[CERT-daily] Tageszusammenfassung - 18.10.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 17-10-2018 18:00 − Donnerstag 18-10-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Hack.lu 2018 Wrap-Up Day #2 ∗∗∗
---------------------------------------------
The second day started early with an eye-opener talk: “IPC – the broken dream of inherent security” by Thanh Bui. IPC or “Inter-Process Communications” are everywhere. You can compare them as a network connection between a ..
---------------------------------------------
https://blog.rootshell.be/2018/10/17/hack-lu-2018-wrap-up-day-2/


∗∗∗ Sicherheitslücken-Cocktail bringt D-Link-Router zu Fall ∗∗∗
---------------------------------------------
Ein Sicherheitsforscher kombiniert drei Sicherheitslücken und erlangt die volle Kontrolle über D-Link-Router. Patches gibt es noch nicht.
---------------------------------------------
http://heise.de/-4195134


∗∗∗ Distrust of the Symantec PKI: Immediate action needed by site operators ∗∗∗
---------------------------------------------
Chrome 70 has now been released to the Stable Channel, and users will start to see full screen interstitials on sites which still use certificates issues by the Legacy Symantec ..
---------------------------------------------
https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html


∗∗∗ VestaCP compromised in a new supply-chain attack ∗∗∗
---------------------------------------------
Customers see their admin credentials stolen and their servers infected with ..
---------------------------------------------
https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed


=====================
=  Vulnerabilities  =
=====================


∗∗∗ TYPO3-PSA-2018-001: By-passing Protection of PharStreamWrapper Interceptor ∗∗∗
---------------------------------------------
It has been discovered that the protection against insecure deserialization can be by-passed in PharStreamWrapper component.
---------------------------------------------
https://typo3.org/security/advisory/typo3-psa-2018-001/


∗∗∗ Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2018-006


∗∗∗ Drupal Core - 3rd-party libraries -SA-CORE-2018-005 ∗∗∗
---------------------------------------------
https://www.drupal.org/SA-CORE-2018-005


∗∗∗ HTML Mail - Critical - Remote Code Execution - SA-CONTRIB-2018-069 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-069


∗∗∗ Mime Mail - Critical - Remote Code Execution - SA-CONTRIB-2018-068 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-068


∗∗∗ Cisco Wireless LAN Controller Software Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlan-xss

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily