[CERT-daily] Tageszusammenfassung - 25.10.2017

Wed Oct 25 18:21:19 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 24-10-2017 18:00 − Mittwoch 25-10-2017 18:00
Handler:     Nina Bieringer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Whois Maintainer Accidentally Makes Password Hashes Available For Download ∗∗∗
---------------------------------------------
Whois maintainer for Asia Pacific notifies customers of an error where hashed authentication details for were inadvertently available for download.
---------------------------------------------
http://threatpost.com/whois-maintainer-accidentally-makes-password-hashes-available-for-download/128586/


∗∗∗ Malvertising Campaign Redirects Browsers To Terror Exploit Kit ∗∗∗
---------------------------------------------
Hackers behind the Terror exploit kit ramp up distribution via a two-month long malvertising campaign.
---------------------------------------------
http://threatpost.com/malvertising-campaign-redirects-browsers-to-terror-exploit-kit/128596/


∗∗∗ #BadRabbit: Wohl immer mehr Ziele von neuem Kryptotrojaner getroffen ∗∗∗
---------------------------------------------
Die russische Nachrichtenagentur Interfax ist am Dienstag durch einen Hackerangriff lahmgelegt worden. Fast alle Server seien betroffen, sagte der stellvertretende Generaldirektor Alexej Gorschkow. Es sei unklar, wann das Problem behoben werden könne.
---------------------------------------------
https://heise.de/-3870349


∗∗∗ DUHK: Zufallszahlengenerator ermöglicht Abhör-Attacke auf zehntausende Geräte ∗∗∗
---------------------------------------------
Mehr als 25.000 übers Internet erreichbare Fortinet-Geräte sind anfällig für passive Lauschangriffe gegen verschlüsselte Verbindungen. Verantwortlich ist fehlender Zufall.
---------------------------------------------
https://heise.de/-3872013


∗∗∗ Secure remote browsing: A different approach to thwart ever-changing threats ∗∗∗
---------------------------------------------
A defense-in-depth strategy is essential to modern enterprises, and organizations must deepen their defenses as quickly as possible to fully protect themselves. One promising technology proposes to achieve this by removing web browsing activity from endpoints altogether, while still enabling users to seamlessly and securely interact with the web-based content they need in order to do their jobs. The key to this approach? Secure remote browsing.
---------------------------------------------
https://www.helpnetsecurity.com/2017/10/25/secure-remote-browsing/


∗∗∗ Dell Lost Control of Key Customer Support Domain for a Month in 2017 ∗∗∗
---------------------------------------------
A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all Dell computers called "Dell Backup and Recovery Application." Its designed to help customers restore their data and computers to their pristine, factory default state should a problem occur [...]
---------------------------------------------
https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/


∗∗∗ Digital forensics: How to recover deleted files ∗∗∗
---------------------------------------------
What happens exactly when you delete a file, and how easy or hard is it to recover deleted files? Learn the differences between delete, erase, and overwrite according to digital forensics.
---------------------------------------------
https://blog.malwarebytes.com/security-world/2017/10/digital-forensics-recovering-deleted-files/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ FortiOS DoS on webUI through params JSON parameter ∗∗∗
---------------------------------------------
An authenticated user may pass a specially crafted payload to the params parameter of the JSON web API (URLs with /json) , which can cause the web user interface to be temporarily unresponsive.
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-17-206


∗∗∗ FortiOS web GUI logindisclaimer redir parameter XSS vulnerability ∗∗∗
---------------------------------------------
A reflected XSS vulnerability exists in FortiOS web GUI "Login Disclaimer" redir parameter. It is potentially exploitable by a remote unauthenticated attacker, via sending a maliciously crafted URL to a victim who has an open session on the web GUI. Visiting that malicious URL may cause the execution of arbitrary javascript code in the security context of the victims browser.
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-17-113


∗∗∗ osTicket 1.10.1 Shell Upload ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017100187


∗∗∗ DSA-4006 mupdf - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-4006


∗∗∗ Huawei Security Advisories ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025973


∗∗∗ IBM Security Bulletin: The BigFix Platform has vulnerabilities that have been addressed in patch releases ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22009673


∗∗∗ IBM Security Bulletin: Network Time Protocol (NTP) vulnerability in AIX which is used by IBM OS Images in IBM PureApplication Systems (CVE-2016-9310) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009301


∗∗∗ IBM Security Bulletin: A vulnerability in the agent core framework affects IBM Performance Management products ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22004193


∗∗∗ XSA-236 ∗∗∗
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-236.html


Next End-of-Day report: 2017-10-27

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily