[CERT-daily] Tageszusammenfassung - 21.12.2017

Thu Dec 21 18:05:50 CET 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 20-12-2017 18:00 − Donnerstag 21-12-2017 18:00
Handler:     Nina Bieringer
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================

∗∗∗ Infosec controls relaxed a little after latest Wassenaar meeting ∗∗∗
---------------------------------------------
A welcome dash of perspective Without much fanfare, negotiators crafting the Wassenaar Agreement earlier this month moved to make things easier for infosec white-hats.
---------------------------------------------
www.theregister.co.uk/2017/12/21/infosec_controls_relaxed_a_little_after_latest_wassenaar_meeting/


∗∗∗ Einfache Mail-Verschlüsselung: PGP-Helfer Autocrypt in Version 1.0 vorgestellt ∗∗∗
---------------------------------------------
Eine benutzerfreundliche E-Mail-Verschlüsselung versprechen die Macher der Autocrypt-Spezifikation, die heute in Version 1.0 freigegeben wurde.
---------------------------------------------
https://heise.de/-3924855


∗∗∗ Massive Cryptomining Campaign Targeting WordPress Sites ∗∗∗
---------------------------------------------
On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed. As reported, it was the most intense period of attacks we had ever recorded. We believe that a single botnet is behind the attacks. We were able ..
---------------------------------------------
https://www.wordfence.com/blog/2017/12/massive-cryptomining-campaign-wordpress/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Advisory for Buffer Overflow Vulnerabilities in QTS ∗∗∗
---------------------------------------------
Multiple buffer overflow vulnerabilities were recently found in QTS 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier. If exploited, these vulnerabilities may allow remote attackers to run arbitrary code on NAS devices.
---------------------------------------------
https://www.qnap.com/en/security-advisory/nas-201712-15


∗∗∗ TMM vulnerability CVE-2017-6138 ∗∗∗
---------------------------------------------
TMM vulnerability CVE-2017-6138. Security Advisory. Security Advisory Description. Malicious requests made to virtual servers ..
---------------------------------------------
https://support.f5.com/csp/article/K34514540


∗∗∗ TMM vulnerability CVE-2017-6132 ∗∗∗
---------------------------------------------
TMM vulnerability CVE-2017-6132. Security Advisory. Security Advisory Description. Undisclosed sequence of packets sent ..
---------------------------------------------
https://support.f5.com/csp/article/K12044607


∗∗∗ Linux kernel vulnerability CVE-2017-6135 ∗∗∗
---------------------------------------------
Linux kernel vulnerability CVE-2017-6135. Security Advisory. Security Advisory Description. A slow memory leak as a result ..
---------------------------------------------
https://support.f5.com/csp/article/K43322910


∗∗∗ me aliases - Highly critical - Arbitrary code execution - SA-CONTRIB-2017-097 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2017-097


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source Samba affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009491


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source OpenSSL affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011039


∗∗∗ TMM vulnerability CVE-2017-6134 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K37404773


∗∗∗ SQL injection vulnerability CVE-2017-0304 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K39428424

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily