[CERT-daily] Tageszusammenfassung - 14.09.2017

Thu Sep 14 18:14:24 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 13-09-2017 18:00 − Donnerstag 14-09-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  Olaf Schwarz

=====================
=        News       =
=====================

∗∗∗ Zerodium Offering $1M for Tor Browser Zero Days ∗∗∗
---------------------------------------------
Exploit acquisition vendor Zerodium said Wednesday it will pay up to $1M for an unknown Tor Browser zero day.
---------------------------------------------
http://threatpost.com/zerodium-offering-1m-for-tor-browser-zero-days/127959/


∗∗∗ Another webshell, another backdoor! ∗∗∗
---------------------------------------------
Im still busy to follow how webshells are evolving... I recently found another backdoor in another webshell called "cor0.id". The best place to find webshells remind pastebin.com. When Im testing a webshell, I copy it in a VM located on a "wild Internet" VLAN in my home lab with, amongst other controls, full packet capture enabled.
---------------------------------------------
https://isc.sans.edu/diary/rss/22826


∗∗∗ Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data ∗∗∗
---------------------------------------------
Over the summer we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php). The injections range from ad scripts coming from established ad networks like shorte.st to new domains created specifically for those attacks. Typical injected scripts look like this ...
---------------------------------------------
https://blog.sucuri.net/2017/09/old-themes-abandoned-scripts-pitfalls-cleaning-serialized-data.html


∗∗∗ Samsung’s launches bug bounty program and will reward up to $200,000 to anyone who discovers vulnerabilities in its mobile devices and associated software ∗∗∗
---------------------------------------------
Samsung says,”We take security and privacy issues very seriously; and as an appreciation for helping Samsung Mobile improve the security of our products and minimizing risk to our end-consumers, we are offering a rewards program for eligible security vulnerability reports,”.
---------------------------------------------
https://www.techposts.net/samsung-launches-bug-bounty-program-offering-bounty-200000/


∗∗∗ Enlarge your botnet with: top D-Link routers (DIR8xx D-Link routers cruisin for a bruisin) ∗∗∗
---------------------------------------------
In this article, we are going to discuss vulnerabilities detected in the top D-Link routers. The devices use the same code, thus giving a magnificent and quite tempting opportunity to attackers to add them to a botnet. Moreover, we have managed to make Mirai for the devices by modifying its compilation script a bit.
---------------------------------------------
https://embedi.com/blog/enlarge-your-botnet-top-d-link-routers-dir8xx-d-link-routers-cruisin-bruisin


∗∗∗ "Display Widgets": WordPress-Plugin mit Backdoor aus Repository entfernt ∗∗∗
---------------------------------------------
Ein Plugin zur Verwaltung von WordPress-Widgets enthielt eine Backdoor, die dessen Herausgeber über Monate hinweg den Fernzugriff ermöglichte. Nun wurde es endgültig aus dem WordPress-Repository entfernt. Ein Update säubert bestehende Installationen.
---------------------------------------------
https://heise.de/-3831761


∗∗∗ Schwere Lücke im Router D-Link DIR-850L: Patches kommen am 19. September ∗∗∗
---------------------------------------------
Die Heimrouter können von Angreifern aus der Ferne übernommen werden. Bisher gibt es kein Update, da der Entdecker der Lücken D-Link vor der Veröffentlichung nicht informiert hat. Nun hat die Firma das Datum mitgeteilt, ab dem es Patches geben soll.
---------------------------------------------
https://heise.de/-3832456


∗∗∗ End of extended support for Office 2007 ∗∗∗
---------------------------------------------
The end of extended support for the Office 2007 family of desktop and server products is coming up next month. See Office 2007 approaching end of extended support for more details and the list of affected products.
---------------------------------------------
https://blogs.technet.microsoft.com/office_sustained_engineering/2017/09/13/end-of-extended-support-for-office-2007/


=====================
=    Advisories     =
=====================

∗∗∗ DSA-3972 bluez - security update ∗∗∗
---------------------------------------------
An information disclosure vulnerability was discovered in the ServiceDiscovery Protocol (SDP) in bluetoothd, allowing a proximate attacker toobtain sensitive information from bluetoothd process memory, includingBluetooth encryption keys.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3972


∗∗∗ Flag clear - Moderately Critical - CSRF - DRUPAL-SA-CONTRIB-2017-074 ∗∗∗
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2017-074 Vulnerability: Cross Site Request Forgery Description: The Flag clear module allows administrators to remove user flags for content. This functionality is often useful in user-submission use-cases, where users do not necessarily need to unflag things on their own.
---------------------------------------------
https://www.drupal.org/node/2908592


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2017-1289) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007617


∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2016-7055, CVE-2017-3731) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22002883


∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2016-7055, CVE-2017-3731) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22002863


∗∗∗ Persistent Cross-Site Scripting in SilverStripe CMS ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/persistent-cross-site-scripting-in-silverstripe-cms/index.html


∗∗∗ Authenticated Command Injection in Ubiquiti Networks UniFi Cloud Key ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/authenticated-command-injection-in-ubiquiti-networks-unifi-cloud-key/index.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily