[CERT-daily] Tageszusammenfassung - 21.09.2018

Fri Sep 21 18:04:46 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 20-09-2018 18:00 − Freitag 21-09-2018 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================


∗∗∗ Unwiped Drives and Servers from NCIX Retailer for Sale on Craigslist ∗∗∗
---------------------------------------------
Servers and storage disks filled with millions of unencrypted confidential records of employees, customers ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/unwiped-drives-and-servers-from-ncix-retailer-for-sale-on-craigslist/


∗∗∗ Pre-Pwned AMI Images in Amazons AWS public instance store, (Fri, Sep 21st) ∗∗∗
---------------------------------------------
I keep getting reports about AMI images in Amazon&#;x26;#;39;s AWS, which come "pre-pwned." These images ..
---------------------------------------------
https://isc.sans.edu/diary/rss/24126


∗∗∗ AES Resulted in a $250-Billion Economic Benefit ∗∗∗
---------------------------------------------
NIST has released a new study concluding that the AES encryption standard has resulted in a $250-billion worldwide economic benefit over the past 20 years. I have no idea how to even begin to assess the quality of the ..
---------------------------------------------
https://www.schneier.com/blog/archives/2018/09/aes_resulted_in.html


∗∗∗ DanaBot shifts its targeting to Europe, adds new features ∗∗∗
---------------------------------------------
Recently, we have spotted a surge in activity of DanaBot, a stealthy banking Trojan discovered earlier this year. The malware, first observed in campaigns targeting Australia and later Poland, has apparently ..
---------------------------------------------
https://www.welivesecurity.com/2018/09/21/danabot-targeting-europe-adds-new-features/


∗∗∗ Cyber - USA und Großbritannien rüsten im Cyberspace auf ∗∗∗
---------------------------------------------
Größerer Fokus auf eigene Offensiven gegen Angreifer von außen
---------------------------------------------
https://derstandard.at/2000087842532/USA-und-Grossbritannien-ruesten-im-Cyberspace-auf


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Tec4Data SmartCooler ∗∗∗
---------------------------------------------
This advisory includes mitigations for a missing authentication for critical function vulnerability in Tec4Datas SmartCooler, a cooling appliance.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-263-01


∗∗∗ Rockwell Automation RSLinx Classic ∗∗∗
---------------------------------------------
This advisory includes mitigations for stack-based buffer overflow, heap-based buffer overflow, and resource exhaustion vulnerabilities in Rockwell Automation’s RSLinx Classic.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02


∗∗∗ Security Advisory 2018-05: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/


∗∗∗ Security Advisory 2018-04: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/


∗∗∗ Vuln: Microsoft Windows JET Database Engine Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/105376


∗∗∗ Wireshark Bugs in Multiple Dissectors Let Remote Users Cause the Application to Crash or Consume Excessive CPU Resources ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1041608


∗∗∗ MediaWiki Multiple Flaws Let Remote Authenticated Users Bypass Security Restrictions and Obtain Potentially Sensitive Information ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1041695


∗∗∗ Asterisk Stack Overflow in HTTP Websocket Upgrade Lets Remote Users Cause the Target Service to Crash ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1041694


∗∗∗ RSA Authentication Manager Input Validation Flaws Let Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1041697


∗∗∗ HPESBST03881 rev.1 - HPE Command View Advanced Edition (CVAE), Local and Remote Access Restriction Bypass ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us


∗∗∗ HPESBST03879 rev.1 - HPE StorageWorks XP7 Automation Director (AutoDir), Local and Remote Authentication Bypass ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03879en_us


∗∗∗ HPESBST03882 rev.1 - HPE Command View Advance Edition (CVAE) using JDK, Local and Remote Authentication Bypass ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily