[CERT-daily] Tageszusammenfassung - 28.11.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 27-11-2018 18:00 − Mittwoch 28-11-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ The Nature of Mass Exploitation Campaigns ∗∗∗
---------------------------------------------
Examples of how attackers carry out mass exploitation campaigns and how to defend against them.
---------------------------------------------
https://threatpost.com/the-nature-of-mass-exploitation-campaigns/139428/


∗∗∗ TA18-331A: 3ve – Major Online Ad Fraud Operation ∗∗∗
---------------------------------------------
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred to by the U.S. Government as "3ve"—involving the control of over 1.7 million unique Internet Protocol (IP) addresses
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA18-331A


∗∗∗ Windows 10 1809: Update gegen Spectre-NG-Lücken ∗∗∗
---------------------------------------------
Mit dem Update KB4465065 liefert Microsoft Microcode-Updates für einige Intel-Prozessortypen zum Schutz gegen L1TF sowie Spectre V3a und V4.
---------------------------------------------
http://heise.de/-4234362



=====================
=  Vulnerabilities  =
=====================

∗∗∗ AVEVA Vijeo Citect and Citect SCADA ∗∗∗
---------------------------------------------
This advisory includes mitigations for an uncontrolled search path element vulnerability in Schneider Electrics Software Update utility affecting AVEVAs Vijeo Citect and Citect SCADA products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-331-01


∗∗∗ Cisco Prime License Manager SQL Injection Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web framework code of Cisco Prime License Manager(PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject


∗∗∗ FreeBSD: Multiple vulnerabilities in NFS server code ∗∗∗
---------------------------------------------
Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet.
---------------------------------------------
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:13.nfs.asc


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (powerdns-recursor and samba), Debian (ghostscript), Fedora (community-mysql, flatpak, gettext, git, php-PHPMailer, php-phpmailer6, and wireshark), Oracle (kernel and NetworkManager), Scientific Linux (ghostscript, kernel, NetworkManager, and sos-collector), SUSE (dpdk, java-1_7_1-ibm, kernel, python-oslo.cache, python-oslo.concurrency, python-oslo.db, python-oslo.log, python-oslo.messaging, python-oslo.middleware, python-oslo.serialization, [...]
---------------------------------------------
https://lwn.net/Articles/773179/


∗∗∗ Synology-SA-18:60 Samba AD DC ∗∗∗
---------------------------------------------
CVE-2018-16841 and CVE-2018-16851 allow remote authenticated users to conduct denial-of-service attacks via a susceptible version of Synology Active Directory Server.None of Synology products are affected by CVE-2018-14629, CVE-2018-16852, CVE-2018-16853, and CVE-2018-16857 as these vulnerabilities only affect Samba 4.9.0 and later.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_60


∗∗∗ Microsoft Windows: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K18-1128


∗∗∗ Security Advisory - Out-of-bounds Write Vulnerability on Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181128-02-smartphone-en


∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-12539) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-server-cve-2018-12539/


∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM SONAS (CVE-2016-0705) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-java-runtime-affect-ibm-sonas-cve-2016-0705/


∗∗∗ IBM Security Bulletin: The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale (CVE-2018-1783) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-elastic-storage-server-is-affected-by-a-vulnerability-in-ibm-spectrum-scale-cve-2018-1783/


∗∗∗ IBM Security Bulletin: The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale (CVE-2018-1782) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-elastic-storage-server-is-affected-by-a-vulnerability-in-ibm-spectrum-scale-cve-2018-1782/


∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects multiple IBM Rational products based on IBM Jazz technology ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-vulnerability-affects-multiple-ibm-rational-products-based-on-ibm-jazz-technology/


∗∗∗ IBM Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1723). CVE-2018-1723, gpfs, spectrum scale Security Bulletin ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-luw-on-aix-and-linux-affected-by-a-vulnerability-in-ibm-spectrum-scale-cve-2018-1723-cve-2018-1723-gpfs-spectrum-scale-security-bulletin/


∗∗∗ IBM Security Bulletin: This Power System firmware update is being released to address DHCP issue number CVE-2018-5732 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-firmware-update-is-being-released-to-address-dhcp-issue-number-cve-2018-5732/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily