[CERT-daily] Tageszusammenfassung - 15.03.2018

Daily end-of-shift report team at cert.at
Thu Mar 15 18:38:15 CET 2018 

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 14-03-2018 18:00 − Donnerstag 15-03-2018 18:00
Handler:     Nina Bieringer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ PSA: Beware of Windows PowerShell Credential Request Prompts ∗∗∗
---------------------------------------------
A new PowerShell script was posted on Github recently that prompts a victim to enter their login credentials, checks if they are correct, and then sends the credentials to a remote server. This allows an attacker to distribute the script and harvest domain login credentials from their victims.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/psa-beware-of-windows-powershell-credential-request-prompts/


∗∗∗ Webmailer: Squirrelmail-Sicherheitslücke bleibt vorerst offen ∗∗∗
---------------------------------------------
Bei der Untersuchung einer Security-Appliance von Check Point haben Sicherheitsforscher eine Lücke im Webmail-Tool Squirrelmail gefunden, mit der sich unberechtigt Dateien des Servers auslesen lassen. Einen offiziellen Fix gibt es bislang nicht, Golem.de stellt aber einen vorläufigen Patch bereit.
---------------------------------------------
https://www.golem.de/news/webmailer-squirrelmail-sicherheitsluecke-bleibt-vorerst-ungefixt-1803-133344-rss.html


∗∗∗ VPN tests reveal privacy-leaking bugs ∗∗∗
---------------------------------------------
Hotspot Shield patched; Zenmate and VPN Shield havent ... yet? A virtual private network recommendation site decided to call in the white hats and test three products for bugs, and the news wasnt good.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2018/03/15/vpn_tests_reveal_privacy_leaking_bugs/


∗∗∗ TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors ∗∗∗
---------------------------------------------
[...] This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA18-074A


∗∗∗ Rechnungen im Doc-Format sind Schadsoftware ∗∗∗
---------------------------------------------
Kriminelle versenden E-Mails, mit denen Sie Empfänger/innen dazu auffordern, eine Rechnung zu öffnen: „bitte Anhang beachten. Danke. Noch einen schönen Resttag“. Die Rechnung steht auf einer fremden Website zum Download bereit. Nutzer/innen, die die angebliche Zahlungsaufforderung öffnen, installieren Schadsoftware.
---------------------------------------------
https://www.watchlist-internet.at/news/rechnungen-im-doc-format-sind-schadsoftware/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Arbitrary Shortcode Execution & Local File Inclusion in WOOF (PluginUs.Net) ∗∗∗
---------------------------------------------
Multiple vulnerabilies have been identified in WooCommerce Products Filter version 1.1.9. An unauthenticated user can perform a local file inclusion and execute arbitrary wordpress shortcode.
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/arbitrary-shortcode-execution-local-file-inclusion-in-woof-pluginus-net/index.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (samba), CentOS (389-ds-base, kernel, libreoffice, mailman, and qemu-kvm), Debian (curl, libvirt, and mbedtls), Fedora (advancecomp, ceph, firefox, libldb, postgresql, python-django, and samba), Mageia (clamav, memcached, php, python-django, and zsh), openSUSE (adminer, firefox, java-1_7_0-openjdk, java-1_8_0-openjdk, and postgresql94), Oracle (kernel and libreoffice), Red Hat (erlang, firefox, flash-plugin, and java-1.7.1-ibm), Scientific Linux
---------------------------------------------
https://lwn.net/Articles/749423/


∗∗∗ IBM Security Bulletin: Potential spoofing attack in WebSphere Application Server (CVE-2017-1788) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012341


∗∗∗ IBM Security Bulletin: IBM® Db2® performs unsafe deserialization in DB2 JDBC driver (CVE-2017-1677) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012896


∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099764


∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099763


∗∗∗ IBM Security Bulletin: Vulnerability in HTTPD affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099762


∗∗∗ IBM Security Bulletin: Under specific circumstances IBM® Db2® installation creates users with a weak password hashing algorithm (CVE-2017-1571). ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012948


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Campaign, IBM Contact Optimization ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22014126


∗∗∗ IBM Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the GSKit library (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013756


∗∗∗ Linux kernel vulnerability CVE-2017-1000111 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K44309215


∗∗∗ Apache vulnerability CVE-2017-12613 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K52319810


∗∗∗ Apache Portable Runtime vulnerability CVE-2017-12613 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K52319810


∗∗∗ Linux kernel vulnerability CVE-2017-1000112 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K60250153


∗∗∗ Linux kernel vulnerability CVE-2017-9074 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K61223103

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list