[CERT-daily] Tageszusammenfassung - 14.08.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 13-08-2018 18:00 − Dienstag 14-08-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Badness, Enumerated by Robots ∗∗∗
---------------------------------------------
A condensed summary of the blacklist data generated from traffic hitting bsdly.net and cooperating sites.
---------------------------------------------
https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html


∗∗∗ Brazilian banking customers targeted by IoT DNS hijacking attacks ∗∗∗
---------------------------------------------
Attackers launched a DNS hijacking campaign targeting Brazilian bank customer credentials through the end-user IoT devices.
---------------------------------------------
https://www.scmagazine.com/brazilian-banking-customers-targeted-by-iot-dns-hijacking-attacks/article/788160/


∗∗∗ CVE? Nope. NVD? Nope. Serious must-patch type flaws skipping mainstream vuln lists - report ∗∗∗
---------------------------------------------
Infosec firm fingers decentralised reporting The first half of 2018 saw a record haul of reported software vulnerabilities yet a high proportion of these won't appear in any mainstream flaw-tracking lists, researcher Risk Based Security (RBS) has claimed.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2018/08/14/record_software_vulnerabilities/


∗∗∗ Patchday: SAP kümmert sich um seine Software ∗∗∗
---------------------------------------------
Im August hat SAP zwölf neue Sicherheitshinweise für verschiedene Anwendungen veröffentlicht.
---------------------------------------------
http://heise.de/-4137050


∗∗∗ Erpresserische E-Mail nennt Telefonnummer ∗∗∗
---------------------------------------------
Kriminelle versenden eine erpresserische E-Mail. Darin nennen sie die letzten vier Ziffern einer Telefonnummer und behaupten, dass sie über intimite Aufnahmen verfügen. Empfänger/innen sollen innerhalb von 48 Stunden 1000 US-Dollar in Bitcoins bezahlen, damit es zu keiner Veröffentlichung kommt. Konsument/innen müssen keine Reaktion zeigen.
---------------------------------------------
https://www.watchlist-internet.at/news/erpresserische-e-mail-nennt-telefonnummer/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Creative Cloud Desktop Application (APSB18-20), Adobe Flash Player (APSB18-25), Adobe Experience Manager (APSB18-26) and Adobe Acrobat and Reader (APSB18-29).
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1594


∗∗∗ SQL Injection, XSS & CSRF vulnerabilities in Pimcore software ∗∗∗
---------------------------------------------
Pimcore is affected by several security vulnerabilities, which can be exploited by an attacker to read data records from the database, attack other users of the web application with JavaScript code, browser exploits or Trojan horses, and perform arbitrary actions in the context of the logged-in user (CSRF).
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/


∗∗∗ Cisco IOS, IOS XE: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗
---------------------------------------------
Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle in Cisco IOS und IOS XE ausnutzen, indem er einen speziell präparierten Ciphertext an ein mit IKEv1 (Internet Key Exchange Version 1) konfiguriertes Gerät sendet. Dieses Gerät reagiert fehlerhaft auf dabei auftretende Entschlüsselungsfehler, wodurch verschlüsselte Nonces ausgespäht werden können.
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1591/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180813-rsa-nonce


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (thunderbird), Debian (gdm3 and samba), openSUSE (cgit and lxc), SUSE (grafana, kafka, logstash, openstack-monasca-installer and samba), and Ubuntu (gdm3 and libarchive).
---------------------------------------------
https://lwn.net/Articles/762556/


∗∗∗ Synology-SA-18:43 MailPlus Server ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of MailPlus Server.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_43


∗∗∗ Security Advisory - Multiple Vulnerabilities in IPsec IKE of Huawei Firewall Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180813-01-Bleichenbacher-en


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor with Spark ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10720115


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2018-2783, CVE-2018-2800, CVE-2018-2790). ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10720313


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10718949


∗∗∗ IBM Security Bulletin: IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to cross-site request forgery (CVE-2018-1455) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22016659


∗∗∗ HPESBHF03868 rev.1 - HPE ML10 Gen9 using Intel Xeon Processor E3-1200 v5 with Intel Active Management Technology, multiple local and remote vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily