[CERT-daily] Tageszusammenfassung - 19.09.2017

Daily end-of-shift report team at cert.at
Tue Sep 19 18:13:12 CEST 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 18-09-2017 18:00 − Dienstag 19-09-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=        News       =
=====================

∗∗∗ Avast Clarifies Details Surrounding CCleaner Malware Incident ∗∗∗
---------------------------------------------
Avast published earlier today a post-mortem of the CCleaner malware incident, in the hopes to clarify some of the details surrounding the event that many of its users found troubling. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/avast-clarifies-details-surrounding-ccleaner-malware-incident/


∗∗∗ Apples FaceID ∗∗∗
---------------------------------------------
This is a good interview with Apples SVP of Software Engineering about FaceID. Honestly, I dont know what to think. I am confident that Apple is not collecting a photo database, but not optimistic that it cant be hacked with fake faces. I dislike the fact that the police can point the phone at someone and have it automatically unlock. So this is important: I also quizzed Federighi about the exact way you "quick disabled" Face ID in tricky scenarios -- like being stopped by police, or [...]
---------------------------------------------
https://www.schneier.com/blog/archives/2017/09/apples_faceid.html


∗∗∗ Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data ∗∗∗
---------------------------------------------
Over the summer we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php). The injections range from ad scripts coming from established ad networks like shorte.st to new domains created specifically for those attacks. Typical injected scripts look like this: [...]
---------------------------------------------
https://blog.sucuri.net/2017/09/old-themes-abandoned-scripts-pitfalls-cleaning-serialized-data.html


∗∗∗ Someone checked and, yup, you can still hijack Gmail, Bitcoin wallets etc via dirty SS7 tricks ∗∗∗
---------------------------------------------
Two-factor authentication by SMS? More like SOS Once again, its been demonstrated that vulnerabilities in cellphone networks can be exploited to intercept one-time two-factor authentication tokens in text messages.
---------------------------------------------
https://www.theregister.co.uk/2017/09/18/ss7_vuln_bitcoin_wallet_hack_risk/


∗∗∗ Open Hadoop Service Scanning Project ∗∗∗
---------------------------------------------
If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at the Hadoop Namenode or Datanode web service. The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have one or both of these hadoop services service running. The goal of this project is to identify openly accessible systems that have these services running and report them back to the network owners for [...]
---------------------------------------------
https://hadoopscan.shadowserver.org/


∗∗∗ Call for Papers IT-SECX 2017 - "Future incident response" ∗∗∗
---------------------------------------------
Die IT-SECX ist eine Security-Konferenz mit Vorträgen und Workshops. [...] Das Motto der heurigen IT-SECX ist "Future incident response" mit dem Ziel aktuelle gezielte Angriffe, Malwarekampagnen und Gegenmaßnahmen zu diskutieren. Mit diesem Fokus sind Einreichungen für Vorträge zu folgenden Themen erwünscht: [...]
---------------------------------------------
https://itsecx.fhstp.ac.at/call-for-papers/


∗∗∗ Gefährdeter Datenschutz: Firefox löscht lokale Datenbanken nicht ∗∗∗
---------------------------------------------
Der Firefox-Browser bringt ein großes Datenschutzproblem mit sich. Nur umständlich lässt sich die Firefox-Chronik von Nutzern löschen. Webseiten können mühelos auf zuvor im Browser gespeicherte Daten zugreifen.
---------------------------------------------
https://heise.de/-3835084


∗∗∗ PC-Wahl: CCC demonstriert erneut einen Angriff und bietet Open-Source-Hilfe ∗∗∗
---------------------------------------------
Mit einem demonstrativen Hack macht der CCC auf ein erneutes Sicherheitsproblem der bereits mehrfach nachgebesserten Wahl-Software aufmerksam. Eine Open-Source-Spende soll PC-Wahl jetzt zu einer sicheren Update-Funktion verhelfen.
---------------------------------------------
https://heise.de/-3835282


∗∗∗ Unternehmen im Visier von Cyber-Kriminellen ∗∗∗
---------------------------------------------
Mit gefälschten Zahlungsanweisungen versuchen Kriminelle, von Unternehmen hohe Geldsummen zu stehlen. Ihre Nachrichten richten sich direkt an die Buchhaltung und geben vor, dass sie von der Geschäftsführung stammen. Mitarbeiter/innen, die auf den sogenannten CEO-Betrug hereinfallen, verursachen hohe Verluste. Wir zeigen Ihnen, wie Sie Ihr Unternehmen vor diesem Betrug schützen.
---------------------------------------------
https://www.watchlist-internet.at/sonstiges/unternehmen-im-visier-von-cyber-kriminellen/



=====================
=    Advisories     =
=====================

∗∗∗ [20170901] - Core - Information Disclosure ∗∗∗
---------------------------------------------
Project: Joomla! SubProject: CMS Severity: Low Versions: 3.7.0 through 3.7.5 Exploit type: Information Disclosure Reported Date: 2017-August-4 Fixed Date: 2017-September-19 CVE Number: CVE-2017-14595  Description A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. Affected Installs Joomla! CMS versions 3.7.0 through 3.7.5 Solution Upgrade to version 3.8.0
---------------------------------------------
https://developer.joomla.org/security-centre/710-20170901-core-information-disclosure.html


∗∗∗ [20170902] - Core - LDAP Information Disclosure ∗∗∗
---------------------------------------------
Project: Joomla! SubProject: CMS Severity: Medium Versions: 1.5.0 through 3.7.5 Exploit type: Information Disclosure Reported Date: 2017-July-27 Fixed Date: 2017-September-19 CVE Number: CVE-2017-14596  Description Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password. Affected Installs Joomla! CMS versions 1.5.0 through 3.7.5 Solution Upgrade to version 3.8.0
---------------------------------------------
https://developer.joomla.org/security-centre/711-20170902-core-ldap-information-disclosure.html


∗∗∗ Security Advisory 2017-04: Security Update for all OTRS Versions ∗∗∗
---------------------------------------------
September 18, 2017 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security at otrs.org
---------------------------------------------
https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/


∗∗∗ DSA-3978 gdk-pixbuf - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-3978


∗∗∗ DSA-3977 newsbeuter - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-3977


∗∗∗ DFN-CERT-2017-1643: Moodle: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1643/


∗∗∗ Security Advisory - Multiple Vulnerabilities in MTK Platform ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170919-01-mtk-en


∗∗∗ IBM Security Bulletin: API Connect Portal is affected by multiple Drupal vulnerabilities ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008323


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect API Connect ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008382


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational Synergy ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008122


∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Storage Productivity Center (CVE-2017-1382) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007663


∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Storage Productivity Center (CVE-2017-1380) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007665


∗∗∗ Expat vulnerability CVE-2016-0718 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K52320548

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list