[CERT-daily] Tageszusammenfassung - 13.06.2018

Daily end-of-shift report team at cert.at
Wed Jun 13 18:04:51 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 12-06-2018 18:00 − Mittwoch 13-06-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ June 2018 Security Update Release ∗∗∗
---------------------------------------------
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s ..
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2018/06/12/june-2018-security-update-release/


∗∗∗ Windows NTFS Tricks von und für Pentester ∗∗∗
---------------------------------------------
Das SEC Consult Vulnerability Lab hat einen neuen Blogeintrag veröffentlicht, in welchem verschiedene NTFS-Dateisystemtricks aufgezeigt werden. Diese wurden in den letzten Jahren aus verschiedenen Quellen zusammengetragen bzw. vom SEC Consult Vulnerability Lab entdeckt sowie weiterentwickelt. Die Tricks führen ..
---------------------------------------------
https://www.sec-consult.com/blog/2018/06/windows-ntfs-tricks-von-und-fuer-pentester/


∗∗∗ Subtle change could see a reduction in installation of malicious Chrome extensions ∗∗∗
---------------------------------------------
Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus ..
---------------------------------------------
https://www.virusbulletin.com:443/blog/2018/06/subtle-change-could-see-reduction-installation-malicious-chrome-extensions/


∗∗∗ Feds Bust Dozens of Nigerian Email Scammers, but Your Inbox Still Isn’t Safe ∗∗∗
---------------------------------------------
The arrest of dozens of alleged Nigerian email scammers and their associates is a small, but important, ..
---------------------------------------------
https://www.wired.com/story/feds-bust-nigerian-email-scammers


∗∗∗ Patchday: Microsoft verarztet 50 Sicherheitslücken ∗∗∗
---------------------------------------------
In vielen Windows-Versionen klafft unter anderem eine kritische Lücke in der DNS-Programmierschnittstelle. Sicherheitsupdates stehen bereit.
---------------------------------------------
http://heise.de/-4077270


∗∗∗ Botnetz "Trik": C&C-Server leakt Millionen von E-Mail-Adressen ∗∗∗
---------------------------------------------
Ein Forscher ist auf eine Spammer-Datenbank mit mehr als 43 Millionen Mail-Adressen gestoßen. Noch ist unklar, wie viele von ihnen schon zuvor geleakt wurden.
---------------------------------------------
http://heise.de/-4077371


∗∗∗ Exploit kits: Spring 2018 review ∗∗∗
---------------------------------------------
In this Spring 2018 snapshot, we review the top exploit kits ..
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/2018/06/exploit-kits-spring-2018-review/


∗∗∗ June 2018 Office Update Release ∗∗∗
---------------------------------------------
The June 2018 Public Update releases for Office are now available! This month, there ..
---------------------------------------------
https://blogs.technet.microsoft.com/office_sustained_engineering/2018/06/12/june-2018-office-update-release/



=====================
=  Vulnerabilities  =
=====================


∗∗∗ HPESBHF03850 rev.1 - HPE ​ProLiant, ​Synergy, ​and ​Moonshot ​Systems: Local Disclosure of Information, CVE-2018-3639 – Speculative Store Bypass and CVE-2018-3640 – Rogue System Register Read ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us


∗∗∗ Schneider Electric U.motion Builder ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-163-01


∗∗∗ Siemens SCALANCE X Switches ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-163-02


∗∗∗ Local File Inclusion vulnerability in Zenphoto ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN33124193/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily





More information about the Daily mailing list