[CERT-daily] Tageszusammenfassung - 28.03.2018

Wed Mar 28 18:32:34 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 27-03-2018 18:00 − Mittwoch 28-03-2018 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Many VPN Providers Leak Customers IP Address via WebRTC Bug ∗∗∗
---------------------------------------------
Around 20% of todays top VPN solutions are leaking the customers IP address via a WebRTC bug known since January 2015, and which apparently some VPN providers have never heard of.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/many-vpn-providers-leak-customers-ip-address-via-webrtc-bug/


∗∗∗ 10 Best Practices for Mobile App Penetration Testing ∗∗∗
---------------------------------------------
Penetration testing is one of the best ways to thoroughly check your defense perimeters for security weaknesses. Pentesting can be used across the entire spectrum of an IT infrastructure, including network, web application and database security. But today [...]
---------------------------------------------
http://resources.infosecinstitute.com/10-best-practices-mobile-app-penetration-testing/


∗∗∗ How to Set Up a Web App Pentesting Lab in 4 Easy Steps ∗∗∗
---------------------------------------------
A pentesting lab can be a small entity used by one security tester, consisting of one or two computers; or it could be a larger set of networked computers behind a closed or secured network, used by a group of security testers.
---------------------------------------------
http://resources.infosecinstitute.com/set-web-app-pentesting-lab-4-easy-steps/


∗∗∗ Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT ∗∗∗
---------------------------------------------
Microsoft is pleased to announce the draft release of the security configuration baseline settings for the upcoming Windows 10 version 1803, codenamed "Redstone 4." Please evaluate this proposed baseline and send us your feedback via blog comments below. Download the content here: DRAFT-Windows-10-v1803-RS4 The downloadable attachment to this blog post includes importable GPOs, scripts for applying [...]
---------------------------------------------
https://blogs.technet.microsoft.com/secguide/2018/03/27/security-baseline-for-windows-10-v1803-redstone-4-draft/


∗∗∗ Unmasking Monero: stripping the currency’s privacy protection ∗∗∗
---------------------------------------------
The features that make blockchains trustworthy may leave them vulnerable to retrospective action.
---------------------------------------------
https://nakedsecurity.sophos.com/2018/03/28/unmasking-monero-stripping-the-currencys-privacy-protection/


∗∗∗ TA18-086A: Brute Force Attacks Conducted by Cyber Actors ∗∗∗
---------------------------------------------
[...] According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of brute force attack known as password spraying against organizations in the United States and abroad. On February 2018 [...]
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA18-086A


∗∗∗ Legacy technologies as a threat to EU's telecommunications infrastructure ∗∗∗
---------------------------------------------
EU level assessment of the current sets of protocols used in interconnections in telecommunications (SS7, Diameter).
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/legacy-technologies-as-a-threat-to-eu2019s-telecommunications-infrastructure


∗∗∗ Internet Ombudsmann und Watchlist Internet Jahresbericht 2017 ∗∗∗
---------------------------------------------
Der Internet Ombudsmann informiert auf der Watchlist Internet über Internet-Betrug, Fallen und Fakes. Die Watchlist Internet verfolgt das Ziel, Leser/innen dabei zu helfen, dass sie Verbrechensversuche erkennen und keine Opfer von Cybercrime werden. Im vergangenen Jahr 2017 verfügte die Watchlist Internet über 906 redaktionelle Beiträge und verzeichnete 1,45 Millionen Seitenaufrufe.
---------------------------------------------
https://www.watchlist-internet.at/news/internet-ombudsmann-und-watchlist-internet-jahresbericht-2017/


∗∗∗ Betrügerische Mahnungen von Prolex Inkasso ∗∗∗
---------------------------------------------
Konsument/innen erhalten im Auftrag von unseriösen Streaming-Plattformen eine Mahnung von Prolex Inkasso. Darin heißt es, dass Empfänger/innen ihre offenen Rechnungen nicht beglichen haben. Deshalb sollen sie 467,16 Euro an Prolex zahlen. Die Mahnung ist betrügerisch, eine Zahlungspflicht besteht nicht.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-mahnungen-von-prolex-inkasso/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Apples Festplattendienstprogramm "Disk Util.app" von macOS 10.13 High Sierra kann Passwort von verschlüsselten APFS-Dateisystemen offenlegen ∗∗∗
---------------------------------------------
Die Ausnutzung der Schwachstelle ermöglicht es einem lokalen Angreifer mit Administratorrechten und Zugriff auf das System-Log mit Besitz des externen Datenträgers das verschlüsselte APFS-Dateisystem zu entschlüsseln. Alle Nutzer des Festplattenprogramms sollten auf Ihren Systemen die neueste Version installieren, sobald diese zur Verfügung steht. Bis dahin sollten die Nutzer [...]
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/03/warnmeldung_tw-t18-0039.html


∗∗∗ Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 ∗∗∗
---------------------------------------------
This advisory includes mitigations for several vulnerabilities in the Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 PLCs.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01


∗∗∗ Philips Alice 6 Vulnerabilities ∗∗∗
---------------------------------------------
This advisory includes mitigation recommendations for improper authentication and missing data encryption vulnerabilities identified in the Philips Alice 6 System product.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (slf4j), Debian (firefox-esr, mupdf, net-snmp, and samba), Fedora (apache-commons-compress, calibre, chromium, glpi, kernel, libvncserver, libvorbis, mozjs52, ntp, slurm, sqlite, and wireshark), openSUSE (librelp), SUSE (librelp, LibVNCServer, and qemu), and Ubuntu (firefox and zsh).
---------------------------------------------
https://lwn.net/Articles/750291/


∗∗∗ Vuln: ImageMagick CVE-2018-8960 Heap Buffer Overflow Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/103523


∗∗∗ Security Advisory - Improper Authorization Vulnerability on Huawei Switch Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180328-01-authentication-en


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM B2B Advanced Communications ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014642


∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects IBM DataPower Gateways (CVE-2017-15906) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22014534


∗∗∗ IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1654) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012162


∗∗∗ RSA Authentication Agent for Web Multiple Flaws Let Remote Users Deny Service and Conduct Cross-Site Scripting Attacks and Let Local Users Obtain Potentially Sensitive Information ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1040577


∗∗∗ [R1] Tenable Appliance 4.7.0 Fixes One Vulnerability ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2018-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily