[CERT-daily] Tageszusammenfassung - 23.05.2018

Wed May 23 18:31:03 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 22-05-2018 18:00 − Mittwoch 23-05-2018 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Backdoor Account Found in D-Link DIR-620 Routers ∗∗∗
---------------------------------------------
Security researchers have found a backdoor account in the firmware of D-Link DIR-620 routers that allows hackers to take over any device reachable via the Internet.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/


∗∗∗ Six Vulnerabilities Found in Dell EMC's Disaster Recovery System, One Critical ∗∗∗
---------------------------------------------
A pen-tester has found five vulnerabilities in Dell EMC RecoverPoint devices, including a critical RCE that could allow total system compromise.
---------------------------------------------
https://threatpost.com/six-vulnerabilities-found-in-dell-emcs-disaster-recovery-system-one-critical/132179/


∗∗∗ VPNFilter – is a malware timebomb lurking on your router? ∗∗∗
---------------------------------------------
A Cisco paper reports on zombie malware that has apparently infected more than 500,000 home routers.
---------------------------------------------
https://nakedsecurity.sophos.com/2018/05/23/vpnfilter-is-a-malware-timebomb-lurking-on-your-router/


∗∗∗ An Old Trick with a New Twist: Cryptomining Through Disguised URL Shorteners ∗∗∗
---------------------------------------------
As we have previously discussed on this blog, surreptitious cryptomining continues to be a problem as new methods emerge to both evade and hasten the ease of mining at the expense of system administrators, website owners, and their visitors. Another Way Hackers are Tricking Website Visitors into Stealth Cryptomining [...]
---------------------------------------------
https://blog.sucuri.net/2018/05/cryptomining-through-disguised-url-shorteners.html


∗∗∗ CPU-Sicherheitslücken Spectre-NG: Updates und Info-Links ∗∗∗
---------------------------------------------
Hersteller von Hardware, Betriebssystemen und Software stellen Webseiten mit Informationen und Sicherheitsupdates für die neuen Spectre-Lücken Spectre V3a und Spectre V4 bereit: Ein Überblick.
---------------------------------------------
https://www.heise.de/ct/artikel/CPU-Sicherheitsluecken-Spectre-NG-Updates-und-Info-Links-4053268.html


∗∗∗ Angreifer könnten aktuelle BMW-Modelle über Mobilfunk kapern ∗∗∗
---------------------------------------------
Sicherheitsforscher haben Sicherheitslücken im Infotainment-System von verschiedenen BMW-Modellen ausgenutzt und so die Kontrolle übernommen. Ein Angriff aus der Ferne ist aber ziemlich aufwendig.
---------------------------------------------
https://www.heise.de/security/meldung/Angreifer-koennten-aktuelle-BMW-Modelle-ueber-Mobilfunk-kapern-4055235.html


∗∗∗ Efail: Welche E-Mail-Clients sind wie sicher? ∗∗∗
---------------------------------------------
Nach Veröffentlichung der Efail-Lücken in PGP und S/MIME herrscht unter Anwendern, die ihre E-Mails verschlüsseln viel Verunsicherung. Wir haben uns im Detail angeschaut, welche E-Mail-Programme bisher wie abgesichert wurden.
---------------------------------------------
https://www.heise.de/security/meldung/Efail-Welche-E-Mail-Clients-sind-wie-sicher-4053873.html


∗∗∗ Angebliche Lilihill DevCon GmbH versendet Schadsoftware ∗∗∗
---------------------------------------------
Betrüger versenden als angebliche Lilihill DevCon GmbH massenhaft Schadsoftware an Unternehmen. EmpfängerInnen finden eine E-Mail von sales at european-gmbh.pw mit dem Betreff "AW: Zahlung – EWT" in ihrem Posteingang. Darin werden Betroffene dazu aufgefordert eine ZIP-Datei aus dem Anhang der Mail zu öffnen. Doch Vorsicht! Die Datei enthält Schadsoftware und darf nicht geöffnet werden.
---------------------------------------------
https://www.watchlist-internet.at/news/angebliche-lilihill-devcon-gmbh-versendet-schadsoftware/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ VMware Workstation und Fusion: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Die Virtualisierungssoftware von VMware ermöglicht die simultane Ausführung von verschiedenen Betriebssystemen auf einem Host-System.
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/05/warnmeldung_tw-t18-0069.html


∗∗∗ [20180505] - Core - XSS Vulnerabilities & additional hardening ∗∗∗
---------------------------------------------
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Versions: 3.0.0 through 3.8.7
---------------------------------------------
https://developer.joomla.org/security-centre/733-20180505-core-xss-vulnerabilities-additional-hardening.html


∗∗∗ Synology-SA-18:25 SRM ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to inject arbitrary web script or HTML via a susceptible version of Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_25


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Debian (procps), Fedora (curl, mariadb, and procps-ng), Gentoo (samba, shadow, and virtualbox), openSUSE (opencv, openjpeg2, pdns, qemu, and wget), Oracle (java-1.8.0-openjdk and kernel), Red Hat (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, kernel-rt, libvirt, qemu-kvm, qemu-kvm-rhev, redhat-virtualization-host, and vdsm), Scientific Linux (java-1.7.0-openjdk, [...]
---------------------------------------------
https://lwn.net/Articles/755386/


∗∗∗ Vuln: Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/104239


∗∗∗ Security Advisory - Three JSON Injection Vulnerabilities in Huawei Some Products ∗∗∗
---------------------------------------------
http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180523-01-json-en


∗∗∗ Security Advisory - Information Exposure Vulnerability in Some Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180523-01-phone-en


∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Huawei Servers ∗∗∗
---------------------------------------------
http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180523-01-server-en


∗∗∗ Security Advisory - Numeric Errors Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180502-01-sccp-en


∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Netezza Firmware Diagnostics. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012498


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22015655


∗∗∗ IBM Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2017-15706) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012273


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect the IBM Storwize V7000 Unified ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012293


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012274


∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by a potential spoofing attack in IBM WebSphere Application Server vulnerability (CVE-2017-1788) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016546


∗∗∗ IBM Security Bulletin: Multiple Samba vulnerability affects IBM Storwize V7000 Unified (CVE-2017-15275, CVE-2017-14746 ) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012289


∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by a potential denial of service used by IBM WebSphere Application Server vulnerability (CVE-2017-12624) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016545


∗∗∗ IBM Security Bulletin: Authenticated Users in IBM UrbanCode Deploy can Obtain Secure Properties (CVE-2017-1752) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000376


∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects Tivoli Netcool/OMNIbus WebGUI (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016488

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily