewThis report shows how to deobfuscate a custom .NET ConfuserEx protected malware. We identified this recent malware campaign from our Advanced Malware Protection (AMP) telemetry. Initial infection is via a malicious Word document, the malware ultimately executes in memory an embedded payload from the Recam family. Recam is an information stealer. Although the malware has been around for the past few years, theres a [...]
---------------------------------------------
http://blog.talosintelligence.com/2017/12/recam-redux-deconfusing-confuserex.html


∗∗∗ ParseDroid vulnerabilities could affect all Android developers ∗∗∗
---------------------------------------------
Checkpoint researchers discovered several vulnerabilities in Android application developer tools that put any organisation that does Java/Android development at risk of an outsider gaining access to their system.
---------------------------------------------
https://www.scmagazineuk.com/news/parsedroid-vulnerabilities-could-affect-all-android-developers/article/712149/


∗∗∗ MailSploit bugs let spoofed emails bypass DMARC, spam detectors ∗∗∗
---------------------------------------------
A collection of vulnerabilities dubbed Mailsploit, found by German security researcher Sabri Haddouche in 30 types of email client applications - from Apple Mail to Mozilla Thunderbird - lets hackers bypass anti-spoofing mechanisms.
---------------------------------------------
https://www.scmagazineuk.com/news/mailsploit-bugs-let-spoofed-emails-bypass-dmarc-spam-detectors/article/712148/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability ∗∗∗
---------------------------------------------
4A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper processing of certain TCP packets in the closing sequence of a TCP session while the affected device is in a TIME_WAIT state.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack


∗∗∗ [Xen-announce] Xen Security Advisory 238 (CVE-2017-15591) - DMOP map/unmap missing argument checks ∗∗∗
---------------------------------------------
Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack which, if successful, can affect the whole system. Only domains controlling HVM guests can exploit this vulnerability. (This includes domains providing hardware emulation services to HVM guests.)
---------------------------------------------
https://lists.xenproject.org/archives/html/xen-announce/2017-12/msg00002.html


∗∗∗ Vuln: Multiple F-Secure Internet Gatekeeper Products Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/102066


∗∗∗ Security Advisory - Multiple Vulnerabilities in Intel Management Engine Firmware ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-intel-en


∗∗∗ Security Advisory - Double Free Vulnerability in Flp Driver of Some Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-01-smartphone-en


∗∗∗ Security Advisory - Multiple Security Vulnerabilities in the IKEv2 Protocol Implementation of Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-01-ikev2-en


∗∗∗ Security Advisory - Input Validation Vulnerability in H323 Protocol of Huawei products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-01-h323-en


∗∗∗ Security Notice - Statement on Remote Code Execution Vulnerability in Huawei HG532 Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171130-01-hg532-en


∗∗∗ IBM Security Bulletin: IBM BigInsights is affected by a Text Analytics vulnerabilty (CVE-2017-1336 ) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010812


∗∗∗ IBM Security Bulletin: IBM Security Network Protection is affected by vulnerabilities in OpenSSH (CVE-2016-6210 CVE-2016-6515 CVE-2016-10009 CVE-2016-10011) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010305


∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerability in subversion (CVE-2017-9800) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009835


∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008854


∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in glibc ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008853


∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in tcpdump ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008339


∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in openssh (CVE-2016-10009 CVE-2016-10011 CVE-2016-10012 CVE-2016-6210 CVE-2016-6515) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008340


∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability in IBM Support Tools for Lotus WCM (CVE-2017-1536) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008031


∗∗∗ IBM Security Bulletin: IBM Cloud Orchestrator and Cloud Orchestrator Enterprise update of IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000361


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008757


∗∗∗ IBM Security Bulletin: IBM MQ could allow an authenticated user to insert messages with malformed data into the channel which would cause it to restart. (CVE-2017-1433) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005525

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily