[CERT-daily] Tageszusammenfassung - 16.05.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 15-05-2018 18:00 − Mittwoch 16-05-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers ∗∗∗
---------------------------------------------
An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when theyve uploaded a weaponized PDF file to a public malware scanning engine.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/shadowy-hackers-accidentally-reveal-two-zero-days-to-security-researchers/


∗∗∗ UPnP joins the just turn it off on consumer devices, already club ∗∗∗
---------------------------------------------
Before it amplifies DDoS attacks Universal Plug n Play, that eternal feast of the black-hat, has been identified as helping to amplify denial-of-service attacks.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2018/05/16/upnp_amplifies_ddos_attacks/


∗∗∗ CPU-Lücke Spectre V2: Microcode-Updates jetzt unter Windows 10 1803, unter Linux lückenhaft ∗∗∗
---------------------------------------------
Microcode-Updates für Intel-Prozessoren, die unter Windows zum Schutz vor der Sicherheitslücke Spectre V2 nötig sind, kommen nun auch per Windows Update für aktuelle Installationen; bei Linux gibt es aber noch Probleme.
---------------------------------------------
https://www.heise.de/-4050379



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Advantech WebAccess ∗∗∗
---------------------------------------------
This advisory includes mitigations for numerous vulnerabilities in Advantechs WebAccess products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01


∗∗∗ Red Hat Addresses DHCP Client Vulnerability ∗∗∗
---------------------------------------------
Original release date: May 16, 2018 Red Hat has released security updates to address a vulnerability in its Dynamic Host Configuration Protocol (DHCP) client packages for Red Hat Enterprise Linux 6 and 7. An attacker could exploit this vulnerability to take control of an affected system.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/05/16/Red-Hat-Addresses-DHCP-Client-Vulnerability


∗∗∗ XXE & XSS vulnerabilities in RSA Authentication Manager ∗∗∗
---------------------------------------------
RSA Authentication Manager is affected by several security vulnerabilities which can be exploited by an attacker to read arbitrary files, cause denial of service or attack other users of the web application with JavaScript code, browser exploits or Trojan horses.
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/xxe-xss-vulnerabilities-in-rsa-authentication-manager/


∗∗∗ CVE-2018-8176 | Microsoft PowerPoint Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
Affected Products: Microsoft Office 2016 for Mac
Microsoft recommends that customers running Microsoft Office 2016 for Mac install the update to be protected from this vulnerability.
---------------------------------------------
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8176


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (dhcp), Debian (xen), Fedora (dhcp, flac, kubernetes, leptonica, libgxps, LibRaw, matrix-synapse, mingw-LibRaw, mysql-mmm, patch, seamonkey, webkitgtk4, and xen), Mageia (389-ds-base, exempi, golang, graphite2, libpam4j, libraw, libsndfile, libtiff, perl, quassel, spring-ldap, util-linux, and wget), Oracle (dhcp and kernel), Red Hat (389-ds-base, chromium-browser, dhcp, docker-latest, firefox, kernel-alt, libvirt, qemu-kvm, redhat-vertualization-host, [...]
---------------------------------------------
https://lwn.net/Articles/754653/


∗∗∗ ZDI-18-468: (0Day) Delta Industrial Automation TPEditor TPE File Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-468/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015806


∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM GSKit and IBM GSKit-Crypto affect IBM Performance Management products ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016091


∗∗∗ IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-15698, CVE-2017-15706, CVE-2018-1304, CVE-2018-1305) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015795


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) – IBM Java SDK updates Jan 2018 ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015927


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015591


∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows (CVE-2017-16931, CVE-2017-16932) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099803


∗∗∗ IBM Security Bulletin: IBM API Connect is affected by an OPENSSL vulnerability (CVE-2017-3735) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22015811


∗∗∗ [R1] Nessus 7.1.0 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2018-05


∗∗∗ Oracle Java SE vulnerability CVE-2018-2799 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K33924005

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily