[CERT-daily] Tageszusammenfassung - 12.04.2018

Thu Apr 12 18:13:37 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 11-04-2018 18:00 − Donnerstag 12-04-2018 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Android Penetration Tools Walkthrough Series Dex2Jar, JD-GUI, and Baksmali ∗∗∗
---------------------------------------------
In this article, we will be focusing on the Android penetration testing tools such as Dex2Jar, JD-GUI, and Baksmali to work with reverse engineering Android APK files.
---------------------------------------------
http://resources.infosecinstitute.com/android-penetration-tools-walkthrough-series-dex2jar-jd-gui-baksmali/


∗∗∗ APT Trends report Q1 2018 ∗∗∗
---------------------------------------------
In the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on the relevant activities that we observed during Q1 2018.
---------------------------------------------
http://securelist.com/apt-trends-report-q1-2018/85280/


∗∗∗ New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection ∗∗∗
---------------------------------------------
Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools.
---------------------------------------------
http://threatpost.com/new-early-bird-code-injection-technique-helps-apt33-evade-detection/131147/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities ∗∗∗
---------------------------------------------
Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layers SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. It is used by video playback software, emulators, and popular games including Valves award winning catalog ...
---------------------------------------------
http://blog.talosintelligence.com/2018/04/simple-direct-media-layer-vulnerabilities.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (poppler), Fedora (koji and libofx), Gentoo (adobe-flash), Oracle (kernel), Red Hat (qemu-kvm-rhev and sensu), and Scientific Linux (firefox).
---------------------------------------------
https://lwn.net/Articles/751668/


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013955


∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in the Apache Portal Runtime (CVE-2017-12613) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014874


∗∗∗ IBM Security Bulletin: Security vulnerability has been identified in IBM Spectrum Scale which is used by IBM PureApplication Systems/Service (CVE-2017-1654) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015239


∗∗∗ IBM Security Bulletin: IBM Cloud Manager is affected by a OpenSSL vulnerabilities ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1027142


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22015344


∗∗∗ IBM Security Bulletin: IBM Web Experience Factory is Affected by Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014914


∗∗∗ JSA10844 - 2018-04 Security Bulletin: Junos OS: Kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10844&actp=RSS


∗∗∗ JSA10845 - 2018-04 Security Bulletin: SRX Series: Denial of service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10845&actp=RSS


∗∗∗ JSA10846 - 2018-04 Security Bulletin: SRX Series: A crafted packet may lead to information disclosure and firewall rule bypass during compilation of IDP policies. (CVE-2018-0018) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10846&actp=RSS


∗∗∗ JSA10847 - 2018-04 Security Bulletin: Junos: Denial of service vulnerability in SNMP MIB-II subagent daemon (mib2d) (CVE-2018-0019) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10847&actp=RSS


∗∗∗ JSA10848 - 2018-04 Security Bulletin: Junos OS: rpd daemon cores due to malformed BGP UPDATE packet (CVE-2018-0020) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10848&actp=RSS


∗∗∗ JSA10850 - 2018-04 Security Bulletin: NorthStar: Return Of Bleichenbachers Oracle Threat (ROBOT) RSA SSL attack (CVE-2017-1000385) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10850&actp=RSS


∗∗∗ JSA10851 - 2018-04 Security Bulletin: OpenSSL Security Advisory [07 Dec 2017] ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10851&actp=RSS


∗∗∗ JSA10852 - 2018-04 Security Bulletin: Junos OS: Multiple vulnerabilities in stunnel ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10852&actp=RSS


∗∗∗ JSA10853 - 2018-04 Security Bulletin: NSM Appliance: Multiple vulnerabilities resolved in CentOS 6.5-based 2012.2R12 release ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10853&actp=RSS


∗∗∗ Apache HTTPD vulnerability CVE-2018-1301 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K78131906


∗∗∗ OpenSSH vulnerability CVE-2016-10708 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K32485746

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily