[CERT-daily] Tageszusammenfassung - 13.08.2018

Mon Aug 13 18:08:30 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 10-08-2018 18:00 − Montag 13-08-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Popular Android Apps Vulnerable to Man-in-the-Disk Attacks ∗∗∗
---------------------------------------------
Some of the most popular Android applications installed on your phone may be vulnerable to a new type of attack named "Man-in-the-Disk" that can grant a third-party app the ability to crash them and/or run malicious code.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/popular-android-apps-vulnerable-to-man-in-the-disk-attacks/


∗∗∗ KeyPass ransomware ∗∗∗
---------------------------------------------
In the last few days, our anti-ransomware module has been detecting a new variant of malware - KeyPass ransomware. According to our information, the malware is propagated by means of fake installers that download the ransomware module.
---------------------------------------------
https://securelist.com/keypass-ransomware/87412/


∗∗∗ DEF CON 2018: Hacking Medical Protocols to Change Vital Signs ∗∗∗
---------------------------------------------
LAS VEGAS – In recent years there has been more attention paid to the security of medical devices; however, there has been little security research done on the unique protocols used by these devices. Many of the insulin pumps, heart monitors and other gadgets found in hospital rooms use aging protocol to communicate with nurses' [...]
---------------------------------------------
https://threatpost.com/def-con-2018-hacking-medical-protocols-to-change-vital-signs/134967/


∗∗∗ Angreifer können per Fax in Firmennetze eindringen ∗∗∗
---------------------------------------------
Sicherheitsexperten haben in Multifunktionsdruckern, wie sie in vielen Büros vorhanden sind, eine Sicherheitslücke entdeckt. Angreifer könnten sich durch Senden eines manipulierten Fax Zugang zum Firmennetzwerk verschaffen.
---------------------------------------------
https://help.orf.at/stories/2929974/


∗∗∗ Apple macOS vulnerability paves the way for system compromise with a single click ∗∗∗
---------------------------------------------
A security researcher uncovered a zero-day in Apple software by tweaking a few lines of code. Speaking at Defcon in Las Vegas last week, Patrick Wardle, Chief Research Officer of Digita Security, described his research into "synthetic" interactions with a user interface (UI) that can lead to severe macOS system security issues.
---------------------------------------------
https://www.zdnet.com/article/apple-zero-day-vulnerability-permits-attacker-compromise-with-the-click-of-a-mouse/


∗∗∗ Erpresser-Mails: Online-Gauner kassieren jetzt mit Handynummern ab ∗∗∗
---------------------------------------------
Online-Abzocker verschicken Mails, in denen sie behaupten, das Handy des Empfängers gehackt zu haben. Sie untermauern dies mit einem Auszug der Handynummer.
---------------------------------------------
https://heise.de/-4134298


∗∗∗ Gebäudeautomatisierung wird zur Wanze: Bugs in Crestron-Systemen ∗∗∗
---------------------------------------------
Büros, Unis, Flughäfen, Hotels, Privathäuser - Bugs in Crestron-Produkten lassen die Komponenten zu Wanzen werden - übers Internet, Kamerabilder inklusive.
---------------------------------------------
http://heise.de/-4133763


∗∗∗ Vulnerabilities in smart card drivers open systems to attackers ∗∗∗
---------------------------------------------
Security researcher Eric Sesterhenn of X41 D-SEC GmbH has unearthed a number of vulnerabilities in several smart card drivers, some of which can allow attackers to log into the target system without valid credentials and achieve root/admin privileges. "A lot of attacks against smart cards have been performed in the past but not much work has focused on hacking the driver side of the smart card stack [the piece of software that interacts with chip [...]
---------------------------------------------
https://www.helpnetsecurity.com/2018/08/13/vulnerabilities-smart-card-drivers/


∗∗∗ FBI Warns of 'Unlimited' ATM Cashout Blitz ∗∗∗
---------------------------------------------
The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an "ATM cash-out," in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.
---------------------------------------------
https://krebsonsecurity.com/2018/08/fbi-warns-of-unlimited-atm-cashout-blitz/


∗∗∗ Warnung vor betrügerischen Maschinenangeboten ∗∗∗
---------------------------------------------
Auf Kleinanzeigen-Plattformen finden Interessent/innen günstige Nutzfahrzeuge und Landmaschinen. Sie führen zu den Anbietern insolvenzamt.com, maschinen-insolvenzamt.com und anbud-spzoo.eu. Bei den Händlern handelt es sich um Fake-Shops. Sie liefern trotz Bezahlung keine Ware.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-betruegerischen-maschinenangeboten/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ 2018-1581: Oracle Datenbankserver: Eine Schwachstelle ermöglicht die vollständige Kompromittierung der Software ∗∗∗
---------------------------------------------
[...] Die Schwachstelle betrifft auch Oracle Database 12.1.0.2 für Windows und jede Version der Software auf Linux- und Unix-Systemen. Die Patches für diese Systeme wurden bereits mit dem letzten Oracle Critical Patch Update im Juli 2018 ausgeliefert. Anwender, die bisher keine Patches eingespielt haben, sollten dies unverzüglich nachholen.
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1581/
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html


∗∗∗ 2018-1582: NextCloud: Zwei Schwachstellen ermöglichen Stored Cross-Site-Scripting-Angriffe ∗∗∗
---------------------------------------------
Zwei Schwachstellen in Nextcloud Server sowie Nextcloud Talk ermöglichen einem entfernten, einfach authentisierten Angreifer die Durchführung von Stored Cross-Site-Scripting (XSS)-Angriffen.
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1582/
https://nextcloud.com/security/advisory/?id=NC-SA-2018-008
https://nextcloud.com/security/advisory/?id=NC-SA-2018-009


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (blender, openjdk-8, postgresql-9.6, and sam2p), Fedora (libmspack, mingw-glib2, mingw-glibmm24, and rsyslog), Mageia (blender, glpi, godot, kernel, lftp, libjpeg, libsndfile, libsoup, mariadb, mp3gain, openvpn, and soundtouch), openSUSE (cgit, libvirt, mailman, NetworkManager-vpnc, and sddm), Slackware (bind), and SUSE (ffmpeg, glibc, and libvirt).
---------------------------------------------
https://lwn.net/Articles/762502/


∗∗∗ 2018-08-10: Vulnerability in eSOMS LDAP Integration ∗∗∗
---------------------------------------------
https://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ IBM Security Bulletin: eDiscovery Manager is affected by public disclosed vulnerability from Apache Poi ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10719481


∗∗∗ HPESBST03861 rev.1 - HPE 3PAR Service Processor (SP), Multiple Local and Remote Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us


∗∗∗ HPESBST03870 rev.1 - HPE 3PAR Service Processor (SP), Local Disclosure of Privileged Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03870en_us


∗∗∗ HPESBHF03858 rev.1 - HPE OfficeConnect 1810 Switch Series Local Disclosure of Sensitive Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03858en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily