[CERT-daily] Tageszusammenfassung - 02.08.2018

Thu Aug 2 18:40:09 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 01-08-2018 18:00 − Donnerstag 02-08-2018 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Crime and Crypto: An Evolution in Cyber Threats ∗∗∗
---------------------------------------------
Cybercriminals are constantly experimenting with new ways to take money from their victims. Their tactics evolve quickly to maximize returns and minimize risk. The emergence of cryptocurrency has opened up new opportunities to do just that. To better understand today’s threat landscape, it’s worth exploring the origins of cryptocurrencies and the progress cybercriminals have made in using it to advance their own interests.
---------------------------------------------
https://www.webroot.com/blog/2018/08/02/crime-crypto-evolution-cyber-threats/


∗∗∗ Save the Date: 4th e-Health Security Conference ∗∗∗
---------------------------------------------
ENISA is organising the 4th eHealth Security workshop in cooperation with the Dutch Ministry of Health, Welfare and Sport, on the 14th of November.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/save-the-date-4th-e-health-security-conference


∗∗∗ Reddit Breach Highlights Limits of SMS-Based Authentication ∗∗∗
---------------------------------------------
Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesnt seem too severe. Whats interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.
---------------------------------------------
https://krebsonsecurity.com/2018/08/reddit-breach-highlights-limits-of-sms-based-authentication/


∗∗∗ The Year Targeted Phishing Went Mainstream ∗∗∗
---------------------------------------------
A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason -- sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack). But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and
---------------------------------------------
https://krebsonsecurity.com/2018/08/the-year-targeted-phishing-went-mainstream/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Drupal Core - 3rd-party libraries -SA-CORE-2018-005 ∗∗∗
---------------------------------------------
The Drupal project uses the Symfony library. The Symfony library has released a security update that impacts Drupal. Refer to the Symfony security advisory for the issue.The same vulnerability also exists in the Zend Feed and Diactoros libraries included in Drupal core; however, Drupal core does not use the vulnerable functionality.
---------------------------------------------
https://www.drupal.org/SA-CORE-2018-005


∗∗∗ Telegram: Passport-Dokumentenspeicher des Krypto-Messengers hat Schwachstellen ∗∗∗
---------------------------------------------
Geraten die von Telegram verwahrten Passwort-Hashes für Passport in falsche Hände, ließen sie sich leichter knacken, als man das eigentlich haben will.
---------------------------------------------
http://heise.de/-4127755


∗∗∗ Django Open Redirect Flaw in CommonMiddleware Lets Remote Users Redirect the Target Users Browser to an Arbitrary Site ∗∗∗
---------------------------------------------
On systems with django.middleware.common.CommonMiddleware and the APPEND_SLASH setting enabled and with a project that has a URL pattern that accepts any path ending in a slash, a remote user can create a URL that, when loaded by the target user, will redirect the target user's browser to an arbitrary site.
---------------------------------------------
http://www.securitytracker.com/id/1041403


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (busybox and mutt), Fedora (bibutils and wireshark), openSUSE (glibc and rsyslog), Slackware (blueman), SUSE (cups, ovmf, and polkit), and Ubuntu (bouncycastle, libmspack, and python-django).
---------------------------------------------
https://lwn.net/Articles/761625/


∗∗∗ Vuln: Symfony CVE-2018-14773 Security Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/104943


∗∗∗ Cisco AMP for Endpoints Mac Connector Software Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-fampmac


∗∗∗ Cisco Web Security Appliance Reflected and Document Object Model-Based Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-wsa-xss


∗∗∗ Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ucm-xss


∗∗∗ Cisco Small Business 300 Series Managed Switches Authenticated Reflected Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-rxss


∗∗∗ Cisco Small Business 300 Series Managed Switches Persistent Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-pxss


∗∗∗ Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-pcp-dos


∗∗∗ Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf


∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by an Apache vulnerability. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10719413


∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by multiple PHP vulnerabilities ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10713449


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22016803


∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management installs with a default administrator account that a remote intruder could use to gain administrator access to the system.(CVE-2018-1524) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22017452


∗∗∗ IBM Security Bulletin : Multiple vulnerabilities in IBM GSKit affect IBM Host On-Demand. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10716977


∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2017-3737, CVE-2017-3738). ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10717007


∗∗∗ HPESBST03857 rev.1 - HPE XP7 Command View Advanced Edition Products using JDK, Local and Remote Authentication Bypass ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us


∗∗∗ HPESBST03859 rev.1 - HPE XP P9000 Command View Advanced Edition Software (CVAE) - Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03859en_us


∗∗∗ HPESBST03860 rev.1 - HPE XP P9000 Command View Advanced Edition (CVAE) Software, Local and Remote Unauthorized Access to Sensitive Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03860en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily