[CERT-daily] Tageszusammenfassung - 22.08.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 21-08-2018 18:00 − Mittwoch 22-08-2018 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ New Android Triout Malware Can Record Phone Calls, Steal Pictures ∗∗∗
---------------------------------------------
Security researchers from Bitdefender have discovered a new Android malware strain named Triout that comes equipped with intrusive spyware capabilities, such as the ability to record phone calls and steal pictures taken with the device.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-android-triout-malware-can-record-phone-calls-steal-pictures/


∗∗∗ Unterkunft nicht bei benaco-ferienwohnungen.de buchen ∗∗∗
---------------------------------------------
Auf benaco-ferienwohunungen.de findet man günstige Unterkünfte am Gardasee. Die Inserate wurden jedoch zu betrügerischen Zwecken von echten Portalen kopiert. Die gebotenen Unterkünfte können nicht gebucht werden und Kunden werden um ihr Geld betrogen.
---------------------------------------------
https://www.watchlist-internet.at/news/unterkunft-nicht-bei-benaco-ferienwohnungende-buchen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Bislang kein Patch: Gefährliche Sicherheitslücken im PDF/Postscript-Interpreter Ghostscript ∗∗∗
---------------------------------------------
Angreifer könnten über Schwachstellen im weit verbreiteten Ghostscript-Interpreter Schadcode ausführen. Derzeit gibt es nur einen Workaround zum Schutz.
---------------------------------------------
http://heise.de/-4143153


∗∗∗ Kritische Sicherheitslücke in Apache Struts 2 - Patches verfügbar ∗∗∗
---------------------------------------------
Es wurde eine kritische Sicherheitslücke in Apache Struts 2 gefunden, die schwerwiegende Folgen für die Sicherheit von Webservern, die dieses Framework einsetzen, haben kann.
---------------------------------------------
http://www.cert.at/warnings/all/20180822.html


∗∗∗ Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades ∗∗∗
---------------------------------------------
A vulnerability affects all versions of the OpenSSH client released in the past two decades, ever since the application was released in 1999. [...]
This bug allows a remote attacker to guess the usernames registered on an OpenSSH server.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/vulnerability-affects-all-openssh-versions-released-in-the-past-two-decades/


∗∗∗ Philips IntelliVue Information Center iX ∗∗∗
---------------------------------------------
This medical device advisory includes mitigation recommendations for a resource exhaustion vulnerability in Philips IntelliVue Information Center iX real-time central monitoring system.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-233-01


∗∗∗ Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows ∗∗∗
---------------------------------------------
This advisory includes mitigation recommendations for stack-based buffer overflow vulnerabilities in Yokogawas iDefine, STARDOM, ASTPLANNER, and TriFellows products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-233-01


∗∗∗ PMASA-2018-5 ∗∗∗
---------------------------------------------
A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file.
Assigned CVE ids: CVE-2018-15605
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2018-5/


∗∗∗ Adobe Photoshop CC: Zwei Schwachstellen ermöglichen das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
Zwei Schwachstellen in Adobe Photoshop CC 2017 18.1.5 und CC 2018 19.1.5 sowie den jeweils früheren Versionen für Windows und macOS ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes im Sicherheitskontext des aktiven Benutzers.
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1697/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (openssh and otrs2), Fedora (gifsicle, lighttpd, quazip, and samba), Red Hat (openstack-keystone), Scientific Linux (mutt), Slackware (libX11), SUSE (gtk2, ImageMagick, libcgroup, and libgit2), and Ubuntu (base-files).
---------------------------------------------
https://lwn.net/Articles/763157/


∗∗∗ IBM Security Bulletin: Vulnerabilities in GSKit affects IBM Sterling Connect:Direct for UNIX ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10726077


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016774


∗∗∗ IBM Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct for UNIX ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10726081


∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in IBM WebSphere Application Server (CVE-2017-1788) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10728345


∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce Aurora Storefront Could Allow an Open Redirect Attack (CVE-2018-1739) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10725439


∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by NTP vulnerabilities (CVE-2017-6462, CVE-2017-6463, CVE-2017-6464) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10728215


∗∗∗ IBM Security Bulletin: IBM Tivoli Access Manager for e-business and IBM Security Access Manager releases are affected by a Kerberos vulnerability (CVE-2017-11462) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015092

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily