[CERT-daily] Tageszusammenfassung - 03.12.2018

Mon Dec 3 18:33:31 CET 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 30-11-2018 18:00 − Montag 03-12-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Who Is Targeting Industrial Facilities and ICS Equipment, and How? ∗∗∗
---------------------------------------------
Industrial Control Systems (ICS) are expected to be installed and left isolated for a long time. Technical changes and the necessity of reducing operating costs led to this equipment being left in operation longer than expected, exposing it to a broad range of cyber-threats. Malware designed to compromise [...]
---------------------------------------------
https://resources.infosecinstitute.com/who-is-targeting-industrial-facilities-and-ics-equipment-and-how/


∗∗∗ DeepSec 2018 Wrap-Up ∗∗∗
---------------------------------------------
I’m writing this quick wrap-up in Vienna, Austria where I attended my first DeepSec conference. This event was already on my schedule for a while but I never had a chance to come. This year, I submitted a training and I was accepted! Good opportunity to visit the beautiful city [...]
---------------------------------------------
https://blog.rootshell.be/2018/11/30/deepsec-2018-wrap-up/


∗∗∗ The 9 Lives of Bleichenbachers CAT: New Cache ATtacks on TLS Implementations ∗∗∗
---------------------------------------------
In this whitepaper*, nine different implementations of TLS were tested against cache attacks and seven were found to be vulnerable: [...]
---------------------------------------------
https://www.nccgroup.trust/us/our-research/the-9-lives-of-bleichenbachers-cat-new-cache-attacks-on-tls-implementations/


∗∗∗ Injecting Code into Windows Protected Processes using COM - Part 2 ∗∗∗
---------------------------------------------
In my previous blog I discussed a technique which combined numerous issues I’ve previously reported to Microsoft to inject arbitrary code into a PPL-WindowsTCB process. The techniques presented don’t work for exploiting the older, stronger Protected Processes (PP) for a few different reasons. This blog seeks to remedy this omission and provide details of how I was able to also hijack a full PP-WindowsTCB process without requiring administrator privileges.
---------------------------------------------
https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-protected.html


∗∗∗ What the Marriott Breach Says About Security ∗∗∗
---------------------------------------------
We dont yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.
---------------------------------------------
https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/


∗∗∗ Gefälschte iPhone-Gewinn-SMS von Billa im Umlauf ∗∗∗
---------------------------------------------
Betrüger/innen versenden SMS-Nachrichten im Namen von Billa an Konsument/innen. Wer die Nachricht öffnet, soll einige Fragen beantworten und kann anschließend den Gewinn, ein iPhone XS im Wert von über 1200 Euro, auswählen. Für den Erhalt sollen 1,50 Euro per Kreditkarte bezahlt werden. Betroffene dürfen Ihre Daten nicht eingeben, denn es handelt sich um eine Abo-Falle und das versprochene iPhone wird nie verschickt!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-iphone-gewinn-sms-von-billa-im-umlauf/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital Oscilloscope ∗∗∗
---------------------------------------------
A digital oscilloscope by Siglent Technologies is affected by multiple vulnerabilities such as hardcoded backdoor accounts or missing authentication. The vendor was unresponsive and did not provide a patch.
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-siglent-technologies-sds-1202x-e-digital-oscilloscope/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libarchive, perl, and qemu), Fedora (glibc, glusterfs, links, and moodle), Gentoo (libsndfile and postgresql), openSUSE (openssh, rubygem-loofah, and tiff), Oracle (ruby), Red Hat (ruby), and Ubuntu (libssh and linux-aws).
---------------------------------------------
https://lwn.net/Articles/773437/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (nsis, openssl, poppler, and tiff), Fedora (dnsdist, drupal7, kernel, kernel-headers, kernel-tools, net-snmp, perl, php-Smarty2, and samba), Gentoo (connman, nagios-core, php, and webkit-gtk), Mageia (apache-mod_perl, kdeconnect-kde, and python-requests), Red Hat (rh-postgresql10-postgresql), and SUSE (kernel).
---------------------------------------------
https://lwn.net/Articles/773650/


∗∗∗ Vuln: NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote Command Injection Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/106059


∗∗∗ IBM Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6, Version 7, Version 8, that is used by IBM Workload Scheduler. These issues were disclosed as part of the IBM Java SDK updates in [...] ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-there-are-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-6-version-7-version-8-that-is-used-by-ibm-workload-scheduler-these-issues-were/


∗∗∗ Ruby on Rails: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K18-1138

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily