[CERT-daily] Tageszusammenfassung - 06.11.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 05-11-2018 18:00 − Dienstag 06-11-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ SSD: Forscher umgehen Passwörter bei verschlüsselten Festplatten ∗∗∗
---------------------------------------------
Bei manchen SSDs mit Hardwareverschlüsselung konnten Forscher die Firmware so manipulieren, dass sie beliebige Passwörter akzeptierte. Das war nicht das einzige Problem, das sie fanden. (Solid State Drive, Speichermedien)
---------------------------------------------
https://www.golem.de/news/ssd-forscher-umgehen-passwoerter-bei-verschluesselten-festplatten-1811-137527.html


∗∗∗ Malicious Powershell Script Dissection, (Tue, Nov 6th) ∗∗∗
---------------------------------------------
Here is another example of malicious Powershell script found while hunting. Such scripts remain a common attack vector and many of them can be easily detected just by looking for some specific strings. Here is an example of YARA rule [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/24282


∗∗∗ Struts 2.3 Vulnerable to Two Year old File Upload Flaw ∗∗∗
---------------------------------------------
Apache today released an advisory, urging users who run Apache Struts 2.3.x to update the commons-fileupload component [1]. Struts 2.3.x uses by default the old 1.3.2 version of commons-fileupload. In November of 2016, a deserialization vulnerability was disclosed and patched in commons-fileupload [2]. The vulnerability can lead to arbitrary remote code execution.
---------------------------------------------
https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File+Upload+Flaw/24278/


∗∗∗ GPU side channel attacks can enable spying on web activity, password stealing ∗∗∗
---------------------------------------------
Computer scientists at the University of California, Riverside have revealed for the first time how easily attackers can use a computer’s graphics processing unit, or GPU, to spy on web activity, steal passwords, and break into cloud-based applications.
---------------------------------------------
https://www.helpnetsecurity.com/2018/11/06/gpu-side-channel-attacks/


∗∗∗ Gefälschte Zahlungsanweisung an die Buchhaltung ∗∗∗
---------------------------------------------
Kriminelle geben sich als Geschäftsführung eines Unternehmens aus und versenden eine E-Mail an die Buchhaltung. Darin fordern sie die Mitarbeiter/innen dazu auf, dass sie einen hohen Geldbetrag ins Ausland überweisen. Angestellte, die die Zahlungsanweisung nicht als betrügerisch erkennen, transferieren die geforderte Summe an Kriminelle.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-zahlungsanweisung-an-die-buchhaltung/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Android Security Bulletin - November 2018 ∗∗∗
---------------------------------------------
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-11-05 or later address all of these issues. [...] The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
---------------------------------------------
https://source.android.com/security/bulletin/2018-11-01.html


∗∗∗ libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018 ∗∗∗
---------------------------------------------
Cisco has investigated its product line and has determined that no products or services are known to be affected by this vulnerability.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (glusterfs, gthumb, and mysql-5.5), Red Hat (389-ds-base, kernel, and xerces-c), Slackware (mariadb), SUSE (accountsservice, curl, icinga, kernel, and opensc), and Ubuntu (libxkbcommon, openssh, and ruby1.9.1, ruby2.0, ruby2.3, ruby2.5).
---------------------------------------------
https://lwn.net/Articles/770856/


∗∗∗ IBM Security Bulletin: IBM API Connect is vulnerable to CSV Injection (CVE-2018-1774) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-vulnerable-to-csv-injection-cve-2018-1774/


∗∗∗ IBM Security Bulletin: IBM MQ can cause a Denial of Service attack to connecting MQTT clients (CVE-2018-1684) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-can-cause-a-denial-of-service-attack-to-connecting-mqtt-clients-cve-2018-1684/


∗∗∗ IBM Security Bulletin: IBM Data Science Experience Local is affected by a Use of Hard-coded Password vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-data-science-experience-local-is-affected-by-a-use-of-hard-coded-password-vulnerability-2/


∗∗∗ IBM Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2018-0737) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability-affects-ibm-sterling-connectexpress-for-unix-cve-2018-0737/


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-cognos-analytics-2/


∗∗∗ IBM Security Bulletin: A Server Side Input Validation Vulnerability Affects IBM Campaign (CVE-2016-9749) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-server-side-input-validation-vulnerability-affects-ibm-campaign-cve-2016-9749/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily