- Daily - CERT.at

Tageszusammenfassung - 28.02.2019
by Daily end-of-shift report 28 Feb '19

28 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-02-2019 18:00 − Donnerstag 28-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ ENISA makes recommendations on EU-wide election cybersecurity ∗∗∗ --------------------------------------------- In the context of the upcoming elections for the European Parliament, today the EU Agency for Cybersecurity ENISA publishes an opinion paper on the cybersecurity of elections and provides concrete and forward-looking recommendations to improve the cybersecurity of electoral processes in the EU. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-makes-recommendations-on-… ∗∗∗ Schluss mit Krypto-Mining im Browser: Coinhive stellt Betrieb ein ∗∗∗ --------------------------------------------- Webseitenbesucher mehr oder minder freiwillig Kryptogeld schürfen lassen lohnt wohl nicht mehr: Der Krypto-Mining-Dienst Coinhive gibt auf. --------------------------------------------- http://heise.de/-4322936 ∗∗∗ Vorsicht beim Kauf von Konzertkarten über Facebook ∗∗∗ --------------------------------------------- Konsument/innen finden auf den Facebookseiten unterschiedlichster Konzerte und Events Ticket-Verkaufsangebote von Privatpersonen. Wer die Tickets kaufen möchte, tritt häufig in Kontakt mit Kriminellen, die Fake-Profile nutzen. Das Geld soll ins Ausland überwiesen werden, die Konzertkarten existieren nicht und die Nutzer/innenkonten der Betroffenen werden später für die gleiche Betrugsmasche missbraucht. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-beim-kauf-von-konzertkarten… ∗∗∗ perfect-housekeeping.store und hauslinie.store sind Fake-Shops ∗∗∗ --------------------------------------------- Auf der Suche nach günstigen Haushaltsgeräten stoßen Sie womöglich auf perfect-housekeeping.store oder hauslinie.store. Kaffeemaschinen, Kühlschränke, Waschmaschinen und Co können dort deutlich günstiger als in anderen Shops erworben werden. Wir raten von einer Bestellung ab, denn die Ware kann ausschließlich vorab bezahlt werden. Geliefert wird jedoch nie! --------------------------------------------- https://www.watchlist-internet.at/news/perfect-housekeepingstore-und-hausli… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gpac, qemu, and sox), openSUSE (libqt5-qtbase), Red Hat (java-1.8.0-openjdk and java-11-openjdk), SUSE (bluez), and Ubuntu (nss and openssl, openssl1.0). --------------------------------------------- https://lwn.net/Articles/780960/ ∗∗∗ ZDI-19-230: (0day) Advantech WebAccess Node tv_enua Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-230/ ∗∗∗ ZDI-19-229: (0day) Advantech WebAccess Node spchapi Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-229/ ∗∗∗ ZDI-19-228: (0day) Microsoft Visual Studio settings XML External Entity Processing Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-228/ ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190228-… ∗∗∗ IBM Security Bulletin: IBM Cloud Private is affected by an issue with runc used by Docker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-is-… ∗∗∗ IBM Security Bulletin: Kernel Buffer Overflow in IBM Security Trusteer Rapport for MacOS (CVE-2018-1985) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-kernel-buffer-overflo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.02.2019
by Daily end-of-shift report 27 Feb '19

27 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 26-02-2019 18:00 − Mittwoch 27-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Google Analytics and Angular in Magento Credit Card Stealing Scripts ∗∗∗ --------------------------------------------- Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners. The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js, js/meigee/jquery.min.js, and js/varien/js.js. The obfuscated code loads another script from www.google-analytics[.]cm/analytics.js. Continue reading --------------------------------------------- https://blog.sucuri.net/2019/02/google-analytics-and-angular-in-magento-cre… ∗∗∗ Top ten most popular docker images each contain at least 30 vulnerabilities ∗∗∗ --------------------------------------------- [...] The findings show that in every docker image we scanned, we found vulnerable versions of system libraries. The official Node.js image ships 580 vulnerable system libraries, followed by the others each of which ship at least 30 publicly known vulnerabilities. --------------------------------------------- https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-lea… ∗∗∗ Thunderclap: Macs und PCs anfällig für bösartige Thunderbolt-Peripherie ∗∗∗ --------------------------------------------- Bestehende Schutzmechanismen reichen laut Sicherheitsforschern nicht aus, um Angriffe über USB-C-Peripherie abzuwehren. --------------------------------------------- http://heise.de/-4321946 ∗∗∗ Chrome Zero-Day Exploited to Harvest User Data via PDF Files ∗∗∗ --------------------------------------------- Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google’s web browser. read more --------------------------------------------- https://www.securityweek.com/chrome-zero-day-exploited-harvest-user-data-pd… ∗∗∗ Ärger mit vermeintlich kostenlosen Bestellungen! ∗∗∗ --------------------------------------------- Zahlreiche Konsument/innen beschweren sich über Online-Shops wie vermano.de, vimabel.de, deinschmuckladen.com oder lieblings-mensch.com bei uns. Diese werben mit kostenlosen Produkten, für die lediglich Versandkosten anfallen. Die Bestellungen können viel Ärger mit sich bringen. So sind die sie beispielsweise minderwertig, kommen nicht an, führen zu hohen Mahngebühren oder Rücktritte sind nicht möglich. Wir raten von Einkäufen ab. --------------------------------------------- https://www.watchlist-internet.at/news/aerger-mit-vermeintlich-kostenlosen-… ===================== = Vulnerabilities = ===================== ∗∗∗ Moxa IKS, EDS ∗∗∗ --------------------------------------------- This advisory includes mitigations for classic buffer overflow, cross-site request forgery, cross-site scripting, improper access controls, improper restriction of excessive authentication attempts, missing encryption of sensitive data, out-of-bounds read, unprotected storage of credentials, predictable from observable state, and uncontrolled resource consumption vulnerabilities reported in the Moxa IKS and EDS industrial switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 ∗∗∗ Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (elasticsearch and logstash), CentOS (java-1.8.0-openjdk, kernel, and polkit), Debian (chromium, exiv2, and phpmyadmin), Fedora (java-1.8.0-openjdk-aarch32 and mgetty), openSUSE (docker-runc, gvfs, qemu, systemd, and thunderbird), Oracle (java-1.8.0-openjdk, kernel, and polkit), Red Hat (polkit), Scientific Linux (java-1.8.0-openjdk, kernel, and polkit), Slackware (openssl), SUSE (amavisd-new, apache2, ceph, containerd, docker, docker-runc, [...] --------------------------------------------- https://lwn.net/Articles/780859/ ∗∗∗ IBM Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5391) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-the-… ∗∗∗ IBM Security Bulletin: Multiple Samba vulnerabilities affect IBM Spectrum Protect Plus (CVE-2018-1139, CVE-2018-1140, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-samba-vulner… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.02.2019
by Daily end-of-shift report 26 Feb '19

26 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 25-02-2019 18:00 − Dienstag 26-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Studie: Verwundbare Geräte in vier von zehn Heimnetzwerken ∗∗∗ --------------------------------------------- 16 Millionen Heimnetzwerke wurden für eine Studie der Sicherheitsfirma Avast überprüft: In fast jedem zweiten Netzwerk wurden verwundbare Geräte gefunden. Viele Nutzer haben noch nie ihren Router aktualisiert. --------------------------------------------- https://www.golem.de/news/studie-verwundbare-geraete-in-vier-von-zehn-heimn… ∗∗∗ BSI warnt vor IT-Geräten mit vorinstallierter Schadsoftware ∗∗∗ --------------------------------------------- Auf Tablets und Smartphones, die über Online-Plattformen auch in Deutschland gekauft werden können, kann sich vorinstallierte Schadsoftware befinden. Das hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) zunächst an einem Tablet nachgewiesen. Das BSI warnt vor dem Einsatz dieses Geräts auf Grundlage von §7 des BSI-Gesetzes und rät allen Anwenderinnen und Anwendern zu besonderer Vorsicht. Im Zuge der Analyse sind zudem weitere Geräte [...] --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Warnung_vor… ∗∗∗ Sicherheitsupdates: Nvidia schützt Grafikkartentreiber vor Angriffen ∗∗∗ --------------------------------------------- Aktualisierte Treiber für verschiedene Nvidia-Grafikkarten schließen mehrere Sicherheitslücken. --------------------------------------------- http://heise.de/-4320123 ===================== = Vulnerabilities = ===================== ∗∗∗ OpenSSL Security Advisory [26 February 2019] ∗∗∗ --------------------------------------------- 0-byte record padding oracle (CVE-2019-1559) --------------------------------------------- https://www.openssl.org/news/secadv/20190226.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bind, kibana, systemd, and thunderbird), Debian (elfutils and liblivemedia), Fedora (kernel, kernel-headers, kernel-tools, and SDL), openSUSE (dovecot23, firefox, kauth, python-Jinja2, python-numpy, and thunderbird), Red Hat (java-1.8.0-openjdk and kernel), SUSE (python, python-amqp, python-oslo.messaging, python-ovs, python-paramiko, python-psql2mysql, qemu, and supportutils), and Ubuntu (ghostscript, gnome-keyring, and ldb). --------------------------------------------- https://lwn.net/Articles/780769/ ∗∗∗ Vulnerability involving IBM Cloud Baseboard Management Controller (BMC) Firmware ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/vulnerability-involving-ibm-cloud-baseboard… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ Advanced CloudPaks are vulnerable to a denial of service attack within the Systemd package (CVE-2019-6454) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud… ∗∗∗ IBM Security Bulletin: IBM Content Navigator uses a common key to encrypt certain user names and passwords ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: Vulnerability in tcpdump affects AIX (CVE-2018-19519) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-tcpd… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Java SE affect IBM Spectrum Protect Plus (CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214, CVE-2018-13785) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2018-3139. CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerabilities in IBM Spectrum Protect Operations Center (CVE-2018-1854, CVE-2018-1855) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2018-1685, CVE-2018-1710, CVE-2018-1711, CVE-2018-1780, CVE-2018-1781, CVE-2018-1799, CVE-2018-1802, CVE-2018-1834, CVE-2018-1857, CVE-2018-1897) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerab… ∗∗∗ IBM Security Bulletin: Password disclosure via trace log in IBM Spectrum Protect Operations Center (CVE-2018-1769) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-disclosure-v… ∗∗∗ The BIG-IP APM system may log passwords in plaintext when the Debug log level is enabled ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31757417 ∗∗∗ BIG-IP TMM vulnerability CVE-2019-6594 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K91026261 ∗∗∗ BIG-IP APM XSS vulnerability CVE-2019-6595 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31424926 ∗∗∗ TMM SSL profile vulnerability CVE-2019-6592 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54167061 ∗∗∗ BIG-IP APM web pages may be indexed by search engines ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K88126845 ∗∗∗ TMM TLS virtual server vulnerability CVE-2019-6593 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10065173 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.02.2019
by Daily end-of-shift report 25 Feb '19

25 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-02-2019 18:00 − Montag 25-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitslücken: PDF-Signaturen fälschen leicht gemacht ∗∗∗ --------------------------------------------- Signaturen von PDF-Dateien sind offenbar nicht besonders sicher: Einem Forscherteam der Uni Bochum gelang es, die Signaturprüfung in nahezu allen PDF-Programmen auszutricksen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-pdf-signaturen-faelschen-leich… ∗∗∗ How to Use an Audit Log to Practice WordPress Forensics ∗∗∗ --------------------------------------------- User accountability, improved security & forensics, adhering to compliance and easy troubleshooting are just a few of the benefits of keeping an activity log on your WordPress site. --------------------------------------------- https://www.htbridge.com/blog/benefits-activity-logs-wordpress-site.html ∗∗∗ Geldwäsche durch Bewerbung bei nebenverdienst-jobs.de ∗∗∗ --------------------------------------------- Über diverse Job-Plattformen und Inseratsseiten locken Kriminelle Konsument/innen auf nebenverdienst-jobs.de. Job-Suchenden werden hier monatliche Überweisungen für das Eröffnen und Zurverfügungstellen eines Bankkontos versprochen. Interessent/innen dürfen sich keinesfalls bewerben, denn es handelt sich um eine Methode der Geldwäsche, durch die sich Konsument/innen unter Umständen strafbar machen. --------------------------------------------- https://www.watchlist-internet.at/news/geldwaesche-durch-bewerbung-bei-nebe… ∗∗∗ New browser attack lets hackers run bad code even after users leave a web page ∗∗∗ --------------------------------------------- MarioNet attack lets hackers create botnets from users browsers. --------------------------------------------- https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-… ===================== = Vulnerabilities = ===================== ∗∗∗ SSA-844562: Multiple Vulnerabilities in Licensing Software for WinCC OA ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been identified in the WibuKey Digital Rights Management (DRM) solution, which affect WinCC OA. Siemens recommends users to apply the updates to WibuKey Digital Rights Management (DRM) provided by WIBU SYSTEMS AG. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-844562.txt ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (msmtp and python-mysql-connector), Debian (freedink-dfarc, rssh, sox, and waagent), Fedora (docker-latest, java-1.8.0-openjdk, koji, pagure, poppler, and spice), openSUSE (ansible, GraphicsMagick, mosquitto, pspp, spread-sheet-widget, and python-python-gnupg), Red Hat (chromium-browser), Slackware (file), SUSE (kernel, python-Django, qemu, and thunderbird), and Ubuntu (bind9). --------------------------------------------- https://lwn.net/Articles/780692/ ∗∗∗ SA-CORE-2019-003 Notice of increased risk and Additional exploit path - PSA-2019-02-22 ∗∗∗ --------------------------------------------- [...] This Public Service Announcement is a follow-up to SA-CORE-2019-003. This is not an announcement of a new vulnerability. If you have not updated your site as described in SA-CORE-2019-003 you should do that now. There are public exploits now available for this SA. --------------------------------------------- https://www.drupal.org/psa-2019-02-22 ∗∗∗ PHP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0166 ∗∗∗ IBM Security Bulletin: BigFix deployments with internet-facing relays that are not configured as authenticating are prone to security threats (CVE-2019-4061) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-deployments-wi… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage SDK Java (Feb 2019) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by a potential SQL Injection vulnerability CVE-2018-1819 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services 2.1.1: Information Leakage in configuration listing (CVE-2018-1670) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSLP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2017-17833) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: Vulnerability in Service Assistant affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-1775) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-serv… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability in DHCP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-dhcp… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.02.2019
by Daily end-of-shift report 22 Feb '19

22 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-02-2019 18:00 − Freitag 22-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Statische Analyse von bösartigen Makros in Office-Dokumenten (am Beispiel der Schadsoftware Emotet) ∗∗∗ --------------------------------------------- Verdächtige Office-Dokumente können mit frei verfügbaren Werkzeugen auf Schadsoftware geprüft werden. Dieser Artikel gibt einen Einblick in die statische Analyse solcher Dokumente. --------------------------------------------- https://www.dfn-cert.de/aktuell/malicious-macros-emotet.html ∗∗∗ Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware ∗∗∗ --------------------------------------------- The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online phishing campaigns impersonate a popular brand or product through specially crafted emails, SMS, or social media networks. These campaigns employ various methods including email spoofing, fake or real employee names, and recognized branding to trick users into believing they are from a legitimate source. --------------------------------------------- https://blog.sucuri.net/2019/02/hackers-use-fake-google-recaptcha-to-cloak-… ∗∗∗ VB2018 paper: The modality of mortality in domain names ∗∗∗ --------------------------------------------- Domains play a crucial role in most cyber attacks, from the very advanced to the very mundane. Today, we publish a VB2018 paper by Paul Vixie (Farsight Security) who undertook the first systematic study into the lifetimes of newly registered domains. --------------------------------------------- https://www.virusbulletin.com:443/blog/2019/02/vb2018-paper-modality-mortal… ∗∗∗ The lazy person’s guide to cybersecurity: minimum effort for maximum protection ∗∗∗ --------------------------------------------- How can we help our less tech-savvy friends stay more secure online? By giving them a lazy persons guide to cybersecurity, we can offer maximum protection for minimal effort.Categories: 101How-tosTags: cybersecuritypassword managerpotentially unwanted programspush notificationstech support scamsuser awarenessuser education(Read more...)The post The lazy person’s guide to cybersecurity: minimum effort for maximum protection appeared first on Malwarebytes Labs. --------------------------------------------- https://blog.malwarebytes.com/101/2019/02/the-lazy-persons-guide-to-cyberse… ===================== = Vulnerabilities = ===================== ∗∗∗ Cr1ptT0r Ransomware Infects D-Link NAS Devices, Targets Embedded Systems ∗∗∗ --------------------------------------------- A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cr1ptt0r-ransomware-infects-… ∗∗∗ Sicherheitsupdates: Lücken in Cisco HyperFlex machen Angreifer zum Root ∗∗∗ --------------------------------------------- Cisco hat wichtige Sicherheitsupdates für verschiedenen Produkte veröffentlicht. Keine der Lücken gilt als kritisch. --------------------------------------------- http://heise.de/-4315921 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (libreoffice, libtiff, spice, and spice-gtk), openSUSE (build, mosquitto, and nodejs6), Red Hat (firefox, flatpak, and systemd), Scientific Linux (firefox, flatpak, and systemd), SUSE (kernel-firmware and texlive), and Ubuntu (bind9 and ghostscript). --------------------------------------------- https://lwn.net/Articles/780543/ ∗∗∗ Internet Systems Consortium BIND: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen oder Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0161 ∗∗∗ WinRAR: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in WinRAR ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0162 ∗∗∗ Adobe Acrobat DC: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Adobe Acrobat DC, Adobe Acrobat Reader DC, Adobe Acrobat und Adobe Reader ausnutzen, um Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0163 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js and OpenSSL affect IBM Watson Assistant on IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Watson Assistant on IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2014-7810) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2018-1767) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ BIND vulnerability CVE-2018-5744 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00040234 ∗∗∗ BIND vulnerability CVE-2018-5745 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K25244852 ∗∗∗ BIND vulnerability CVE-2019-6465 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01713115 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.02.2019
by Daily end-of-shift report 21 Feb '19

21 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-02-2019 18:00 − Donnerstag 21-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Schadcode: 19 Jahre alte Sicherheitslücke in Winrar ∗∗∗ --------------------------------------------- Vorsicht beim Entpacken von ACE-Archiven: Sie können Dateien an beliebige Orte des Systems schreiben - und damit auch Code ausführen. Ein stabiles Update von Winrar wurde noch nicht veröffentlicht. --------------------------------------------- https://www.golem.de/news/schadcode-19-jahre-alte-sicherheitsluecke-in-winr… ∗∗∗ The new developments Of the FBot ∗∗∗ --------------------------------------------- Background introductionBeginning on February 16, 2019, 360Netlab has discovered that a large number of HiSilicon DVR/NVR Soc devices have been exploited by attackers to load an updated Fbot botnet program. Fbot was originally discovered and disclosed by 360Netlab [1] , it has been active and is constantly being upgraded. --------------------------------------------- https://blog.netlab.360.com/the-new-developments-of-the-fbot-en/ ∗∗∗ Achtung bei angeblichen Anrufen von Apple ∗∗∗ --------------------------------------------- Kriminelle kontaktieren iPhone-Nutzer/innen und erklären, dass es bei Apple angeblich zu einer Datenpanne gekommen sei und ihre Apple-ID betroffen sei. Sie werden aufgefordert eine weitere Service-Nummer anzurufen, um das Problem zu beheben. Das tückische dahinter: Auf Ihrem Bildschirm scheint die Apple-Support-Nummer samt Logo auf. Brechen Sie das Gespräch ab oder gehen Sie nicht ran! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-bei-angeblichen-anrufen-von-… ∗∗∗ nordischesdesign.com ist unseriös ∗∗∗ --------------------------------------------- Der Online-Shop nordischesdesign.com bietet moderne Möbel, Lampen, Dekorationsartikel und Geschirr im nordischen Design. Wir raten von einer Bestellung ab, da nicht sicher ist, ob Sie die bestellte Ware erhalten. nordischesdesign.com hat kein Impressum und bietet Konsument/innen keine Kontaktmöglichkeit. --------------------------------------------- https://www.watchlist-internet.at/news/nordischesdesigncom-ist-unserioes/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB19-13) ∗∗∗ --------------------------------------------- Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB19-13). These updates address a reported bypass to the fix for CVE-2019-7089 first introduced in 2019.010.20091, 2017.011.30120 and 2015.006.30475 and released on February 12, 2019. Successful exploitation could lead to sensitive [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1711 ∗∗∗ Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003 ∗∗∗ --------------------------------------------- Project: Drupal coreDate: 2019-February-20Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Remote Code ExecutionCVE IDs: CVE-2019-6340Description: Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. --------------------------------------------- https://www.drupal.org/sa-core-2019-003 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, flatpak, and systemd), Fedora (createrepo_c, dnf, dnf-plugins-core, dnf-plugins-extras, docker, libcomps, libdnf, and runc), Mageia (giflib, irssi, kernel, kernel-linus, libexif, poppler, tcpreplay, and zziplib), and SUSE (php5, procps, and qemu). --------------------------------------------- https://lwn.net/Articles/780454/ ∗∗∗ Microsoft Internet Information Services (IIS): Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0159 ∗∗∗ Linux kernel vulnerability CVE-2018-5953 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K94735334 ∗∗∗ Linux kernel vulnerability CVE-2018-10883 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K94735334 ∗∗∗ libcurl vulnerability CVE-2016-8618 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10196624 ∗∗∗ cURL and libcurl vulnerability CVE-2017-2628 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35453761 ∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2018-17199, CVE-2018-17189, and CVE-2019-0190 in the IBM i HTTP Server affect IBM i. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a kernel vulnerability (CVE-2018-5391) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by krb5 vulnerabilities (CVE-2018-5730 and CVE-2018-5729) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by GnuTLS vulnerabilities (CVE-2018-10845 and CVE-2018-10844) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a Mozilla Network Security Services (NSS) vulnerability (CVE-2018-12384) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a UI message injection vulnerability (CVE-2018-1666) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by an unauthorized access vulnerability (CVE-2018-1668) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site request forgery vulnerability (CVE-2018-1661) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.02.2019
by Daily end-of-shift report 20 Feb '19

20 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-02-2019 18:00 − Mittwoch 20-02-2019 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SQL injection explained: How SQLi attacks work and how to prevent them ∗∗∗ --------------------------------------------- What is SQL injection?SQL injection is a type of attack that can give an adversary complete control over your web application database by inserting arbitrary SQL code into a database query.Immortalized by "Little Bobby Drop Tables" in XKCD 327, SQL injection (SQLi) was first discovered in 1998, yet continues to plague web applications across the internet. Even the OWASP Top Tenlists injection as the number one threat to web application security. --------------------------------------------- https://www.csoonline.com/article/3257429/application-security/what-is-sql-… ∗∗∗ Sicherheit: Github startet Safe Harbor für Bug-Bounty-Programm ∗∗∗ --------------------------------------------- Um Teilnehmer seines Bug-Bounty-Programms rechtlich besser abzusichern, startet Github ein Safe-Harbor-Programm, das die Aktionen der Sicherheitsforscher absichern soll. Die Richtlinien basieren auf eigener Erfahrung und Vorlagen aus der Community. Das Programm selbst wird ebenfalls erweitert. (Github, Urheberrecht) --------------------------------------------- https://www.golem.de/news/sicherheit-github-startet-safe-harbor-fuer-bug-bo… ∗∗∗ Password Managers: Under the Hood of Secrets Management ∗∗∗ --------------------------------------------- [...] In this paper we propose security guarantees password managers should offer and examine the underlying workings of five popular password managers targeting the Windows 10 platform: 1Password 7, 1Password 4, Dashlane, KeePass, and LastPass. --------------------------------------------- https://www.securityevaluators.com/casestudies/password-manager-hacking/ ∗∗∗ Phishers’ new trick for bypassing email URL filters ∗∗∗ --------------------------------------------- Phishers have come up with another trick to make Office documents carrying malicious links undetectable by many e-mail security services: they delete the links from the document’s relationship file (xml.rels). The trick has been spotted being used in a email spam campaign aimed at leading victims to a credential harvesting login page. --------------------------------------------- https://www.helpnetsecurity.com/2019/02/20/phishers-new-trick-for-bypassing… ∗∗∗ Combing Through Brushaloader Amid Massive Detection Uptick ∗∗∗ --------------------------------------------- Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Matthew Molyett.Executive SummaryOver the past several months, Cisco Talos has been monitoring various malware distribution campaigns leveraging the malware loader Brushaloader to deliver malware payloads to systems. Brushaloader is currently characterized by the use of various scripting elements, such as PowerShell, to minimize the number of artifacts left on infected systems. --------------------------------------------- https://blog.talosintelligence.com/2019/02/combing-through-brushaloader.html ∗∗∗ Siegeware: When criminals take over your smart building ∗∗∗ --------------------------------------------- Siegeware is what you get when cybercriminals mix the concept of ransomware with building automation systems: abuse of equipment control software to threaten access to physical facilities. --------------------------------------------- https://www.welivesecurity.com/2019/02/20/siegeware-when-criminals-take-ove… ===================== = Vulnerabilities = ===================== ∗∗∗ Intel Data Center Manager SDK ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for improper authentication, protection mechanism failure, permission issues, key management errors, and insufficient control flow management vulnerabilities reported in Intels Data Center Manger software development kit. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01 ∗∗∗ Delta Industrial Automation CNCSoft ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an out-of-bounds read vulnerability reported in the Delta Electronics Delta Industrial Automation CNCSoft. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-050-02 ∗∗∗ Horner Automation Cscape ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability in the Horner Automation Cscape software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-050-03 ∗∗∗ Rockwell Automation Allen-Bradley PowerMonitor 1000 ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for cross-site scripting and authentication bypass vulnerabilities reported in Rockwell Automations Allen-Bradley PowerMonitor 1000, a compact power monitor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04 ∗∗∗ WordPress 5.0.0 Remote Code Execution ∗∗∗ --------------------------------------------- This blog post details how a combination of a Path Traversal and Local File Inclusion vulnerability lead to Remote Code Execution in the WordPress core. The vulnerability remained uncovered in the WordPress core for over 6 years. --------------------------------------------- https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ansible, drupal7, and systemd), Fedora (botan2, ceph, and firefox), Oracle (firefox, flatpak, and systemd), Red Hat (firefox), SUSE (gvfs, kernel, libqt5-qtbase, python-numpy, and qemu), and Ubuntu (gdm3). --------------------------------------------- https://lwn.net/Articles/780344/ ∗∗∗ Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure Certificate Validation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director XML External Entity Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco HyperFlex Software Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Hyperflex Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco HyperFlex Arbitrary Statistics Write Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Threat Defense Software SSL or TLS Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco HyperFlex Software Unauthenticated Root Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Double Free Vulnerability on Bastet Module of Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-… ∗∗∗ Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-… ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.02.2019
by Daily end-of-shift report 19 Feb '19

19 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 18-02-2019 18:00 − Dienstag 19-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers Use Compromised Banks as Starting Points for Phishing Attacks ∗∗∗ --------------------------------------------- Cybercriminals attacking banks and financial organizations use their foothold in a compromised infrastructure to gain access to similar targets in other regions or countries. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-use-compromised-bank… ∗∗∗ No More Ransom to the Rescue: New Decryption Tool Released for Latest Version of GandCrab ransomware ∗∗∗ --------------------------------------------- The wait for the victims of GandCrab is over: a new decryption tool has been released today for free on the No More Ransom depository for the latest strand of GandCrab, one of the world’s most prolific ransomware to date. This tool was developed by the Romanian Police in close collaboration with the internet security company Bitdefender and Europol, together with the support of law enforcement authorities from Austria, Belgium, Cyprus, France, Germany, Italy, the Netherlands, UK, Canada [...] --------------------------------------------- https://www.europol.europa.eu/newsroom/news/no-more-ransom-to-rescue-new-de… ∗∗∗ SHA-2-Patch für Windows 7 und Windows Server 2008/R2 kommt im März ∗∗∗ --------------------------------------------- Microsoft plant ein Update für Windows 7/Server 2008 (R2). Es soll das Betriebssystem für die Erkennung SHA-2 signierter Updates fit machen. --------------------------------------------- http://heise.de/-4312194 ∗∗∗ Criminal hacking hits Managed Service Providers: Reasons and responses ∗∗∗ --------------------------------------------- Recent news articles show that MSPs are now being targeted by criminals, and for a variety of nefarious reasons. Why is this happening, and what should MSPs do about it? --------------------------------------------- https://www.welivesecurity.com/2019/02/19/criminal-hacking-hits-managed-ser… ∗∗∗ Rietspoof malware spreads via Facebook Messenger and Skype spam ∗∗∗ --------------------------------------------- Avast researchers spot new malware spreading via instant messaging clients. --------------------------------------------- https://www.zdnet.com/article/rietspoof-malware-spreads-via-facebook-messen… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, rdesktop, rssh, systemd, and uriparser), Fedora (bouncycastle, eclipse-jgit, eclipse-linuxtools, jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-dataformat-xml, jackson-dataformats-binary, jackson-dataformats-text, jackson-datatype-jdk8, jackson-datatype-joda, jackson-datatypes-collections, jackson-jaxrs-providers, jackson-module-jsonSchema, jackson-modules-base, jackson-parent, moby-engine, and subversion), [...] --------------------------------------------- https://lwn.net/Articles/780245/ ∗∗∗ Critical Release - PSA-2019-02-19 ∗∗∗ --------------------------------------------- Date: 2019-February-19Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Critical ReleaseDescription: There will be a security release of 8.5.x and 8.6.x on February 20th 2019 between 1PM to 5PM America/New York (1800 to 2200 UTC). (To see this in your local timezone, refer to the Drupal Core Calendar) . The risk on this is currently rated at 20/25 (Highly critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:Uncommon. --------------------------------------------- https://www.drupal.org/psa-2019-02-19 ∗∗∗ Vuln: SolarWinds Orion Network Performance Monitor (NPM) CVE-2019-8917 Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107061 ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0150 ∗∗∗ IBM Security Bulletin: Directory traversal vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-2006) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-directory-traversal-v… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-8931 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a CVE-2018-1901 vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem 840 and 900 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem V840 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.02.2019
by Daily end-of-shift report 18 Feb '19

18 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-02-2019 18:00 − Montag 18-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Finding Property Values in Office Documents, (Sat, Feb 16th) ∗∗∗ --------------------------------------------- In diary entry "Maldoc Analysis of the Weekend", I use the strings method explained in diary entry "Quickie: String Analysis is Still Useful" to quickly locate the PowerShell command hidden in a malicious Word document. --------------------------------------------- https://isc.sans.edu/diary/rss/24652 ∗∗∗ Distributing Malware - one "Word" at a Time ∗∗∗ --------------------------------------------- Using Microsoft Word to distribute malware is a common tactic used by criminals. Given the popularity of Word, criminals can often "live off the land" and use mechanisms that are already in place to do their dirty work. --------------------------------------------- https://www.gdatasoftware.com/blog/2019/02/31429-distributing-malware-word ∗∗∗ A Deep Dive on the Recent Widespread DNS Hijacking Attacks ∗∗∗ --------------------------------------------- The U.S. government - along with a number of leading security companies - recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the [...] --------------------------------------------- https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dn… ∗∗∗ IT-Grundschutz-Kompendium Edition 2019 erschienen ∗∗∗ --------------------------------------------- Ab sofort steht das IT-Grundschutz-Kompendium in der neuen Edition 2019 zur Verfügung. In dieser Edition sind insgesamt 94 IT-Grundschutz-Bausteine enthalten, 14 Bausteine sind zu neuen Themen aufgenommen worden. Das IT-Grundschutz-Kompendium ist auf die Sicherheitsanforderungen in Unternehmen und Behörden zugeschnitten. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/IT-Grundschutz-Ko… ∗∗∗ Exploit Code Published for Recent Container Escape Vulnerability ∗∗∗ --------------------------------------------- Proof-of-concept (PoC) code is now publicly available for a recently disclosed container escape vulnerability impacting popular cloud platforms, including AWS, Google Cloud, and numerous Linux distributions. read more --------------------------------------------- https://www.securityweek.com/exploit-code-published-recent-container-escape… ∗∗∗ Sinking a ship and hiding the evidence ∗∗∗ --------------------------------------------- Our earlier work on Voyage Data Recorder manipulation got us thinking about how a malicious individual or organisation might bring about the demise of a ship and hide the evidence. There are plenty of ways to get malware on to a ship. Whether it’s via satcoms, phishing, USB, crew Wi-Fi, dodgy DVDs etc. Now the [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/sinking-a-ship-and-hiding-the… ∗∗∗ Different 'smart' lock, similar security issues ∗∗∗ --------------------------------------------- I was looking through Amazon and found this padlock at the cheaper end of the scale. For twenty of my well-earnt English pounds I could become the owner of a new and shiny SLOK lock. Image credit: Amazon It can be unlocked by BLE and can be shared to others, what could I do but [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/different-smart-lock-similar-… ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2019-0001 ∗∗∗ --------------------------------------------- VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0001.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (cairo, firefox, flatpak, hiawatha, and webkit2gtk), Debian (gsoap, mosquitto, php5, thunderbird, and tiff), Fedora (elfutils, ghostscript, gsi-openssh, kernel, kernel-headers, kernel-tools, kf5-kauth, mingw-podofo, mingw-poppler, mosquitto, podofo, and python-markdown2), Mageia (firefox, flash-player-plugin, lxc, and thunderbird), openSUSE (avahi, docker, libu2f-host, LibVNCServer, nginx, phpMyAdmin, and pspp, spread-sheet-widget), Red Hat [...] --------------------------------------------- https://lwn.net/Articles/780076/ ∗∗∗ Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019 ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Information Leakage Vulnerability on Some Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190218-… ∗∗∗ D-LINK Router DIR-823G: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0147 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.02.2019
by Daily end-of-shift report 15 Feb '19

15 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-02-2019 18:00 − Freitag 15-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cryptojacking Coinhive Miners Land on the Microsoft Store For the First Time ∗∗∗ --------------------------------------------- A batch of eight potentially unwanted applications (PUAs) were found on the Microsoft Store dropping malicious Monero (XMR) Coinhive cryptomining scripts, delivered with the help of Googles legitimate Google Tag Manager (GTM) library. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cryptojacking-coinhive-miner… ∗∗∗ Demystifying the crypter used in Emotet, Qbot, and Dridex ∗∗∗ --------------------------------------------- A crypter is software that can encrypt, obfuscate, and manipulate malware to make it harder to detect by security programs. The Zscaler ThreatLabZ research team recently spotted a common crypter being used in the recent Emotet, Qbot, and Dridex campaigns. This same crypter was observed in some of the Ursnif and BitPaymer campaigns as well. --------------------------------------------- https://www.zscaler.com/blogs/research/demystifying-crypter-used-emotet-qbo… ∗∗∗ Many ICS Vulnerability Advisories Contain Errors: Report ∗∗∗ --------------------------------------------- Roughly one-third of the ICS-specific vulnerability advisories published in 2018 contained basic factual errors, including when describing and rating the severity of a flaw, according to the 2018 Year in Review report published on Thursday by industrial cybersecurity firm Dragos. --------------------------------------------- https://www.securityweek.com/many-ics-vulnerability-advisories-contain-erro… ∗∗∗ Facebook Login Phishing Campaign ∗∗∗ --------------------------------------------- A falsely reported bug in the Myki Auto-Fill functionality led us to discover a phishing campaign that even the most vigilant users could fall for. --------------------------------------------- https://myki.com/blog/facebook-login-phishing-campaign/ ∗∗∗ Sicherheitsupdate schließt Angriffspunkte in Thunderbird ∗∗∗ --------------------------------------------- Schwachstellen in der Grafik-Bibliothek Skia gefährden Thunderbird. Die aktuelle Version ist abgesichert. --------------------------------------------- http://heise.de/-4310283 ∗∗∗ Dirty Sock: Canonical schließt Sicherheitslücke in Paketverwaltung Snap ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in Canonicals Paketverwaltung Snap ermöglichte normalen Benutzern Root-Rechte. Eine abgesicherte Version ist mittlerweile verfügbar. --------------------------------------------- http://heise.de/-4309424 ∗∗∗ Vulnerabilities Patched in WP Cost Estimation Plugin ∗∗∗ --------------------------------------------- At the end of January, Wordfence security analysts identified attackers exploiting vulnerabilities in outdated versions of the commercial plugin WP Cost Estimation & Payment Forms Builder, or WP Cost Estimation for short. These flaws were found and patched by the developer a few months ago, but no official public disclosure was made at the time. --------------------------------------------- https://www.wordfence.com/blog/2019/02/vulnerabilities-patched-in-wp-cost-e… ∗∗∗ Oracle MAF store bypass, a how-to ∗∗∗ --------------------------------------------- On a recent assignment I was asked to look at the security of a cloud-based solution for expenses, the Oracle® ExpensesCloud with Fusion applications. It was being used for employees to create/save/edit/submit claims to the employer. TL;DR Having default hardcoded credentials allows an attacker effortless compromise of the credentialed action. --------------------------------------------- https://www.pentestpartners.com/security-blog/oracle-maf-store-bypass-a-how… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr and unbound), Fedora (docker, libexif, and runc), openSUSE (mozilla-nss, python, rmt-server, and thunderbird), Slackware (mozilla), and SUSE (couchdb, dovecot23, kvm, nodejs6, php53, podofo, python-PyKMIP, rubygem-loofah, util-linux, and velum). --------------------------------------------- https://lwn.net/Articles/779933/ ∗∗∗ IBM Security Bulletin: Weaker than expected security in WebSphere Application Server with SP800-131 transition mode (CVE-2018-1996) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weaker-than-expected-… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Java vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities were identified in Node.js that affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Linux kernel vulnerability CVE-2018-15594 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26301924 ∗∗∗ Schwachstelle in gpsd und microjson erlaubt Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0144 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.02.2019
by Daily end-of-shift report 14 Feb '19

14 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-02-2019 18:00 − Donnerstag 14-02-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Shlayer Malware Disables macOS Gatekeeper to Run Unsigned Payloads ∗∗∗ --------------------------------------------- A new variant of the multi-stage Shlayer malware known to target macOS users has been observed in the wild, now being capable to escalate privileges using a two-year-old technique and to disable the Gatekeeper protection mechanism to run unsigned second stage payloads. --------------------------------------------- https://www.bleepingcomputer.com/news/security/shlayer-malware-disables-mac… ∗∗∗ Firefox, Firefox ESR und Tor Browser rüsten sich gegen Schadcode ∗∗∗ --------------------------------------------- Mozilla und die Entwickler des Tor Browsers haben in aktuellen Versionen mehrere mit dem Bedrohungsgrad "hoch" eingestufte Lücken geschlossen. --------------------------------------------- http://heise.de/-4308974 ∗∗∗ Kauf von Welpen und Tierbabys auf adiso.at nicht ratsam ∗∗∗ --------------------------------------------- Konsument/innen finden auf adiso.at Hundewelpen und Tierbabys unterschiedlichster Rassen. Die abgebildeten Tierfotos verlocken zwar zu einem Kauf, doch davon ist dringend abzuraten. Personen, die sich für einen Welpen entscheiden, müssen meist vorab Geld bezahlen ohne den Hund gesehen zu haben. Es kommt immer wieder zu weiteren Geldforderungen, bis die Opfer begreifen, dass es die Welpen gar nicht gibt. --------------------------------------------- https://www.watchlist-internet.at/news/kauf-von-welpen-und-tierbabys-auf-ad… ∗∗∗ Betrug auf insboote.eu und ltnagro.eu ∗∗∗ --------------------------------------------- Auf der Website insboote.eu können Konsument/innen Boote und auf der Website ltnagro.eu Bau- oder Landmaschinen kaufen. Die Bezahlung der Ware ist nur im Voraus möglich. Käufer/innen, die das Geld für die Maschinen bezahlen, verlieren es, denn es kommt zu keiner Übergabe --------------------------------------------- https://www.watchlist-internet.at/news/betrug-auf-insbooteeu-und-ltnagroeu/ ===================== = Vulnerabilities = ===================== ∗∗∗ Entity Registration - Critical - Multiple Vulnerabilities - SA-CONTRIB-2019-017 ∗∗∗ --------------------------------------------- Project: Entity RegistrationDate: 2019-February-13Security risk: Critical 18∕25 AC:Basic/A:None/CI:Some/II:Some/E:Exploit/TD:DefaultVulnerability: Multiple Vulnerabilities Description: This module enables you to take registrations for events, gathering information from registrants including email address and any other questions you wish to configure.In some cases, an anonymous user may view, edit, or delete other anonymous registrations by guessing the URL of that registration based on a [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2019-017 ∗∗∗ OAuth 2.0 Client Login (Single Sign-On) - Critical - Multiple Vulnerabilities - SA-CONTRIB-2019-016 ∗∗∗ --------------------------------------------- Project: OAuth 2.0 Client Login (Single Sign-On)Date: 2019-February-13Security risk: Critical 17∕25 AC:Basic/A:None/CI:Some/II:Some/E:Proof/TD:AllVulnerability: Multiple Vulnerabilities Description: This module enables you to allow login into the Drupal websites through an external provider over the OAuth 2.0 protocol.The module sets a Drupal variable used for redirection based on unsanitised user input, leading to an Open Redirect vulnerability. It also fails to sanitise user input [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2019-016 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python-gnupg), Mageia (avahi, dom4j, gvfs, kauth, libwmf, logback, mad, python, python-django, and radvd), openSUSE (curl, haproxy, lua53, python-slixmpp, runc, spice, and uriparser), Red Hat (flash-plugin), Slackware (mozilla), and SUSE (build and docker-runc). --------------------------------------------- https://lwn.net/Articles/779810/ ∗∗∗ Synology-SA-19:06 Docker ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary commands via a susceptible version of Docker. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_06 ∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0142 ∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager and IBM Enterprise Content Management Text Search security vulnerability in Apache PDFBox ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-filenet-content-m… ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerability Can Affect IBM Sterling Order Management (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-commons-fileup… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.02.2019
by Daily end-of-shift report 13 Feb '19

13 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-02-2019 18:00 − Mittwoch 13-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 13 Popular Wireless Hacking Tools [Updated for 2019] ∗∗∗ --------------------------------------------- Introduction to 13 Popular Wireless Hacking Tools Internet is now the basic need of our daily life. With the increasing use of smartphones, most of the things are now online. Every time we have to do something, we just use our smartphone or desktop. This is the reason wi-fi hotspots can be found everywhere. People also [...] --------------------------------------------- https://resources.infosecinstitute.com/13-popular-wireless-hacking-tools/ ∗∗∗ Siemens Warns of Critical Remote-Code Execution ICS Flaw ∗∗∗ --------------------------------------------- The affected SICAM 230 process control system is used as an integrated energy system for utility companies, and as a monitoring system for smart-grid applications. --------------------------------------------- https://threatpost.com/siemens-critical-remote-code-execution/141768/ ∗∗∗ Fake Updates campaign still active in 2019 ∗∗∗ --------------------------------------------- Last week on 2019-02-06, @baberpervez2 tweeted about a compromised website used by the Fake Updates campaign (link to tweet). The Fake Updates campaign uses compromised websites that generate traffic to a fake update page. The type of fake update page depends on your web browser. Victims would see a fake Flash update page when using Internet Explorer, a fake Chrome update page when using Google Chrome, or a fake Firefox update page when using Firefox. --------------------------------------------- https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+201… ∗∗∗ Patchday: Attacken gegen Internet Explorer ∗∗∗ --------------------------------------------- Microsoft hat wichtige Sicherheitsupdates für Office, Windows & Co. veröffentlicht. Mehre Schwachstellen gelten als kritisch. --------------------------------------------- http://heise.de/-4307548 ∗∗∗ Patchday: Adobe schützt ColdFusion und Reader vor Schadcode ∗∗∗ --------------------------------------------- Adobe Acrobat, ColdFusion und Reader sind über kritische Sicherheitslücken angreifbar. Updates schaffen Abhilfe. --------------------------------------------- http://heise.de/-4307619 ∗∗∗ Patchday: SAP stopft kritische Lücken im Software-Portfolio ∗∗∗ --------------------------------------------- Der deutsche Softwarehersteller SAP hat wichtige Sicherheitsupdates für zum Beispiel Commerce und BW/4HANA veröffentlicht. --------------------------------------------- http://heise.de/-4308113 ∗∗∗ Xiaomi-Scooter lässt sich über Bluetooth kapern ∗∗∗ --------------------------------------------- Unbefugte können den Xiaomi M365 stoppen oder beschleunigen, was für den Fahrer lebensgefährlich ist. Auch andere Marken könnten betroffen sein. --------------------------------------------- http://heise.de/-4307588 ∗∗∗ Phishing-Welle: Warnung vor falschen Microsoft-Mails und Telekom-Rechnungen ∗∗∗ --------------------------------------------- Gefälschte Microsoft-E-Mails, die den Trojaner Emotet verbreiten, sowie vermeintliche Telekom-Rechnungen sind im Umlauf. --------------------------------------------- http://heise.de/-4308122 ∗∗∗ Kein Geld an vermeintliche Airbnb-Agent/innen ins Ausland zahlen! ∗∗∗ --------------------------------------------- Wohnungssuchende stoßen bei Immobilienplattformen auf unglaublich günstige Inserate. Konsument/innen, die Kontakt aufnehmen, erhalten von Vermieter/innen schnell positive Rückmeldung. Da diese sich im Ausland befinden, soll Airbnb für Schlüsselübergabe und Besichtigungstermin als Treuhand fungieren. Konsument/innen dürfen nichts überweisen! Die Inserate sind gefälscht und das Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/kein-geld-an-vermeintliche-airbnb-ag… ===================== = Vulnerabilities = ===================== ∗∗∗ OSIsoft PI Vision ∗∗∗ --------------------------------------------- This advisory includes mitigations for a cross-site scripting vulnerability in OSIsofts PI Vision web page application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-043-01 ∗∗∗ Security Advisory for Malware on QTS ∗∗∗ --------------------------------------------- A recently reported malware is known to affect QNAP NAS devices. We are currently analyzing the malware and will provide the solution as soon as possible. --------------------------------------------- https://www.qnap.com/en/security-advisory/nas-201902-13 *** Security updates for Wednesday *** --------------------------------------------- Security updates have been issued by Arch Linux (aubio, curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-gnutls, libu2f-host, python-django, python2-django, rdesktop, and runc), Debian (flatpak), Fedora (flatpak, pdns-recursor, rdesktop, tomcat, and xerces-c27), Mageia (cinnamon, docker, dovecot, golang, java-1.8.0-openjdk, jruby, libarchive, libgd, libtiff, libvncserver, opencontainers-runc, openssh, python-marshmallow, thunderbird, and transfig), openSUSE (python-slixmpp), Oracle (kernel), Red Hat (redhat-virtualization-host), Slackware (lxc), SUSE (curl, firefox, LibVNCServer, nginx, php7, python-numpy, runc, SMS3.2, and thunderbird), and Ubuntu (gvfs, python-django, snapd, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/779719/ ∗∗∗ D-LINK Router: Schwachstelle ermöglicht Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0140 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – fluentd ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM Rational ClearCase GIT connector password exposure (CVE-2019-4059) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-rational-clearcas… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-enterprise-content-ma… ∗∗∗ IBM Security Bulletin: IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a GPFS vulnerability (CVE-2018-1783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in Ansible shipped with Data Science Experience Local ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: IBM Data Science Experience Local is affected by continuous traffic to a US Softlayer server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-data-science-expe… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.02.2019
by Daily end-of-shift report 12 Feb '19

12 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 11-02-2019 18:00 − Dienstag 12-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Offensive USB Cable Allows Remote Attacks over WiFi ∗∗∗ --------------------------------------------- Like a scene from a James Bond or Mission Impossible movie, a new offensive USB cable plugged into a computer could allow attackers to execute commands over WiFi as if they were using the computers keyboard. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-offensive-usb-cable-allo… ∗∗∗ Runc: Sicherheitslücke ermöglicht Übernahme von Container-Host ∗∗∗ --------------------------------------------- Eine Sicherheitslücke ermöglicht es, dass Software aus einem Container ausbricht. Die Ausführungsumgebung Runc, mit der Container gestartet werden, kann überschrieben und so der Host übernommen werden. Docker und viele andere Lösungen sind verwundbar. --------------------------------------------- https://www.golem.de/news/runc-sicherheitsluecke-ermoeglicht-uebernahme-von… ∗∗∗ Prozessor-Sicherheit: Intels sichere Software-Enklave SGX wurde geknackt ∗∗∗ --------------------------------------------- Die Forscher hinter Meltdown und Spectre können Intel Software Guard Extensions missbrauchen, um Schadcode vor dem Administrator des Systems zu verstecken. --------------------------------------------- http://heise.de/-4306965 ∗∗∗ Presseaussendung: Watchlist Internet warnt vor Identitätsdiebstahl mit Ausweiskopien ∗∗∗ --------------------------------------------- Die Watchlist Internet (www.watchlist-internet.at), Österreichs zentrale Informationsplattform zu Internet-Betrug und Online-Fallen, warnt vor vermehrtem Betrug mit Ausweiskopien. Kriminelle nutzen diesen Identitätsdiebstahl immer häufiger, um Straftaten in fremdem Namen zu begehen. Die Watchlist erklärt, wie Konsumenten dennoch Ausweiskopien bei seriösen Geschäften versenden können, ohne Betrügern in die Falle zu gehen. --------------------------------------------- https://www.watchlist-internet.at/presse/12022019-presseaussendung-watchlis… ∗∗∗ In eine Shopping-Falle getappt? Hier gibt’s nützliche Tipps! ∗∗∗ --------------------------------------------- Im Internet werben unzählige Shops, die angebliche Markenware zu sehr günstigen Preisen anbieten, um Kund/innen. Trotz .at- oder .de-Domains haben die Websites Ihren Sitz etwa in China. Die versendeten Waren sind gefälscht, qualitativ minderwertig und werden häufig vom Zoll beschlagnahmt. Zusätzlich gelangen Kriminelle an Kreditkartendaten ihrer Opfer. --------------------------------------------- https://www.watchlist-internet.at/news/in-eine-shopping-falle-getappt-hier-… ∗∗∗ WordPress plugin flaw lets you take over entire sites ∗∗∗ --------------------------------------------- Vulnerability found in social sharing plugin named "Simple Social Buttons," installed on more than 40,000 WordPress sites. --------------------------------------------- https://www.zdnet.com/article/wordpress-plugin-flaw-lets-you-take-over-enti… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB19-06), Adobe ColdFusion (APSB19-10), Adobe Acrobat and Reader (APSB19-07) and Adobe Creative Cloud Desktop Application (APSB19-11). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1705 ∗∗∗ Cisco Network Assurance Engine CLI Access with Default Password Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Joomla 3.9.3 Release ∗∗∗ --------------------------------------------- Joomla 3.9.3 is now available. This is a security fix release for the 3.x series of Joomla which addresses 6 security vulnerabilities and contains 30 bug fixes and improvements. --------------------------------------------- https://www.joomla.org/announcements/release-news/5756-joomla-3-9-3-release… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, dovecot, firefox, and spice), Debian (curl, php5, rssh, and wordpress), Fedora (curl, ghostscript, mingw-libconfuse, and radvd), openSUSE (java-11-openjdk and python-urllib3), Red Hat (chromium-browser and kernel), and SUSE (etcd and kernel). --------------------------------------------- https://lwn.net/Articles/779543/ ∗∗∗ SAP Security Patch Day 2019 ∗∗∗ --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 ∗∗∗ ZDI-19-178: Cisco WebEx Recorder and Player asplayback Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-178/ ∗∗∗ Linux kernel vulnerability CVE-2018-17972 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K27673650 ∗∗∗ Siemens Security Advisories ∗∗∗ --------------------------------------------- https://new.siemens.com/global/en/products/services/cert.html#SecurityPubli… https://cert-portal.siemens.com/productcert/txt/ssa-505225.txt https://cert-portal.siemens.com/productcert/txt/ssa-760124.txt https://cert-portal.siemens.com/productcert/txt/ssa-104088.txt https://cert-portal.siemens.com/productcert/txt/ssa-275839.txt https://cert-portal.siemens.com/productcert/txt/ssa-284673.txt https://cert-portal.siemens.com/productcert/txt/ssa-346262.txt https://cert-portal.siemens.com/productcert/txt/ssa-179516.txt https://cert-portal.siemens.com/productcert/txt/ssa-168644.txt https://cert-portal.siemens.com/productcert/txt/ssa-268644.txt https://cert-portal.siemens.com/productcert/txt/ssa-347726.txt https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt https://cert-portal.siemens.com/productcert/txt/ssa-377318.txt https://cert-portal.siemens.com/productcert/txt/ssa-579309.txt https://cert-portal.siemens.com/productcert/txt/ssa-635129.txt https://cert-portal.siemens.com/productcert/txt/ssa-845879.txt https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Cloud Foundry (CVE-2018-15761) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities(CVE-2016-10009, CVE-2016-6515, CVE-2016-6210, CVE-2017-6464, CVE-2017-6463) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileg… ∗∗∗ IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple IBM WebSphere Application Server vulnerabilities(CVE-2017-1137, CVE-2018-1567, CVE-2017-1194) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileg… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.02.2019
by Daily end-of-shift report 11 Feb '19

11 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 08-02-2019 18:00 − Montag 11-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ First CryptoCurrency Clipboard Hijacker Found on Google Play Store ∗∗∗ --------------------------------------------- Researchers last week found the first Android app on the Google Play store that monitors a devices clipboard for Bitcoin and Ethereum addresses and swaps them for addresses under the attackers control. This allows the attackers to steal any payments you make without your knowledge that you sent it to the wrong address. --------------------------------------------- https://www.bleepingcomputer.com/news/security/first-cryptocurrency-clipboa… ∗∗∗ Vernetzte Kühlschränke lassen sich mit Passwort 1234 abschalten ∗∗∗ --------------------------------------------- Ein Hersteller von Systemen zur Temperaturkontrolle hat einen schweren Fehler begangen. --------------------------------------------- https://futurezone.at/digital-life/vernetzte-kuehlschraenke-lassen-sich-mit… ∗∗∗ Security: Qnap-NAS-Systeme von unbekannter Malware betroffen ∗∗∗ --------------------------------------------- Besitzer von TS-251+-NAS-Geräten berichten von merkwürdigen Einträgen in der Hosts-Datei durch Malware, die das Aktualisieren und Installieren von Antivirensoftware verhindern. Erst auf Nachfrage stellt Qnap einen Fix bereit. Nutzer wundern sich über dessen Trägheit in der Sache. --------------------------------------------- https://www.golem.de/news/security-qnap-nas-systeme-von-unbekannter-malware… ∗∗∗ Windows App Runs on Mac, Downloads Info Stealer and Adware ∗∗∗ --------------------------------------------- We found an EXE application that specifically runs on Mac to download an adware and info stealer, sidestepping built-in protection systems on the platform such as Gatekeeper. We suspect the cybercriminals developing this routine as an evasion technique for damaging infections and attacks in the future as our telemetry showed the highest numbers to be in the UK, Australia, Armenia, Luxembourg, South Africa and the US. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/windows-app-run… ∗∗∗ Netzwerkhelferlein von Cisco: Mittels Standard-Kennwort zum Neustart ∗∗∗ --------------------------------------------- Cisco hat wichtige Sicherheitsupdates für verschiedene Produkte veröffentlicht. Keine Lücke gilt als kritisch. --------------------------------------------- http://heise.de/-4303894 ∗∗∗ The Race to the Bottom of Credential Stuffing Lists; Collections #2 Through #5 (and More) ∗∗∗ --------------------------------------------- A race to the bottom is a market condition in which there is a surplus of a commodity relative to the demand for it. Often the term is used to describe labour conditions (workers versus jobs), and in simple supply and demand terms, once theres so much of something all [...] --------------------------------------------- https://www.troyhunt.com/the-race-to-the-bottom-of-credential-stuffing-list… ∗∗∗ Sorry, Adobe Reader, Were Not Letting You Phone Home Without Users Consent (0day) ∗∗∗ --------------------------------------------- by Mitja Kolsek, the 0patch TeamToday well look at a fairly simple vulnerability in Adobe Reader DC that allows a PDF document automatically send an SMB request to attackers server as soon as the document is opened. The vulnerability was published by Alex Inführ along with a proof-of-concept in a detailed report on Alexs blog and hasnt been patched at the time of this writing. --------------------------------------------- https://blog.0patch.com/2019/02/sorry-adobe-reader-were-not-letting-you.html ∗∗∗ installateur-mg.at ist nicht vertrauenswürdig! ∗∗∗ --------------------------------------------- Konsument/innen, die auf der Suche nach einem Installateursunternehmen sind, stoßen womöglich auf installeur-mg.at. Dort bewerben Kriminelle ein schnelles und kostengünstiges 24h-Notservice. Konsument/innen sollten die Dienste nicht in Anspruch nehmen! Es entstehen extrem hohe Kosten, die entgegen Behauptungen auf der Website sofort in bar bezahlt werden müssen. Die vorgenommenen Arbeiten sind teils mangelhaft. --------------------------------------------- https://www.watchlist-internet.at/news/installateur-mgat-ist-nicht-vertraue… ∗∗∗ New TLS encryption-busting attack also impacts the newer TLS 1.3 ∗∗∗ --------------------------------------------- Researchers discover yet another Bleichenbacher attack variation (yawn!). --------------------------------------------- https://www.zdnet.com/article/new-tls-encryption-busting-attack-also-impact… ===================== = Vulnerabilities = ===================== ∗∗∗ Django security releases issued: 2.1.6, 2.0.11 and 1.11.19 ∗∗∗ --------------------------------------------- In accordance with our security release policy, the Django team is issuing Django 1.11.19, Django 2.1.6, and Django 2.0.11. These releases addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. --------------------------------------------- https://www.djangoproject.com/weblog/2019/feb/11/security-releases/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript, spice, spice-server, and thunderbird), Debian (coturn, freerdp, ghostscript, libreoffice, libu2f-host, mosquitto, and openssh), Fedora (buildbot, java-1.8.0-openjdk, java-11-openjdk, phpMyAdmin, slurm, and spice), openSUSE (python3 and rsyslog), Red Hat (docker and runc), SUSE (avahi, fuse, and LibVNCServer), and Ubuntu (poppler). --------------------------------------------- https://lwn.net/Articles/779467/ ∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001 ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2019-6212 Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before2.22.4. Credit to an anonymous researcher. Processing maliciously crafted web content may lead to arbitrary code execution. --------------------------------------------- https://webkitgtk.org/security/WSA-2019-0001.html ∗∗∗ IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by an Apache Derby open source library vulnerability (CVE-2015-1832) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-change… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is affected by a Reflected XSS (Cross-Site Scripting) vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-govern… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 – July 2018 & October 2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Java SDK affect IBM b-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Java SDK affect IBM b-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ Advanced Cloud Paks are vulnerable to multiple issues with in the Systemd package (CVE-2018-16866 CVE-2018-16864 CVE-2018-16865) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is potentially vulnerable to XML External Entity Injection (XXE) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-inform… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.02.2019
by Daily end-of-shift report 08 Feb '19

08 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-02-2019 18:00 − Freitag 08-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ The Anatomy of Website Malware: An Introduction ∗∗∗ --------------------------------------------- We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose of this blog post series is to provide an overview of the most common infection categories and types of website malware. Are you interested in how backdoors, injectors, hacktools, .. --------------------------------------------- https://blog.sucuri.net/2019/02/the-anatomy-of-website-malware-an-introduct… ∗∗∗ Remote Code Execution via Path Traversal in the Device Metadata Authoring Wizard ∗∗∗ --------------------------------------------- Attackers can use the .devicemanifest-ms and .devicemetadata-ms file extensions for remote code execution in phishing scenarios when the Windows Driver Kit is installed on a victim’s machine. This is possible because the Windows Driver Kit installer installs .. --------------------------------------------- https://posts.specterops.io/remote-code-execution-via-path-traversal-in-the… ∗∗∗ LifeSize: Videokonferenzsysteme erlauben Zugriff per Default-Account ∗∗∗ --------------------------------------------- Vier Videokonferenz-Produkte von LifeSize bringen neben Firmware-Schwachstellen auch einen Support-Account mit Default-Login mit. Nutzer sollten zügig handeln. --------------------------------------------- http://heise.de/-4301951 ∗∗∗ First clipper malware discovered on Google Play ∗∗∗ --------------------------------------------- Cryptocurrency stealers that replace a wallet address in the clipboard are no .. --------------------------------------------- http://feedproxy.google.com/~r/eset/blog/~3/hENbeA5W9fg/ ∗∗∗ Super-systemic IoT flaws ∗∗∗ --------------------------------------------- IoT security flaws were always systemic: by that I mean that if I find a flaw in my smart thermostat, it affects ALL of those thermostats. A security problem with one connected .. --------------------------------------------- https://www.pentestpartners.com/security-blog/super-systemic-iot-flaws/ ∗∗∗ Threat Brief: Understanding Domain Generation Algorithms (DGA) ∗∗∗ --------------------------------------------- Intro One of the most important “innovations” in malware in the past decade is what’s called a Domain Generation Algorithm (“DGA”)”. DGA is an automation technique that attackers use to make it harder for defenders to protect against attacks. While DGA has .. --------------------------------------------- https://unit42.paloaltonetworks.com/threat-brief-understanding-domain-gener… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot and libarchive), Fedora (gvfs and poppler), openSUSE (openssl-1_1 and subversion), Oracle (kernel), Slackware (php), SUSE (avahi, docker, libunwind, LibVNCServer, and spice), and Ubuntu (linux-azure and openssh). --------------------------------------------- https://lwn.net/Articles/779299/ ∗∗∗ Siemens SICAM A8000 RTU Series ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-038-01 ∗∗∗ Siemens EN100 Ethernet Module ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-038-02 ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/02/07/Apple-Releases-Mul… ∗∗∗ IBM Security Bulletin: IBM i2 Intelligent Analyis Platform is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i2-intelligent-an… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.02.2019
by Daily end-of-shift report 07 Feb '19

07 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-02-2019 18:00 − Donnerstag 07-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Researcher reveals huge Mac password flaw to protest Apple bug bounty ∗∗∗ --------------------------------------------- Apples operating systems have recently had more than their fair share of serious security issues, and the latest problem will be enough to rattle millions of Mac users. Previously credible researcher Linuz Henze has revealed an exploit that in one button press can reveal the passwords in a Mac’s keychain. --------------------------------------------- https://venturebeat.com/2019/02/06/researcher-reveals-huge-mac-password-fla… ∗∗∗ Weiterer Workaround von Microsoft für verwundbare Exchange-Server ∗∗∗ --------------------------------------------- Bis ein Patch für Microsoft Exchange verfügbar ist, soll ein Notbehelf die Ausnutzung der in allen Versionen bestehenden Sicherheitslücke verhindern. --------------------------------------------- http://heise.de/-4300374 ∗∗∗ Gefälschte autoscout24.at-SMS stiehlt Daten ∗∗∗ --------------------------------------------- Kriminelle senden eine gefälschte autoscout24.at-SMS an Nutzer/innen der Plattform. Darin behaupten sie fälschlicherweise, dass Inserent/innen ihr Verkaufsangebot zweimal mit unterschiedlichen Preisen veröffentlicht haben. Aus diesem Grund sollen sie ihre Angaben auf einer fremden Website überprüfen. Das führt zu einem Datendiebstahl durch die Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-autoscout24at-sms-stiehl… ∗∗∗ Identitätsdiebstahl durch Umfrage auf prophylactus.com ∗∗∗ --------------------------------------------- prophylactus.com gibt vor, ein Marktforschungsinstitut zu sein. Konsument/innen sollen sich registrieren, um von zu Hause aus bis zu 50 Euro pro Stunde verdienen zu können. Achtung: Internetnutzer/innen dürfen sich nicht anmelden und an keinen Umfragen teilnehmen. Es handelt sich um versuchten Identitätsdiebstahl, der schwere Folgen für Betroffene haben kann. --------------------------------------------- https://www.watchlist-internet.at/news/identitaetsdiebstahl-durch-umfrage-a… ∗∗∗ Bitcoin-Erpressungsmail mit Nacktbildern ∗∗∗ --------------------------------------------- Aktuell häufen sich betrügerische E-Mails von einem "anonymen Hacker". Der Sender hat angeblich intimes Videomaterial von Ihnen, das er an Freund/innen, Bekannte und Familie weiterleitet, sollte kein Schweigegeld in Form von Bitcoins überweisen werden. Im Anhang finden Sie veröffentlichte Nacktbilder von bisherigen Opfern, die der Forderung nicht nachgekommen sind. Ignorieren Sie E-Mails dieser Art! Das besagte Video existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressungsmail-mit-nacktbil… ∗∗∗ Hacker group uses Google Translate to hide phishing sites ∗∗∗ --------------------------------------------- New phishing technique looks silly on desktops but may have a fighting chance on mobile devices. --------------------------------------------- https://www.zdnet.com/article/hacker-group-uses-google-translate-to-hide-ph… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, golang, libthrift-java, mumble, netmask, python3.4, and rssh), openSUSE (python-python-gnupg), Oracle (kernel), Scientific Linux (thunderbird), Slackware (curl), SUSE (firefox, python, and rmt-server), and Ubuntu (curl, libarchive, and libreoffice). --------------------------------------------- https://lwn.net/Articles/779192/ ∗∗∗ BlackBerry powered by Android Security Bulletin – February 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ HPESBUX03908 rev.1 - HP-UX Web Server Suite running Apache on HP-UX 11iv3, Multiple Remote Vulnerabilities. ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBUX03909 rev.1 - HP-UX Web Server Suite running Apache on HP-UX 11iv3, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ IBM Security Bulletin: IBM i2 Enterprise Insight Analysis. CVE-2018-12539 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i2-enterprise-ins… ∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used… ∗∗∗ IBM Security Bulletin: MaaS360 has identified a vulnerability in the MaaS360 iOS Application. (CVE-2018-1960) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-maas360-has-identifie… ∗∗∗ IBM Security Bulletin: OpenJPA as used in IBM QRadar SIEM is vulnerable to remote code execution. (CVE-2013-1768) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openjpa-as-used-in-ib… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM uses outdated hash algorithms. (CVE-2017-1695) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-uses-… ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x affected by vulnerability CVE-2017-1231 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-5-x… ∗∗∗ IBM Security Bulletin: BigFix Compliance (TEMA SUAv1 SCA SCM) affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-compliance-tem… ∗∗∗ Java SE vulnerability CVE-2018-3139 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65481741 ∗∗∗ Java SE vulnerability CVE-2018-3136 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16940442 ∗∗∗ Java SE vulnerability CVE-2018-3211 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04224795 ∗∗∗ Java SE vulnerability CVE-2018-3214 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K86075480 ∗∗∗ TLS in Mozilla NSS vulnerability CVE-2018-12404 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10281096 ∗∗∗ Java SE vulnerabilities CVE-2018-3149, CVE-2018-3169, and CVE-2018-3209 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K50394032 ∗∗∗ Java SE vulnerability CVE-2018-3180 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30503705 ∗∗∗ Oracle Java SE vulnerability CVE-2018-11212 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K63404203 ∗∗∗ BIG-IP SNMP vulnerability CVE-2018-15328 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42027747 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.02.2019
by Daily end-of-shift report 06 Feb '19

06 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-02-2019 18:00 − Mittwoch 06-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Nicht auf apfel-deals.com bestellen! ∗∗∗ --------------------------------------------- apfel-deals.com wirbt aktuell aktiv um Kundschaft. Im Angebot hat der Shop den Großteil des Apple-Produktsortiments, wie zum Beispiel iPhones, MacBooks, iPads und die Apple Watch. Achtung: Die Preise sind zwar verlockend, doch es handelt sich um einen Fake-Shop, der keine Waren liefert. Konsument/innen zahlen per Vorkasse und verlieren dadurch ihr Geld an Kriminelle! --------------------------------------------- https://www.watchlist-internet.at/news/nicht-auf-apfel-dealscom-bestellen/ ∗∗∗ SuperBoost Wifi hält nicht, was es verspricht! ∗∗∗ --------------------------------------------- Auf superboostwifi.com bewirbt die Firma Strong Current Enterprises Limited ein Gerät, das in der Lage sein soll, die Geschwindigkeitsbegrenzung von Internet-Verbindungen auszuhebeln. Tatsächlich handelt es sich beim SuperBoost Wifi Booster lediglich um einen vergleichsweise teuren WLAN-Repeater. Die Internet-Geschwindigkeit bleibt ein und dieselbe, nur die Reichweite wird verbessert. --------------------------------------------- https://www.watchlist-internet.at/news/superboost-wifi-haelt-nicht-was-es-v… ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA InduSoft Web Studio and InTouch Edge HMI ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for Missing Authentication for Critical Function and Resource Injection vulnerabilities reported in the AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) applications. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01 ∗∗∗ Rockwell Automation EtherNet/IP Web Server Modules ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability reported in the Rockwell Automation EtherNet/IP Web Server Modules. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-02 ∗∗∗ WECON LeviStudioU ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow, heap-based buffer overflow, and memory corruption vulnerabilities reported in WECONs LeviStudioU. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 ∗∗∗ Siemens SIMATIC S7-1500 CPU ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for uncontrolled resource consumption vulnerabilities reported in Siemens SIMATIC SV-1500 CPU. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-04 ∗∗∗ Kunbus PR100088 Modbus Gateway ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for improper authentication, missing authentication for critical function, and improper input validation vulnerabilities reported in the Kunbus PR100088 Modbus gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot and libav), openSUSE (kernel and krb5), Scientific Linux (thunderbird), SUSE (curl, lua53, python3, and spice), and Ubuntu (dovecot). --------------------------------------------- https://lwn.net/Articles/779098/ ∗∗∗ ZDI: (0day) Hewlett Packard Enterprise Intelligent Management Vulnerabilities ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-162/ http://www.zerodayinitiative.com/advisories/ZDI-19-172/ http://www.zerodayinitiative.com/advisories/ZDI-19-171/ http://www.zerodayinitiative.com/advisories/ZDI-19-170/ http://www.zerodayinitiative.com/advisories/ZDI-19-169/ http://www.zerodayinitiative.com/advisories/ZDI-19-168/ http://www.zerodayinitiative.com/advisories/ZDI-19-167/ http://www.zerodayinitiative.com/advisories/ZDI-19-166/ http://www.zerodayinitiative.com/advisories/ZDI-19-165/ http://www.zerodayinitiative.com/advisories/ZDI-19-164/ http://www.zerodayinitiative.com/advisories/ZDI-19-163/ ∗∗∗ Cisco Aironet Active Sensor Static Credentials Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Decryption Policy Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Business Suite Content Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Management Suite Simple Object Access Protocol Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Meeting Server SIP Processing Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Meeting Server Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Potential denial of service in WebSphere Application Server (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSL ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM SPSS Statistics is affected by CVE-2018-3139 and CVE-2018-3180 vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spss-statistics-i… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a vulnerability in Node.js (CVE-2018-12123) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY Reflected XSS in WebSphereSamISP ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1723) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a message injection vulnerability (CVE-2018-1666) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY WebSphere XSS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.02.2019
by Daily end-of-shift report 05 Feb '19

05 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 04-02-2019 18:00 − Dienstag 05-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Reverse RDP Attack: Code Execution on RDP Clients ∗∗∗ --------------------------------------------- Check Point Research recently discovered multiple critical vulnerabilities in the commonly used Remote Desktop Protocol (RDP) that would allow a malicious actor to reverse the usual direction of communication and infect the IT professional or security research’s computer. --------------------------------------------- https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-cl… ∗∗∗ Crooks Continue to Exploit GoDaddy Hole ∗∗∗ --------------------------------------------- Godaddy.com, the worlds largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddys fix hasnt gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal. --------------------------------------------- https://krebsonsecurity.com/2019/02/crooks-continue-to-exploit-godaddy-hole/ ∗∗∗ Vorsicht bei (zu) günstiger Markenware im Internet! ∗∗∗ --------------------------------------------- Auf der Suche nach dem großen Schnäppchen stoßen Konsument/innen häufig auf betrügerische Online-Shops, die Markenware zu schier unglaublichen Preisen anbieten. Hinter den Websites stecken oftmals Kriminelle, die gefälschte Produkte liefern oder es nur auf die Daten ihrer Opfer abgesehen haben. Hier erhalten Internetuser/innen nützliche Tipps, zum Einkauf im Internet, um Ärgernisse zu vermeiden! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-zu-guenstiger-markenwar… ∗∗∗ Warnung vor Nutresin - Herbapure Ear ∗∗∗ --------------------------------------------- Im Internet bewirbt der Molekularbiologe Prof. Karl Auer seine „makro-molekulare Formel" Nutresin - Herbapure Ear als Wundermittel gegen Hörverlust. Konsument/innen können Nutresin auf der Website yourmarket24.com bestellen. Die medizinische Wirkung der Ohrentropfen ist unklar. Aus diesem Grund ist von einer Bestellung des Mittels Nutresin dringend abzuraten. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-nutresin-herbapure-ear/ ===================== = Vulnerabilities = ===================== ∗∗∗ Kryptographische Schwachstellen in deutscher eGovernment Softwarekomponente ∗∗∗ --------------------------------------------- Die OSCI-Transport Bibliothek ist eine Softwarekomponente, welche von vielen deutschen Behörden eingesetzt wird, um Daten gemäß dem OSCI-Transport Protokoll sicher zu übertragen. Diese Java-Bibliothek war gegen zwei potentielle Angriffe anfällig, welche es einem Angreifer ermöglichten, einige Sicherheitsmaßnahmen zu umgehen. --------------------------------------------- https://www.sec-consult.com/blog/2019/02/kryptographische-schwachstellen-in… ∗∗∗ Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702) ∗∗∗ --------------------------------------------- The Qkr! with MasterPass iOS application (version 5.0.6 and below), does not validate the SSL certificate it receives when connecting to the application login server. --------------------------------------------- https://www.info-sec.ca/advisories/Qkr-MasterCard.html ∗∗∗ Android Security Bulletin - February 2019 ∗∗∗ --------------------------------------------- [...] The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-02-01.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libgd2), Fedora (java-11-openjdk, kernel, and kernel-headers), openSUSE (firefox, mysql-community-server, and pdns-recursor), Oracle (thunderbird), Red Hat (rh-haproxy18-haproxy, systemd, and thunderbird), SUSE (haproxy, spice, and uriparser), and Ubuntu (dovecot, kernel, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2, [...] --------------------------------------------- https://lwn.net/Articles/778507/ ∗∗∗ IBM Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by the use of Local Read Only Cache (LROC) which may result in directory corruption and undetected data corruption in regular files. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-scale-fo… ∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2018-11784, CVE-2018-8034) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-websphere-cast-ir… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by CKEditor (Preview Plugin) vulnerability (CVE-2014-5191) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by Apache POI vulnerability (CVE-2017-12626) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ HPESBHF03904 rev.1 - HPE Service Pack for ProLiant (SPP) Bundled Software, Local Access Restriction Bypass ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03907 rev.1 - HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers, Remote Cross-Site Scripting in HPE iLO 5 Web User Interface ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.02.2019
by Daily end-of-shift report 04 Feb '19

04 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-02-2019 18:00 − Montag 04-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Gute Passwörter erzeugen und sicher verwenden ∗∗∗ --------------------------------------------- Momentan ist das Ändern von Passwörtern wieder in aller Munde. Aber wie erzeugt man gute Passwörter und wie verwahrt man sie sicher? --------------------------------------------- http://heise.de/-4295052 ∗∗∗ Introducing Zombie POODLE and GOLDENDOODLE ∗∗∗ --------------------------------------------- I’m excited to announce that I will be presenting at this year’s Black Hat Asia about my research into detecting and exploiting CBC padding oracles! Zombie POODLE and GOLDENDOODLE are the names I’ve given to the vulnerabilities I’ll be discussing. Similar to ROBOT, DROWN and many other vulnerabilities affecting HTTPS, these issues stem from continued use of cryptographic modes which should have been long ago deprecated and yet are inexplicably still supported in TLSv1.2. In this case, the troublesome feature is that TLSv1.2 supports CBC mode ciphersuites. --------------------------------------------- https://www.tripwire.com/state-of-security/vulnerability-management/zombie-… ∗∗∗ Datendiebe versenden gefälschte upc.at-Mail ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte upc.at-Nachricht. Darin behaupten sie, dass das E-Mailpostfach von Empfänger/innen voll sei. Damit Kund/innen weiterhin Nachrichten empfangen können, sollen sie ihre Zugangsdaten auf einer gefälschten upc.at-Website nennen. Folgen sie der Anweisung, werden sie Opfer eines Datendiebstahls. Kriminelle erlangen Zugriff auf ihr E-Mailkonto und können es für Verbrechen nutzen. --------------------------------------------- https://www.watchlist-internet.at/news/datendiebe-versenden-gefaelschte-upc… ∗∗∗ Security researchers discover new Linux backdoor named SpeakUp ∗∗∗ --------------------------------------------- Named SpeakUp, this malware is currently distributed to Linux servers mainly located in China. The hackers behind this recent wave of attacks are using an exploit for the ThinkPHP framework to infect servers with this new malware strain. --------------------------------------------- https://www.zdnet.com/article/security-researchers-discover-new-linux-backd… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheit: Libreoffice schließt Lücke, Openoffice bleibt verwundbar ∗∗∗ --------------------------------------------- Eine Sicherheitslücke, die die freien Office-Programme Libreoffice und Openoffice betrifft, erlaubt Angreifern das Ausführen von Code mittels einer Skript-Schnittstelle. Von Libreoffice gibt es ein Update, von Openoffice nicht. --------------------------------------------- https://www.golem.de/news/sicherheit-libreoffice-schliesst-luecke-openoffic… ∗∗∗ devolo dLAN 550 duo+ Starter Kit Remote Code Execution ∗∗∗ --------------------------------------------- The devolo firmware has what seems to be a hidden services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the attacker to start services that are deprecated or discontinued and achieve remote arbitrary code execution with root privileges. --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php ∗∗∗ Sicherheitsforscher: Kritische Lücke in macOS erlaubt Auslesen von Passwörtern ∗∗∗ --------------------------------------------- Erneut ist eine schwere Schwachstelle bei dem in macOS integrierten Schlüsselbund bekanntgeworden: Manipulierte Software sei dadurch in der Lage, sämtliche Zugangsdaten des Nutzers aus der lokalen Keychain auszulesen – mitsamt der Passwörter im Klartext, wie der Sicherheitsforscher Linus Henze mitteilte. --------------------------------------------- http://heise.de/-4297437 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind, firefox, GNOME, kernel, systemd, and thunderbird), Debian (debian-security-support, drupal7, libreoffice, libvncserver, phpmyadmin, and rssh), Fedora (binutils and firefox), Mageia (firefox and netatalk), openSUSE (avahi and python-paramiko), Red Hat (Red Hat Gluster Storage Web Administration), Slackware (mariadb), and SUSE (java-11-openjdk, kernel, and python). --------------------------------------------- https://lwn.net/Articles/778407/ ∗∗∗ D-LINK Router DIR-823G: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- Router der Firma D-Link enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Geräte sind hauptsächlich für private Anwender und Kleinunternehmen konzipiert. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in D-LINK Router DIR-823G ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0104 ∗∗∗ Over 485,000 Ubiquiti devices vulnerable to new attack ∗∗∗ --------------------------------------------- Ubiquiti Networks is working on a fix for a newly discovered security issue affecting its devices that attackers have been exploiting since July last year. Attackers are sending small packets of 56 bytes to port 10,001 on Ubiquiti devices, which are reflecting and relaying the packets to a target's IP address amplified to a size of 206 bytes (amplification factor of 3.67). --------------------------------------------- https://www.zdnet.com/article/over-485000-ubiquiti-devices-vulnerable-to-ne… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by a remote code execution vulnerability in Drupal (CVE-2019-6339) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by a vulnerability in Oracle MySQL (CVE-2018-3251) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by access token leak (CVE-2019-4008) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.02.2019
by Daily end-of-shift report 01 Feb '19

01 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 31-01-2019 18:00 − Freitag 01-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sextortion: Follow the Money Part 3 - The cashout begins! ∗∗∗ --------------------------------------------- There hasnt been much to update in the several months since the Sexploitation: Follow the money updates in Diary 1 and Diary 2. For those of you who didnt read those diaries. When the Sextortion email campaign began in July, I asked for ISC reader submissions of the BTC addresses from that campaign so we could attempt to follow the Bitcoins created by the payments from this campaign. --------------------------------------------- https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+ca… ∗∗∗ Pants down: Sicherheitslücke in Server-Fernwartung ∗∗∗ --------------------------------------------- Server und Mainboards mit einigen Fernwartungschips von Aspeed sind angreifbar; auch die offene BMC-Firmware OpenBMC ist betroffen. --------------------------------------------- http://heise.de/-4296144 ∗∗∗ Most Magento shops get compromised via vulnerable extensions ∗∗∗ --------------------------------------------- Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot. "The method is straightforward: attacker uses an extension bug to hack into a Magento store. Once in, they download all of the other installed extensions. The attacker then searches the downloaded code for 0day security issues, such as POI, SQLi and XSS flaws. Once found, the attacker launches a global scan to [...] --------------------------------------------- https://www.helpnetsecurity.com/2019/02/01/magento-vulnerable-extensions/ ∗∗∗ Surviving DNS Flag Day ∗∗∗ --------------------------------------------- DNS Flag Day is here and with it comes new changes that could impact your domain's availability. What do you need to know and how can you quickly identify its impacts on you and your users? Read on for our quick guide to what it's all about and how to avoid disruption to your digital services. --------------------------------------------- https://blog.thousandeyes.com/surviving-dns-flag-day/ ∗∗∗ This smart light bulb could leak your Wi-Fi password ∗∗∗ --------------------------------------------- LIFX smart bulbs contained vulnerabilities which could be exploited with a little ingenuity and the help of a hacksaw. --------------------------------------------- https://www.zdnet.com/article/this-smart-light-bulb-could-leak-your-wi-fi-p… ===================== = Vulnerabilities = ===================== ∗∗∗ IDenticard PremiSys ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for use of hard-coded credentials, use of hard-coded password, and inadequate encryption strength vulnerabilities reported in the IDenticard PremiSys access control system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-031-02 ∗∗∗ Schneider Electric EVLink Parking ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for use of hard-coded credentials, code injection, and SQL injection vulnerabilities reported in Schneider Electric’s EVLink Parking, an electric vehicle charging station. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (agg, golang-1.7, golang-1.8, mariadb-10.0, and postgis), Fedora (kernel, kernel-headers, and kernel-tools), Mageia (gitolite and libvorbis), openSUSE (pdns-recursor and webkit2gtk3), Oracle (firefox, ghostscript, kernel, polkit, spice, and spice-server), Red Hat (etcd, ghostscript, polkit, spice, and spice-server), Scientific Linux (ghostscript, polkit, spice, and spice-server), SUSE (python3), and Ubuntu (libvncserver). --------------------------------------------- https://lwn.net/Articles/778285/ ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletins: There is a security vulnerability in the XLXP-C component which is shipped in IBM Integration Bus and App Connect Enterprise (CVE-2018-1801) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletins-there-is-a-security-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Operations Center (CVE-2018-1553, CVE-2018-1683, CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Linux kernel vulnerability CVE-2018-16658 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K40523020 ∗∗∗ Java SE vulnerability CVE-2018-3183 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95003704 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.01.2019
by Daily end-of-shift report 31 Jan '19

31 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 30-01-2019 18:00 − Donnerstag 31-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mac "CookieMiner" Malware Aims to Gobble Crypto Funds ∗∗∗ --------------------------------------------- A newly discovered malware steals cookies, credentials and more to break into victims cryptocurrency exchange accounts. --------------------------------------------- https://threatpost.com/mac-cookieminer-malware-crypto/141334/ ∗∗∗ The D in SystemD stands for Danger, Will Robinson! Defanged exploit code for security holes now out in the wild ∗∗∗ --------------------------------------------- Capsule8 demos takeover technique to help sysadmins check for vulnerabilities Those who havent already patched a trio of recent vulnerabilities in the Linux worlds SystemD have an added incentive to do so: security biz Capsule8 has published exploit code for the holes. --------------------------------------------- https://www.theregister.co.uk/2019/01/31/systemd_exploit/ ∗∗∗ Tracking Unexpected DNS Changes ∗∗∗ --------------------------------------------- DNS is a key element of the Internet and, regularly, we read new bad stories. One of the last one was the Department of Homeland Security warning[1] about recent DNS hijacking attacks[2]. [...] it's not easy to detect unexpected changes but you can implement your own checks to tracks changes for your most visited websites. But from a website owner or network admin perspective, it is indeed a good practice to ensure that DNS servers authoritative for our domain zones are providing the --------------------------------------------- https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/ ∗∗∗ Top 10 Most Vulnerable WordPress Plugins ∗∗∗ --------------------------------------------- Kept properly updated, WordPress - including its plugins - is one of the most secure CMS available on the web. Provided the plugins are actively updated, most vulnerabilities are discovered and patched without widespread malicious exploitation. [...] In most cases, it's down to the users to make sure they apply the latest security updates to all their plugins. --------------------------------------------- https://www.htbridge.com/blog/top-10-most-vulnerable-wordpress-plugins.html ∗∗∗ IQ-Tests auf testific.com locken in Abo-Falle ∗∗∗ --------------------------------------------- Auf testific.com werden IQ- und Persönlichkeitstests angeboten. Konsument/innen, die an den Testungen teilnehmen, sollen ein Zertifikat erhalten, auf dem der IQ-Wert angegeben ist. Personen die den Intelligenztest durchführen, müssen im Anschluss 2,99 Euro bezahlen, um ihr Ergebnis zu erhalten. Ein versteckter Kostenhinweis zeigt: Es handelt sich um eine Abo-Falle, die 79,99 Euro pro Monat kostet. --------------------------------------------- https://www.watchlist-internet.at/news/iq-tests-auf-testificcom-locken-in-a… ∗∗∗ IoT botnet used in YouTube ad fraud scheme ∗∗∗ --------------------------------------------- TheMoons DDoS days are long gone. The botnet is now a proxy network for other criminal groups. --------------------------------------------- https://www.zdnet.com/article/iot-botnet-used-in-youtube-ad-fraud-scheme/#f… ∗∗∗ New security flaw impacts 5G, 4G, and 3G telephony protocols ∗∗∗ --------------------------------------------- Researchers have reported their findings and fixes should be deployed by the end of 2019. --------------------------------------------- https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-teleph… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitspatch: Dell Networking OS10 anfällig für Lauschattacken ∗∗∗ --------------------------------------------- Ein wichtiges Update schließt eine Sicherheitslücke im Switch-Betriebssystem Networking OS10 von Dell. --------------------------------------------- http://heise.de/-4294467 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (ghostscript), Debian (firefox-esr, libgd2, libvncserver, php-pear, rssh, and spice), Fedora (docker, docker-latest, firefox, moodle, and wireshark), Mageia (bluez, ghostscript, php-tcpdf, phpmyadmin, virtualbox, and zeromq), openSUSE (ghostscript), Red Hat (firefox), Scientific Linux (firefox), Slackware (kernel), and Ubuntu (avahi, firefox, and openjdk-8, openjdk-lts). --------------------------------------------- https://lwn.net/Articles/778107/ ∗∗∗ BlackBerry powered by Android Security Bulletin - January 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory - Authorization Bypass Vulnerability on Some Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190131-… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by a limited code injection vulnerability (CVE-2019-4038) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Manager FastBack (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Tivoli Application Dependency Discovery Manager (TADDM) could expose password hashes stored in system memory on target Windows systems that are discovered by TADDM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-applicatio… ∗∗∗ Linux kernel vulnerability CVE-2018-10901 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K07721343 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.01.2019
by Daily end-of-shift report 30 Jan '19

30 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 29-01-2019 18:00 − Mittwoch 30-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New LockerGoga Ransomware Allegedly Used in Altran Attack ∗∗∗ --------------------------------------------- Hackers have infected the systems of Altran Technologies with malware that spread through the company network, affecting operations in some European countries. To protect client data and its assets, Altran decided to shut down its network and applications. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-al… ∗∗∗ Z1: Zahnarztsoftware installiert lückenhaften Adobe Reader ∗∗∗ --------------------------------------------- Eine Verwaltungssoftware für Zahnarztpraxen installiert beim Update automatisch einen Adobe Reader in einer sehr alten Version, der zahlreiche bekannte Sicherheitslücken hat. Der Hersteller meint, das Problem behoben zu haben, das stimmt aber offenbar nicht. (Adobe Reader, PDF) --------------------------------------------- https://www.golem.de/news/z1-zahnarztsoftware-installiert-lueckenhaften-ado… ∗∗∗ CTF Writeup: Complex Drupal POP Chain ∗∗∗ --------------------------------------------- A recent Capture-The-Flag tournament hosted by Insomnihack challenged participants to craft an attack payload for Drupal 7. This blog post will demonstrate our solution for a PHP Object Injection with a complex POP gadget chain. --------------------------------------------- https://blog.ripstech.com/2019/complex-drupal-pop-chain/ ∗∗∗ Geldverlust und Datendiebstahl statt Traum-Immobilie! ∗∗∗ --------------------------------------------- Kriminelle inserieren günstige Miet- und Eigentumswohnungen, Häuser und Grundstücke auf bekannten Immobilienplattformen. Konsument/innen werden darüber informiert, dass eine Besichtigung über ein Treuhandunternehmen, also eine vertrauenswürdige Mittelsperson abgewickelt wird. Kautionen dürfen nicht bezahlt und Ausweisdokumente nicht übermittelt werden. Geld und Daten landen bei Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/news/geldverlust-und-datendiebstahl-statt… ∗∗∗ Matrix has slowly evolved into a Swiss Army knife of the ransomware world ∗∗∗ --------------------------------------------- The Matrix ransomware is usually deployed after cyber-criminals use unsecured RDP endpoints to compromise companies internal networks. --------------------------------------------- https://www.zdnet.com/article/matrix-has-slowly-evolved-into-a-swiss-army-k… ===================== = Vulnerabilities = ===================== ∗∗∗ Stryker Medical Beds ∗∗∗ --------------------------------------------- This medical device advisory provides mitigation recommendations for a reusing a nonce vulnerability in Strykers medical beds. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-01 ∗∗∗ Yokogawa License Manager Service ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a Unrestricted Upload of Files with Dangerous Type vulnerability reported in the Yokogawa License Manager Service application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-029-01 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5 ∗∗∗ --------------------------------------------- Cisco Talos is disclosing several vulnerabilities in ACD Systems Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX images. TIFF is a raster-based image format used in graphics editing projects, thus making it a very common file format thats used in Canvas Draw. PCX was a popular image format with early computers, and [...] --------------------------------------------- http://feedproxy.google.com/~r/feedburner/Talos/~3/4p-FF_Hp7xY/vulnerabilit… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (subversion), Debian (apache2, firefox-esr, qemu, rssh, and spice), Fedora (lua, mingw-python-qt5, mingw-qt5-qt3d, mingw-qt5-qtactiveqt, mingw-qt5-qtbase, mingw-qt5-qtcharts, mingw-qt5-qtdeclarative, mingw-qt5-qtgraphicaleffects, mingw-qt5-qtimageformats, mingw-qt5-qtlocation, mingw-qt5-qtmultimedia, mingw-qt5-qtquickcontrols, mingw-qt5-qtscript, mingw-qt5-qtsensors, mingw-qt5-qtserialport, mingw-qt5-qtsvg, mingw-qt5-qttools, [...] --------------------------------------------- https://lwn.net/Articles/777950/ ∗∗∗ Security Advisory - Double Free Vulnerability on Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190130-… ∗∗∗ Linux kernel vulnerability CVE-2018-18559 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K28241423 ∗∗∗ IBM Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Perl (CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18311) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-cloud-paks-are… ∗∗∗ IBM Security Bulletin: IBM Navigator for i is affected by CVE-2019-4040 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-navigator-for-i-i… ∗∗∗ IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1851) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-code-execution-vulner… ∗∗∗ IBM Security Bulletin: Bypass security vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2014-7810) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bypass-security-vulne… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ ZDI-19-157: Bitdefender SafePay exec Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-157/ ∗∗∗ ZDI-19-158: Bitdefender SafePay openFile Arbitrary File Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-158/ ∗∗∗ ZDI-19-159: Bitdefender SafePay launch Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-159/ ∗∗∗ ZDI: (0Day) Wecon LeviStudioU Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-143/ http://www.zerodayinitiative.com/advisories/ZDI-19-144/ http://www.zerodayinitiative.com/advisories/ZDI-19-145/ http://www.zerodayinitiative.com/advisories/ZDI-19-146/ http://www.zerodayinitiative.com/advisories/ZDI-19-147/ http://www.zerodayinitiative.com/advisories/ZDI-19-148/ http://www.zerodayinitiative.com/advisories/ZDI-19-149/ http://www.zerodayinitiative.com/advisories/ZDI-19-150/ http://www.zerodayinitiative.com/advisories/ZDI-19-151/ http://www.zerodayinitiative.com/advisories/ZDI-19-152/ http://www.zerodayinitiative.com/advisories/ZDI-19-153/ http://www.zerodayinitiative.com/advisories/ZDI-19-154/ http://www.zerodayinitiative.com/advisories/ZDI-19-155/ http://www.zerodayinitiative.com/advisories/ZDI-19-156/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.01.2019
by Daily end-of-shift report 29 Jan '19

29 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 28-01-2019 18:00 − Dienstag 29-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ A Miner Decline: The Surprising Slowdown of Cryptomining ∗∗∗ --------------------------------------------- This is the first of a three-part report on the state of three malware categories: miners, ransomware and information stealers. In Webroot's 2018 mid-term threat report, we outlined how cryptomining, and particularly cryptojacking, had become popular criminal tactics over the first six months of last year. This relatively novel method of cybercrime gained favour for being [...] --------------------------------------------- https://www.webroot.com/blog/2019/01/28/a-miner-decline-the-surprising-slow… ∗∗∗ FaceTime als Wanze – Apple schaltet Gruppenfunktion des VoIP-Dienstes ab ∗∗∗ --------------------------------------------- Ein Bug in Apples Kommunikationsdienst ermöglicht, das Mikrofon von iPhone und Mac aus der Ferne zu aktivieren. Apple ergreift Notfallmaßnahmen. --------------------------------------------- http://heise.de/-4290587 ∗∗∗ Sicherheitslücken in Microsoft Exchange gewähren Domain-Admin-Berechtigungen ∗∗∗ --------------------------------------------- Schwachstellen in allen Exchange-Server-Versionen machen Angreifer zu Domain-Administratoren. Ein Patch steht noch aus. --------------------------------------------- http://heise.de/-4290574 ∗∗∗ Aktuelle Trojaner-Welle: Emotet lauert in gefälschten Rechnungsmails ∗∗∗ --------------------------------------------- Offensichtlich hat es der Emotet-Schädling nun auf Privatpersonen abgesehen. Derzeit sind gehäuft gefälschte Amazon-, Telekom- und Vodafone-Mails unterwegs. --------------------------------------------- http://heise.de/-4291268 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in coTURN ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing three vulnerabilities in coTURN. coTURN is an open-source implementation of TURN and STUN servers that can be used as a general-purpose networking traffic TURN server. TURN servers are usually deployed in so-called "DMZ" zones - any server reachable from the internet - to provide firewall traversal solutions. --------------------------------------------- https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-multiple… ∗∗∗ Kleinanzeigen-Betrug boomt ∗∗∗ --------------------------------------------- Vorsicht beim Verkauf auf Kleinanzeigenplattformen wie willhaben, eBay, marketplace, quoka oder shpock. Aktuell häufen sich Anfragen von Interessent/innen, die das Geld angeblich einer Bank – die als Zwischenvermittler fungiert - "überweisen". Diese fragwürdige Bank hält den Betrag so lange zurück, bis Sie eine Versandbestätigung oder zu viel überwiesenes Geld übermitteln. Es handelt sich um eine Betrugsmasche! --------------------------------------------- https://www.watchlist-internet.at/news/kleinanzeigen-betrug-boomt/ ∗∗∗ Gefälschte Spar Umfrage: Versteckte Kosten statt gratis Technik! ∗∗∗ --------------------------------------------- Eine erfundene Umfrage wird momentan von Kriminellen massenhaft verschickt. Betroffene Personen, die den Links in der Nachricht folgen und die Umfrage durchführen, sollen mit einem gratis iPhone X, XS, Galaxy S9 oder einem MacBook belohnt werden. Ein versteckter Kostenhinweis bei der Eingabe der Kreditkartendaten zeigt aber: Statt Smartphone oder Laptop gibt's nur monatliche Kosten! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-spar-umfrage-versteckte-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (go-pie), Debian (wireshark), openSUSE (freerdp, libraw, openssh, pdns-recursor, singularity, and systemd), and Ubuntu (kernel, linux-hwe, and spice). --------------------------------------------- https://lwn.net/Articles/777806/ ∗∗∗ IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-has-a… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Check Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an Application Error vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-pa… ∗∗∗ IBM Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-qradar-p… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ The BIG-IP HTTP parser can incorrectly parse a tab character ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18263026 ∗∗∗ A virtual server with a Client SSL profile may accept non-SSL traffic ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21942600 ∗∗∗ BIG-IP APM XSS vulnerability CVE-2019-6591 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32840424 ∗∗∗ BIG-IP TMUI vulnerability CVE-2019-6589 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23566124 ∗∗∗ TMM vulnerability CVE-2019-6590 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55101404 ∗∗∗ The BIG-IP APM PingAccess component caching vulnerability may lead to user impersonation ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01226413 ∗∗∗ The BIG-IP ASM system may redirect a client request to an incorrect URL ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23432927 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.01.2019
by Daily end-of-shift report 28 Jan '19

28 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 25-01-2019 18:00 − Montag 28-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Datenbank: Lange bekannte MySQL-Lücke führt zu Angriffen ∗∗∗ --------------------------------------------- Das MySQL-Protokoll erlaubt es Servern, Daten des Clients auszulesen. Offenbar nutzte die kriminelle Gruppe Magecart dies zuletzt, um mit dem PHP-Datenbankfrontend Adminer Systeme anzugreifen. Auch PhpMyAdmin ist verwundbar. (MySQL, PHP) --------------------------------------------- https://www.golem.de/news/datenbank-lange-bekannte-mysql-luecke-fuehrt-zu-a… ∗∗∗ LabKey Vulnerabilities Threaten Medical Research Data ∗∗∗ --------------------------------------------- LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible. --------------------------------------------- https://threatpost.com/labkey-vulnerabilities-medical-research/141200/ ∗∗∗ NumPy Is Awaiting Fix for Critical Remote Code Execution Bug ∗∗∗ --------------------------------------------- The current version of the popular NumPy library relies on unsafe default usage of a Python module that could lead to remote code execution in the context of the affected application. --------------------------------------------- https://www.bleepingcomputer.com/news/security/numpy-is-awaiting-fix-for-cr… ∗∗∗ Jetzt patchen! Angreifer machen Jagd auf Cisco-Router ∗∗∗ --------------------------------------------- Sicherheitsforscher beobachten vermehrte Scans nach verwundbaren Routern von Cisco. Patches stehen zum Download bereit. --------------------------------------------- http://heise.de/-4289149 ∗∗∗ Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities ∗∗∗ --------------------------------------------- Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and intellectual properties. It allows the users to manage software license via USB key. A third vulnerability is located in userland and can be triggered remotely, as its located in the network [...] --------------------------------------------- https://blog.talosintelligence.com/2019/01/multiple-wibu-system-vulnerabili… ∗∗∗ Warnung vor software-outlet24.de ∗∗∗ --------------------------------------------- Auf software-outlet24.de werden Microsoft Office Pakete sowie Windows 10 und Windows 7 Produkt-Keys angeboten. Die Preise sind sehr günstig und laden zu einem schnellen Kauf ein. Zahlreiche Konsument/innen berichten uns von ausbleibenden Lieferungen und fehlender Rückerstattung. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-software-outlet24de/ ∗∗∗ WordPress sites under attack via zero-day in abandoned plugin ∗∗∗ --------------------------------------------- Developers of Total Donations plugin have gone missing, leaving former customers open to attacks. --------------------------------------------- https://www.zdnet.com/article/wordpress-sites-under-attack-via-zero-day-in-… ===================== = Vulnerabilities = ===================== ∗∗∗ Symantec Ghost Solution Suite DLL Hijack ∗∗∗ --------------------------------------------- Symantec Ghost Solution Suite (GSS) may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application. --------------------------------------------- https://support.symantec.com/en_US/article.SYMSA1474.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (apache, go, haproxy, matrix-synapse, nasm, and powerdns-recursor), Debian (coturn, ghostscript, krb5, policykit-1, and qtbase-opensource-src), Fedora (wireshark), openSUSE (nodejs4, nodejs8, openssh, PackageKit, and wireshark), Oracle (qemu and thunderbird), Scientific Linux (thunderbird), and SUSE (avahi, krb5, and python-paramiko). --------------------------------------------- https://lwn.net/Articles/777688/ ∗∗∗ Security Advisory - Memory Double Free Vulnerability in Image Processing Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190128-… ∗∗∗ IBM Security Bulletin: API Connect V5 is impacted by sensitive information disclosure via a REST API (CVE-2018-1976) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-imp… ∗∗∗ IBM Security Bulletin: Security Bulletin: Vulnerability in IBM Java SDK affects IBM Developer for z Systems (CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-vul… ∗∗∗ phpMyAdmin: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0089 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.01.2019
by Daily end-of-shift report 25 Jan '19

25 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 24-01-2019 18:00 − Freitag 25-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fighting Emotet: lessons from the front line ∗∗∗ --------------------------------------------- Emotet is moving, shape-shifting target for admins and their security software. Heres what weve learned from dealing with outbreaks. --------------------------------------------- https://nakedsecurity.sophos.com/2019/01/25/fighting-emotet-lessons-from-th… ∗∗∗ Youre an admin! Youre an admin! Youre all admins, thanks to this Microsoft Exchange zero-day and exploit ∗∗∗ --------------------------------------------- Easily swapped hashed passwords gives Domain Admin rights via API call. Fix may land next month Microsoft Exchange appears to be currently vulnerable to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/01/25/microsoft_e… ∗∗∗ Magento – RCE & Local File Read with low privilege admin rights ∗∗∗ --------------------------------------------- These vulnerabilities have been responsibly disclosed to Magento team, and received patches in Magento versions 2.3.0, 2.2.7 and 2.1.16 which were released in November 2018. --------------------------------------------- https://blog.scrt.ch/2019/01/24/magento-rce-local-file-read-with-low-privil… ∗∗∗ Mac-Trojaner versteckt sich in Werbebannern ∗∗∗ --------------------------------------------- Die auf macOS abzielende Malware wird in großem Stil per Banner-Werbung ausgeliefert und steganographisch versteckt, warnt eine Sicherheitsfirma. --------------------------------------------- http://heise.de/-4287382 ∗∗∗ Neue Passwort-Leaks: Insgesamt 2,2 Milliarden Accounts betroffen ∗∗∗ --------------------------------------------- Nach der Passwort-Sammlung Collection #1 kursieren nun auch die riesigen Collections #2-5 im Netz. So überprüfen Sie, ob Ihre Accounts betroffen sind. --------------------------------------------- http://heise.de/-4287538 ∗∗∗ Diverse Sicherheitslücken in iTunes für Windows ∗∗∗ --------------------------------------------- Apple hat seiner Mediathek-App auf dem PC ein Update spendiert, das mehr als ein halbes Dutzend Bugs fixt – darunter auch kritische. --------------------------------------------- http://heise.de/-4287940 ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess/SCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper authentication, authentication bypass, and SQL injection vulnerabilities in the WebAccess/SCADA software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01 ∗∗∗ PHOENIX CONTACT FL SWITCH ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for cross-site request forgery, improper restriction of excessive authentication attempts, cleartext transmission of sensitive information, resource exhaustion, incorrectly specified destination in a communication channel, insecure storage of sensitive information, and memory corruption vulnerabilities reported in Phoenix Contacts FL SWITCH ethernet hardware. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mxml, postgresql-9.4, and tmpreaper), Fedora (haproxy and runc), openSUSE (krb5, soundtouch, virtualbox, and zeromq), Oracle (thunderbird), Red Hat (thunderbird), and Ubuntu (subversion and thunderbird). --------------------------------------------- https://lwn.net/Articles/777549/ ∗∗∗ Cross-site scripting in CA Automic Workload Automation Web Interface (formerly Automic Automation Engine) ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-a… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by vulnerabilities in VMWare component (CVE-2018-6981 CVE-2018-6982) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: OpenSSL vunerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vunerability/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (October 2018 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System (July and October 2018 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6974) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: Multiple Foreshadow Spectre Variant vulnerabilities affect IBM OS Image for Red Hat Linux Systems in IBM PureApplication System (CVE-2018-3615 CVE-2018-3620 CVE-2018-3646) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-foreshadow-s… ∗∗∗ IBM SECURITY BULLETIN: IBM QRadar SIEM is vulnerable to Content Spoofing (CVE-2018-1733) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6972) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway appliances are affected by a vulnerability in IPMI (CVE-2018-1668) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability (CVE-2018-3639) pertaining third-party CPU hardware ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.01.2019
by Daily end-of-shift report 24 Jan '19

24 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 23-01-2019 18:00 − Donnerstag 24-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Verschlüsselung: Open SSL 1.1.1 überzeugt im Sicherheitsaudit ∗∗∗ --------------------------------------------- Die Initiativen Ostif und Quarkslab haben OpenSSL 1.1.1 einem Audit unterzogen. Den Fokus legten die Sicherheitsforscher auf die neuen TLS-1.3-Funktionen und die Änderungen am Pseudo Random Number Generator (PRNG). --------------------------------------------- https://www.golem.de/news/verschluesselung-open-ssl-1-1-1-ueberzeugt-im-sic… ∗∗∗ Bit-and-Piece DDoS Method Emerges to Torment ISPs ∗∗∗ --------------------------------------------- Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes. --------------------------------------------- https://threatpost.com/bit-and-piece-ddos-method-emerges-to-torment-isps/14… ∗∗∗ Gefälschte amazon.de-Versandbestätigung im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte amazon.de-Versandbestätigung. Darin schreiben sie, dass das von den Empfänger/innen bei der reBuy reCommerce GmbH bestellte Produkt am Versandweg sei. Weiterführende informationen zu dem Einkauf können Konsument/innen der Datei BESTELLDETAILS_eDATEI.doc entnehmen. Sie verbirgt Schadsoftware, weshalb Kund/innen sie nicht öffnen dürfen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-amazonde-versandbestaeti… ===================== = Vulnerabilities = ===================== ∗∗∗ Panels Breadcrumbs - Moderately critical - Cross site scripting - SA-CONTRIB-2019-007 ∗∗∗ --------------------------------------------- Project: Panels Breadcrumbs Version: 7.x-2.3 Date: 2019-January-23 Description: Panels Breadcrumbs allows you to set your breadcrumbs directly from Panels configuration. This module doesnt properly sanitize custom breadcrumb configuration in all cases, leading to an XSS vulnerability.This vulnerability is mitigated by the fact that an attacker must have permission --------------------------------------------- https://www.drupal.org/sa-contrib-2019-007 ∗∗∗ Preview Link - Moderately critical - Access bypass - SA-CONTRIB-2019-004 ∗∗∗ --------------------------------------------- Project: Preview Link Date: 2019-January-23 Description: The Preview Link module enables you to generate preview links so anonymous users can access unpublished revisions of content.The last release of the module introduced an access bypass allowing users to present invalid tokens but still access unpublished content. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-004 ∗∗∗ Playstation 4, Xbox One, Surface-Laptops: Kritische Schwachstellen im WLAN-Chip ∗∗∗ --------------------------------------------- Jetzt bekannt gewordene Sicherheitslücken erlauben es anscheinend, die Geräte aus dem lokalen WLAN ohne Interaktion des Nutzers zu kapern. --------------------------------------------- http://heise.de/-4286639 ∗∗∗ Böser Bug in PostScript trifft GhostScript und damit viele andere Programme ∗∗∗ --------------------------------------------- Ein Problem in den Tiefen der PostScript-Spezifikation lässt sich ausnutzen, um bösartigen Code auszuführen. --------------------------------------------- http://heise.de/-4286563 ∗∗∗ TLS Padding Oracle Vulnerability in Citrix Application Delivery Controller (ADC) and NetScaler Gateway ∗∗∗ --------------------------------------------- A vulnerability has been identified in the Citrix Application Delivery Controller (ADC) formally known as NetScaler ADC and NetScaler Gateway platforms using hardware acceleration that could allow an attacker to exploit the appliance to decrypt TLS traffic. This vulnerability does not directly allow an attacker to obtain the TLS private key. This vulnerability has been assigned the following CVE: CVE-2019-6485 --------------------------------------------- https://support.citrix.com/article/CTX240139 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (perl), Fedora (anaconda, curl, and poppler), openSUSE (ntpsec), SUSE (ghostscript, kernel, rubygem-activejob-4_2, and webkit2gtk3), and Ubuntu (ghostscript and mysql-5.7). --------------------------------------------- https://lwn.net/Articles/777480/ ∗∗∗ McAfee Total Protection: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- CB-K19/0079: McAfee Total Protection: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0079 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.01.2019
by Daily end-of-shift report 23 Jan '19

23 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 22-01-2019 18:00 − Mittwoch 23-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft’s Cyber Defense Operations Center shares best practices ∗∗∗ --------------------------------------------- You can download the Cyber Defense Operations Center strategy brief to gain more insight into how we work to protect, detect, and respond to cybersecurity threats. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2019/01/23/cdoc-best-practices/ ∗∗∗ Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com ∗∗∗ --------------------------------------------- Two of the most disruptive and widely-received spam email campaigns over the past few months -- including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year -- were made possible thanks to an authentication weakness at GoDaddy.com, the worlds largest domain name registrar, KrebsOnSecurity has learned. Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains tied to GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world’s most trusted corporate names and brands. --------------------------------------------- https://krebsonsecurity.com/2019/01/bomb-threat-sextortion-spammers-abused-… ∗∗∗ Gefälschte Geschäftsführungs-mail zu Kontostand ∗∗∗ --------------------------------------------- Unternehmen aufgepasst: Momentan erreichen uns zahlreiche Meldungen zu Betrugs-E-Mails, in welchen Kriminelle sich als Geschäftsführer/in des jeweiligen Unternehmens ausgeben. Gefragt wird nach dem aktuellen Kontostand. Ist genug Geld am Konto, soll eine Auslandsüberweisung initiiert werden. Das Geld darf nicht überwiesen werden, denn es wäre verloren. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-geschaeftsfuehrungs-mail… ∗∗∗ Rechtliche Folgen für Phishing-Opfer ∗∗∗ --------------------------------------------- Konsument/innen, die auf eine Banken-Phishingmail hereinfallen, übermitteln Kriminelle Daten, die diesen einen Zugriff auf ihr OnlineBanking-Konto ermöglichen. Teilen Kund/innen den Betrüger/innen telefonisch den TAN-Code zur Freigabe einer Überweisung mit, bleiben sie auf ihrem Schaden sitzen. Sie halten keine allgemein bekannten Sicherheitsvorkehrungen ein. --------------------------------------------- https://www.watchlist-internet.at/news/rechtliche-folgen-fuer-phishing-opfe… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-19-121: (0day) Microsoft Windows contact File Insufficient UI Warning Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of CONTACT files. Crafted data in a CONTACT file can cause Windows to display a dangerous hyperlink. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of the current user. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-121/ ∗∗∗ No-Name-Hausautomation: Lücke erlaubt leichten Firmware-Upload ∗∗∗ --------------------------------------------- Viele Geräte für die Hausautomation stammen von der Firma Tuya und haben Sicherheitslücken, die einfache Modifikation zulassen – zum Guten oder zum Schlechten. --------------------------------------------- https://heise.de/-4284783 ∗∗∗ Kritische Sicherheitslücke in Debians Update-Tools ∗∗∗ --------------------------------------------- Debian-basierte Linux-Systeme weisen eine Sicherheitslücke auf, über die Angreifer das System während des Einspielens von Sicherheits-Updates kapern könnten. --------------------------------------------- http://heise.de/-4285012 ∗∗∗ iOS 12.1.3 & Co: Apple stopft gravierende Schwachstellen auf iPhone und Mac ∗∗∗ --------------------------------------------- Mit Updates für alle Betriebssysteme räumt der Konzern Sicherheitslücken aus. Ein Bug erlaubt das Schadcode-Einschleusen per FaceTime-Anruf. --------------------------------------------- http://heise.de/-4285106 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libjpeg-turbo and systemd), Fedora (matrix-synapse, mingw-libjpeg-turbo, and mingw-libvorbis), Mageia (libcaca, libmp4v2, libxml2, pdns-recursor, perl-Email-Address, php-pear-HTML_QuickForm, podofo, and wavpack), openSUSE (webkit2gtk3), Red Hat (qemu-kvm-rhev), Scientific Linux (perl), Slackware (httpd), and Ubuntu (ntp). --------------------------------------------- https://lwn.net/Articles/777385/ ∗∗∗ OpenBMC caught with 'pantsdown' over new security flaw ∗∗∗ --------------------------------------------- A severe vulnerability has been found which impacts multiple Baseboard Management Controller (BMC) firmware stacks and hardware. The bug, CVE-2019-6260, has been nicknamed "pantsdown" ... --------------------------------------------- https://www.zdnet.com/article/bmc-caught-with-pantsdown-over-new-batch-of-s… ∗∗∗ Dräger Infinity Delta ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01 ∗∗∗ Johnson Controls Facility Explorer ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01 ∗∗∗ Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Connected Mobile Experiences Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco AMP Threat Grid API Key Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings Server Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by a vulnerability (CVE-2018-1959) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Server Automation is affected by the following vulnerabilities exposures (CVE-2018-8039, CVE-2018-1683, CVE-2018-1755) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-server-automation-is-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Integration Designer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ PHOENIX CONTACT Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-001 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.01.2019
by Daily end-of-shift report 22 Jan '19

22 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 21-01-2019 18:00 − Dienstag 22-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Remote Code Execution Bug Patched in APT Linux Package Manager ∗∗∗ --------------------------------------------- A remote code execution bug was discovered by security contractor Max Justicz in the APT high level package manager used by Debian, Ubuntu, and other related Linux distributions. The bug has been fixed today in the latest versions of APT. --------------------------------------------- https://www.bleepingcomputer.com/news/security/remote-code-execution-bug-pa… ∗∗∗ Sicherheitsupdates: Adobe Experience Manager könnte Daten leaken ∗∗∗ --------------------------------------------- Adobe hat wichtige Patches für Experience Manager und Experience Manager Forms veröffentlicht. Keine Sicherheitslücke gilt als kritisch. --------------------------------------------- http://heise.de/-4284723 ∗∗∗ Gefälschte Apple Pay E-Mails im Umlauf ∗∗∗ --------------------------------------------- Internetnutzer/innen erhalten Rechnungen von Apple Pay. Darin werden Käufe aufgelistet, die nie stattgefunden haben. Um ein Problem zu melden, sollen Betroffene einem Link folgen, der auf eine gefälschte Support-Seite führt. Konsument/innen dürfen hier keine Daten angeben! Kriminelle versuchen fremde Apple-IDs zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-apple-pay-e-mails-im-uml… ∗∗∗ Kein Geld von Spar Kredit ∗∗∗ --------------------------------------------- Konsument/innen, die auf sparkredit.net einen Kredit beantragen, müssen dem Unternehmen persönliche Daten nennen und einen Meldezettel samt Personalausweis übermitteln. Sie erfahren, dass sie Vorschusszahlungen an Spar Kredit leisten müssen, bevor es zu einer Kreditauszahlung kommt. In Wahrheit erhalten Konsument/innen kein Geld und werden Opfer eines Identitätsdiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/kein-geld-von-spar-kredit/ ∗∗∗ DNS Flag Day am 01.02.2019 ∗∗∗ --------------------------------------------- Am Freitag, 01.02.2019 ist DNS Flag Day. Aber um welche "Flag" geht es hier? Ab diesem Tag wird eine Reihe großer DNS-Anbieter, darunter Google und Cloudflare, und alle großen Anbieter von opensource rekursiver DNS Software, darunter BIND und unbound, aufhören Workarounds einzusetzen, um mit Domains kommunizieren zu können, die den EDNS0 Standard (RFC 6891) nicht erfüllen. --------------------------------------------- http://www.cert.at/services/blog/20190122154001-2371.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apt and aria2), Fedora (kernel-headers, kernel-tools, and openssh), openSUSE (webkit2gtk3), Oracle (perl), Red Hat (perl), SUSE (freerdp, python-urllib3, systemd, and wireshark), and Ubuntu (apt, poppler, and tiff). --------------------------------------------- https://lwn.net/Articles/777315/ ∗∗∗ TYPO3 9.5.4 and 8.7.23 security releases published ∗∗∗ --------------------------------------------- https://typo3.org/article/typo3-954-and-8723-security-releases-published/ ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-is-a… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM MessageSight is affected by an IBM WebSphere Liberty expression language vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-ibm… ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager uses Less Secure Algorithms ( CVE-2018-1751) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-life… ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-0732, CVE-2018-0737, CVE-2018-14618, CVE-2018-1000301) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-5-x… ∗∗∗ TYPO3-PSA-2019-001: Possible Arbitrary Code Execution in CommandUtility API ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-001/ ∗∗∗ TYPO3-PSA-2019-002: Username and Email Address Enumeration ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-002/ ∗∗∗ TYPO3-PSA-2019-003: Cross-Site Scripting in Flash component (ELTS) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2019-003/ ∗∗∗ TYPO3-EXT-SA-2019-004: Object Injection in extension "mkmailer" (mkmailer) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2019-004/ ∗∗∗ TYPO3-EXT-SA-2019-003: Multiple vulnerabilities in extension "femanager" (femanager) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2019-003/ ∗∗∗ TYPO3-EXT-SA-2019-002: Multiple vulnerabilities in extension "typo3_forum" (typo3_forum) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2019-002/ ∗∗∗ Linux kernel vulnerability CVE-2018-18710 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11165942 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.01.2019
by Daily end-of-shift report 21 Jan '19

21 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 18-01-2019 18:00 − Montag 21-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Beware the man in the cloud: How to protect against a new breed of cyberattack ∗∗∗ --------------------------------------------- One malicious tactic that has become quite prevalent in recent years is known as a ‘man in the cloud’ (MitC) attack. This attack aims to access victims’ accounts without the need to obtain compromised user credentials beforehand. Below, this article explains the anatomy of MitC attacks and offers practical advice about what can be done to defend against them. What is MitC attack? --------------------------------------------- https://www.helpnetsecurity.com/2019/01/21/mitc-attack/ ∗∗∗ Warnung vor angeblichen Microsoft-Anrufen ∗∗∗ --------------------------------------------- Vermehrt gehen Meldungen zu Anrufen angeblicher Microsoft-Mitarbeiter/innen bei der Watchlist Internet ein. Die Betrüger/innen behaupten, Probleme am Computer der Betroffenen gefunden zu haben. Die angebotene Hilfe entpuppt sich schlussendlich als Datendiebstahl! Wer einen derartigen Anruf erhält, darf den Anweisungen nicht folgen und sollte umgehend auflegen. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-angeblichen-microsoft-an… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open ∗∗∗ --------------------------------------------- A default configuration allows full admin access to unauthenticated attackers. --------------------------------------------- https://threatpost.com/critical-unpatched-cisco-flaw/141010/ ∗∗∗ Xen Security Advisory 289 v2 - Spectre V1 gadgets exploitable with L1TF ∗∗∗ --------------------------------------------- A number of specific exploitable gadgets have been identified. There are no new vulnerabilities. There is only new information about existing vulnerabilities: specifically, confirmation that existing, previously disclosed, vulnerabilities, can be exploited in specific ways. ... As discussed in XSA-273, disabling SMT / hyperthreading will avoid the L1TF vulnerability. It will therefore prevent the use of the exploitable code patterns discussed in this advisory. --------------------------------------------- https://lists.xenproject.org/archives/html/xen-announce/2019-01/msg00006.ht… ∗∗∗ [Pdns-announce] PowerDNS Recursor 4.1.9 Released ∗∗∗ --------------------------------------------- This release fixes the following security issues: - PowerDNS Security Advisory 2019-01 (CVE-2019-3806): Lua hooks are not called over TCP - PowerDNS Security Advisory 2019-02 (CVE-2019-3807): DNSSEC validation is not performed for AA=0 responses --------------------------------------------- https://mailman.powerdns.com/pipermail/pdns-announce/2019-January/001101.ht… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (gitolite3, gvfs, php, radare2, and syslog-ng), Mageia (libssh, php, python-django16, and rdesktop), openSUSE (podofo), and SUSE (libraw, openssh, PackageKit, and wireshark). --------------------------------------------- https://lwn.net/Articles/777250/ ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services: Information Leakage in configuration listing (CVE-2018-1670) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.01.2019
by Daily end-of-shift report 18 Jan '19

18 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 17-01-2019 18:00 − Freitag 18-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows Zero-Day Bug that Overwrites Files Gets Interim Fix ∗∗∗ --------------------------------------------- A micropatch has been released today for a vulnerability in Windows that allows overwriting files, even system one, with arbitrary data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-zero-day-bug-that-ov… ∗∗∗ Hosting malicious sites on legitimate servers: How do threat actors get away with it? ∗∗∗ --------------------------------------------- Is money all hosting providers care about when it comes to allowing malicious sites on their servers? Or is there more at play? We embark on an investigation to discover their motives. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/malware/2019/01/hosting-malicious-… ∗∗∗ Datendiebstahl bei Umfragen auf gremski.org ∗∗∗ --------------------------------------------- Gremski.org gibt an, ein Marktforschungsinstitut zu sein, auf dem Konsument/innen bis zu 100 Euro pro abgeschlossener Umfrage verdienen können. Bei der Anmeldung müssen Interessent/innen auch ihre Ausweisdokumente wie Personalausweis oder Pass hochladen. Im Rahmen der ersten vermeintlichen Umfrage sollen sie plötzlich ein Konto bei der N26 Bank eröffnen. Achtung: es handelt sich um Identitätsdiebstahl! --------------------------------------------- https://www.watchlist-internet.at/news/datendiebstahl-bei-umfragen-auf-grem… ∗∗∗ This malware spreading tool is back with some new tricks ∗∗∗ --------------------------------------------- The Fallout exploit kit is back delivering GandCrab ransomware after a brief hiatus. --------------------------------------------- https://www.zdnet.com/article/this-malware-spreading-tool-is-back-with-some… ===================== = Vulnerabilities = ===================== ∗∗∗ Omron CX-Supervisor ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for code injection, command injection, use after free, and type confusion vulnerabilities in Omrons CX-Supervisor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01 ∗∗∗ ABB CP400 Panel Builder TextEditor 2.0 ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper input validation vulnerability in ABBs CP400 Panel Builder TextEditor 2.0. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-017-02 ∗∗∗ ControlByWeb X-320M ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for improper authentication and cross-site scripting vulnerabilities in the ControlByWeb X-320M, a web-enabled weather station. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-017-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7), Fedora (electrum and perl-Email-Address), Mageia (gthumb), openSUSE (gitolite, kernel, krb5, libunwind, LibVNCServer, live555, mutt, wget, and zeromq), SUSE (krb5, mariadb, nodejs4, nodejs8, soundtouch, and zeromq), and Ubuntu (irssi). --------------------------------------------- https://lwn.net/Articles/777134/ ∗∗∗ Security Advisory - Two Vulnerabilities in Huawei PCManager Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-… ∗∗∗ IBM Security Bulletin: APIC is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apic-is-affected-by-a… ∗∗∗ IBM Security Bulletin: PowerVC is affected by an Openstack Keystone vulnerability that could allow a remote authenticated attacker to discover restricted projects (CVE-2018-14432) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-powervc-is-affected-b… ∗∗∗ January 2019 OpenSSH security vulnerabilities ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31781390 ∗∗∗ OTRS: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0062 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.01.2019
by Daily end-of-shift report 17 Jan '19

17 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 16-01-2019 18:00 − Donnerstag 17-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Over 140 International Airlines Affected by Major Security Breach ∗∗∗ --------------------------------------------- Potential attackers could view and change private information in flight bookings made by millions of customers of major international airlines because of a security issue in the Amadeus online booking system --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-140-international-airli… ∗∗∗ Forest for the trees: an IoT security standards gap analysis ∗∗∗ --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/forest-for-the-trees-an-iot-sec… ∗∗∗ Passwort-Sammlung mit 773 Millionen Online-Konten im Netz aufgetaucht ∗∗∗ --------------------------------------------- Eine riesige Sammlung mit Zugangsdaten zu Online-Diensten zirkuliert in Untergrund-Foren. Die Passwörter von Millionen Nutzern sind betroffen. --------------------------------------------- https://heise.de/-4279375 ∗∗∗ New Year’s resolutions: Routing done right ∗∗∗ --------------------------------------------- As another thing to improve this year, you may want to route your focus on a device that is the nerve center of your network and, if poorly secured, the epicenter of much potential trouble [...] --------------------------------------------- https://www.welivesecurity.com/2019/01/17/new-years-resolutions-routing-don… ∗∗∗ thermenservice-24.at ist unseriös ∗∗∗ --------------------------------------------- Bei thermenservice-24.at handelt es sich um einen Installateur, der 24 Stunden erreichbar ist. Die sogenannten „Thermenprofis“, sind bei jeder Tages- und Nachtzeit verfügbar, schnell vor Ort und locken mit günstigen Preisen. Es handelt sich jedoch um einen unseriösen Anbieter, der das Problem nicht behebt und nicht erfolgte Leistung überteuert verrechnet! --------------------------------------------- https://www.watchlist-internet.at/news/thermenservice-24at-ist-unserioes/ ∗∗∗ Betrügerischer Apple-Shop ios-world.de! ∗∗∗ --------------------------------------------- Auf ios-world.de werden Apple-Produkte wie iPhones, Apple Watch, MacBooks und iMacs angeboten. Die Preise liegen weit unter Marktwert und laden zu einem schnellen Kauf ein. Doch Vorsicht: Konsument/innen dürfen hier nichts kaufen! Es handelt sich um einen Fake-Shop, bei dem Sie per Vorkasse zahlen und keine Ware erhalten. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerischer-apple-shop-ios-world… ∗∗∗ Malware Used by "Rocke" Group Evolves to Evade Detection by Cloud Security Products ∗∗∗ --------------------------------------------- Palo Alto Networks Unit 42 recently captured and investigated new samples of the Linux coin mining malware used by the Rocke group. The family was suspected to be developed by the Iron cybercrime group and it’s also associated with the Xbash malware we reported on in September of 2018. The threat actor Rocke was originallyThe post Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal Releases Security Updates ∗∗∗ --------------------------------------------- Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. A remote attacker could exploit these vulnerabilities to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/01/16/Drupal-Releases-Se… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libvncserver), Debian (sssd), Fedora (kernel and kernel-headers), Red Hat (ansible, openvswitch, pyOpenSSL, python-django, and redis), and Ubuntu (policykit-1). --------------------------------------------- https://lwn.net/Articles/777010/ ∗∗∗ IBM Security Bulletin: Publicly disclosed vulnerability in Oracle Outside In Technology used by IBM FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vu… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by Apache Tomcat vulnerability CVE-2018-8034 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… ∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager affected by Apache HttpClient security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-filenet-content-m… ∗∗∗ IBM Security Bulletin: B2B Advanced Communications is Affected by Multiple Vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-b2b-advanced-communic… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.01.2019
by Daily end-of-shift report 16 Jan '19

16 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 15-01-2019 18:00 − Mittwoch 16-01-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fortnite Hacked Via Insecure Single Sign-On ∗∗∗ --------------------------------------------- Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts. --------------------------------------------- https://threatpost.com/fortnite-hacked-via-insecure-single-sign-on/140913/ ∗∗∗ OWASP Top 10 Security Risks – Part V ∗∗∗ --------------------------------------------- To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. --------------------------------------------- https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html ∗∗∗ Critical Patch Update: Oracle startet das Jahr mit 284 Sicherheitsupdates ∗∗∗ --------------------------------------------- In seinem Quartalsupdate veröffentlicht Oracle quer durch sein Software-Portfolio abgesicherte Versionen. Viele Lücken gelten als kritisch. --------------------------------------------- http://heise.de/-4277705 ∗∗∗ IDenticard PremiSys: Gebäude-Überwachungssystem mit eingebauten Hintertüren ∗∗∗ --------------------------------------------- Zero-Day-Lücken in einer verbreiteten Software für Gebäude-Sicherheit erlauben es Einbrechern, sich eigene Zugangskarten auszustellen. --------------------------------------------- http://heise.de/-4277935 ∗∗∗ Warnung vor Maxi Size Gel ∗∗∗ --------------------------------------------- Im Internet findet sich Werbung für das Penisvergrößerungsmittel Maxi Size Gel. Interessenten können es auf the-maxisizeelb.com bestellen. Von einer Bestellung des Maxi Size Gels raten wir ab, denn es ist fraglich, welche Wirkung das Mittel hat und unklar, wie die unbekannten Vertreiber/innen mit den persönlichen Daten ihrer Kunden umgehen. Beides birgt ein hohes Risko --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-maxi-size-gel/ ∗∗∗ iPhones nicht auf iPhoneIMEI.net entsperren! ∗∗∗ --------------------------------------------- iphoneimei.net verspricht, iPhones aller Generationen freischalten zu können und somit für alle Netze zu öffnen. Verlangt werden dafür 28 US-Dollar. iPhoneuser, die Dienste von iphoneimei.net in Anspruch nehmen wollen, werden enttäuscht, denn statt freigeschalteter iPhones erhalten sie weitere Zahlungsaufforderungen. Die versprochene Leistung erfolgt nie. --------------------------------------------- https://www.watchlist-internet.at/news/iphones-nicht-auf-iphoneimeinet-ents… ∗∗∗ Advertising network compromised to deliver credit card stealing code ∗∗∗ --------------------------------------------- Hundreds of online stores confirmed to be impacted, thousands of more under investigation. --------------------------------------------- https://www.zdnet.com/article/advertising-network-compromised-to-deliver-cr… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (systemd and wireshark), Fedora (openssh, php-horde-Horde-Form, and unrtf), Mageia (aria2, libvncserver, x11vnc, and nss), Oracle (kernel and libvncserver), Scientific Linux (libvncserver), SUSE (kernel, soundtouch, webkit2gtk3, and wget), and Ubuntu (libcaca and policykit-1). --------------------------------------------- https://lwn.net/Articles/776894/ ∗∗∗ Synology-SA-19:05 Moments ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to upload arbitrary files via a susceptible version of Moments. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_05 ∗∗∗ Security Advisory - Race Condition Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190116-… ∗∗∗ Microsoft Skype for Business: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0059 ∗∗∗ Microsoft Team Foundation Server: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0055 ∗∗∗ SCP in mehreren Produkten: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0058 ∗∗∗ IBM Security Bulletin: WAS traditional and liberty vulnerable to CVE-2014-7810 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-was-traditional-and-l… ∗∗∗ IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by Eclipse Jetty vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-netcool-agile-ser… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.01.2019
by Daily end-of-shift report 15 Jan '19

15 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 14-01-2019 18:00 − Dienstag 15-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Schwer ausnutzbar: Die ungefixten Sicherheitslücken ∗∗∗ --------------------------------------------- Sicherheitslücken wie Spectre, Rowhammer und Heist lassen sich kaum vollständig beheben, ohne gravierende Performance-Einbußen zu akzeptieren. Daher bleiben sie ungefixt. Trotzdem werden sie bisher kaum ausgenutzt. --------------------------------------------- https://www.golem.de/news/schwer-ausnutzbar-die-ungefixten-sicherheitslueck… ∗∗∗ Sicherheitslücken: Bauarbeitern die Maschinen weghacken ∗∗∗ --------------------------------------------- Bergbaumaschinen, Kräne und andere Industriegeräte lassen sich fernsteuern oder durch einen DoS-Angriff unbenutzbar machen. Das ist laut einer Studie nicht nur gefährlich, sondern auch vergleichsweise einfach. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-bauarbeitern-die-maschinen-weg… ∗∗∗ Erpressungs-Mail von ‚Anonymer Hacker‘ ignorieren ∗∗∗ --------------------------------------------- Konsument/innen erhalten E-Mails von Kriminellen, die sich als „Anonymer Hacker“ ausgeben. Man erpresst Empfänger/innen damit, dass intimes Videomaterial veröffentlicht wird, wenn keine Bitcoins im Wert von 2000 Euro überwiesen werden. Wer die Nachricht empfangen hat, darf nichts bezahlen und kann sie getrost ignorieren, denn ein Masturbationsvideo existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/erpressungs-mail-von-anonymer-hacker… ∗∗∗ Kein Geld an Credit Management Europe zahlen ∗∗∗ --------------------------------------------- Credit Management Europe versendet eine Zahlungsaufforderung in Höhe von 292,13 Euro an Unternehmen. Darin heißt es, dass Empfänger/innen eine offene Rechnung bei Internet Domain Services Austria (IDSA) haben. Bezahlen Empfänger/innen diese nicht, kommt es zur Einleitung rechtlicher Schritte. Unternehmen können die Androhung ignorieren und müssen keine Zahlung leisten, denn das Schreiben ist betrügerisch. --------------------------------------------- https://www.watchlist-internet.at/news/kein-geld-an-credit-management-europ… ∗∗∗ Gefälschte DHL Express-Mail enthält Schadsoftware ∗∗∗ --------------------------------------------- Internetnutzer/innen erhalten gefälschte Nachrichten vom DHL-Kundendienst. Darin werden sie über einen angeblichen Lieferversuch benachrichtigt und aufgefordert einen Dateianhang zu öffnen. Achtung: Der Inhalt ist frei erfunden und der Anhang darf nicht geöffnet werden. Er enthält Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-dhl-express-mail-enthael… ===================== = Vulnerabilities = ===================== ∗∗∗ OpenSSH & Putty: Sicherheitlücke in SCP ermöglicht Dateiaustausch ∗∗∗ --------------------------------------------- Ein bösartiger Server kann Dateien austauschen, die mittels SCP über SSH heruntergeladen werden - im schlimmsten Fall Schadcode. Die insgesamt fünf Sicherheitslücken klaffen in den aktuellen Versionen von OpenSSH, Putty und WinSCP. --------------------------------------------- https://www.golem.de/news/openssh-putty-sicherheitluecke-in-scp-ermoeglicht… ∗∗∗ [20190104] - Core - Stored XSS issue in the Global Configuration help url ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-i… ∗∗∗ [20190103] - Core - Stored XSS issue in the Global Configuration textfilter settings ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-i… ∗∗∗ [20190102] - Core - Stored XSS in com_contact ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate escaping in com_contact leads to a stored XSS vulnerability Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-i… ∗∗∗ [20190101] - Core - Stored XSS in mod_banners ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate escaping in mod_banners leads to a stored XSS vulnerability. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/760-20190101-core-stored-xss-i… ∗∗∗ Sicherheitsforscher brechen aus Docker-Container aus ∗∗∗ --------------------------------------------- Forschern ist es gelungen, aus einem Container der Docker-Testumgebung "Play with Docker" auf das darunterliegende System zuzugreifen und Code auszuführen. --------------------------------------------- http://heise.de/-4276108 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (irssi and systemd), CentOS (systemd), Debian (xen and zeromq3), Fedora (gnutls, kernel, kernel-headers, kernel-tools, and nbdkit), Oracle (libvncserver and systemd), Red Hat (libvncserver), and Ubuntu (haproxy, libarchive, and php-pear). --------------------------------------------- https://lwn.net/Articles/776771/ ∗∗∗ Synology-SA-19:04 Calendar ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Calendar. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_04 ∗∗∗ Synology-SA-19:03 Surveillance Station ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Surveillance Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_03 ∗∗∗ Synology-SA-19:02 VS960HD ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of VS960HD. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_02 ∗∗∗ Vuln: Identicard Premisys Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106552 ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Asset Analyzer (RAA) is affected by an Apache CXF vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-asset-analyzer-raa-is… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities affect IBM Sterling External Authentication Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.01.2019
by Daily end-of-shift report 14 Jan '19

14 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 11-01-2019 18:00 − Montag 14-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Nicht bestellen auf thaisawadee.de ∗∗∗ --------------------------------------------- Auf thaisawadee.de werden Konsument/innen asiatische Kunst, Schmuck, Spezialitäten und Salben angeboten. Der Shop hat seinen Sitz in Thailand und eine Bezahlung ist nur per Vorkasse möglich. Berichten zufolge bleibt die Lieferung häufig aus und bezahltes Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bestellen-auf-thaisawadeede/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (python-django and python2-django), Debian (sqlite3, systemd, and vlc), Fedora (mingw-nettle and polkit), Mageia (graphicsmagick, python-django, spice-vdagent, and to), openSUSE (aria2, discount, gpg2, GraphicsMagick, gthumb, haproxy, irssi, java-1_7_0-openjdk, java-1_8_0-openjdk, libgit2, LibVNCServer, and sssd), Red Hat (systemd), Scientific Linux (systemd), Slackware (irssi and zsh), SUSE (LibVNCServer and sssd), and Ubuntu (gnome-bluetooth and systemd). --------------------------------------------- https://lwn.net/Articles/776685/ ∗∗∗ VideoLAN VLC Media Player: Schwachstelle ermöglicht Denial of Service und Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VideoLAN VLC Media Player ausnutzen, um einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0042 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM® SPSS Analytic Server is vulnerable to Cross-Site Scripting (CVE-2018-1772) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spss-analytic-ser… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by WAS is susceptible to TLS downgrade if using FIPS and JVM property if using non WAS keystore/truststore ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.01.2019
by Daily end-of-shift report 11 Jan '19

11 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 10-01-2019 18:00 − Freitag 11-01-2019 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Datenleak - mal ganz ohne Hype ∗∗∗ --------------------------------------------- Datenleak - mal ganz ohne Hype11. Jänner 2019Man hätte sich in den letzten Tagen enorm anstrengen müssen, um der Berichterstattung zu dem vor knapp einer Woche in Deutschland bekannt gewordenen Datenleak zu entgehen.Um es trotzdem nochmal kurz zusammenzufassen: Unbekannte Täter veröffentlichten im Laufe des Dezembers Dokumente und persönliche Informationen hunderter deutscher Politiker und anderer Personen des öffentlichen Lebens in Form eines bizarren --------------------------------------------- http://www.cert.at/services/blog/20190111135415-2348.html ∗∗∗ Vivy & Co.: Gesundheitsapps kranken an der Sicherheit ∗∗∗ --------------------------------------------- Mit Sicherheitsversprechen geizen die Hersteller von Gesundheitsapps wahrlich nicht. Doch wie ist es wirklich darum bestellt? (Medizin, Gesundheitskarte) --------------------------------------------- https://www.golem.de/news/vivy-co-gesundheitsapps-kranken-an-der-sicherheit… ∗∗∗ Using Wireshark – Display Filter Expressions ∗∗∗ --------------------------------------------- As a Threat Intelligence Analyst for Palo Alto Networks Unit 42, I often use Wireshark to review packet captures (pcaps) of network traffic generated by malware samples. To better accomplish this work, I use a customized Wireshark column display as described my previous blog about using Wireshark. Today’s post provides more tips for analysts toThe post Using Wireshark – Display Filter Expressions appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressi… ∗∗∗ Windows 10 Experts Guide: Everything you need to know about BitLocker ∗∗∗ --------------------------------------------- Encrypting every bit of data on a Windows 10 PC is a crucial security precaution. Every edition of Windows 10 includes strong encryption options, with business editions having the best set of management tools. Heres a hands-on guide. --------------------------------------------- https://www.zdnet.com/article/windows-10-experts-guide-everything-you-need-… ===================== = Vulnerabilities = ===================== ∗∗∗ Emerson DeltaV ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an authentication bypass vulnerability in Emersons DeltaV distributed control system workstation products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01 ∗∗∗ Omron CX-One CX-Protocol ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a type confusion vulnerability in Omrons CX-Protocol within the CX-One software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-02 ∗∗∗ Pilz PNOZmulti Configurator ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a clear-text storage of sensitive information vulnerability in the Pilz PNOZmulti Configurator, a safety circuit configuration tool. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03 ∗∗∗ Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 ∗∗∗ --------------------------------------------- This advisory was originally posted to the HSIN ICS-CERT library on November 29, 2018, and is now being released to the NCCIC/ICS-CERT website. This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in the Tridium Niagara Enterprise Security, the Niagara AX, and the Niagara 4 products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02 ∗∗∗ USN-3855-1: systemd vulnerabilities ∗∗∗ --------------------------------------------- systemd vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 18.10Ubuntu 18.04 LTSUbuntu 16.04 LTSSummarySeveral security issues were fixed in systemd.Software Descriptionsystemd - system and service managerDetailsIt was discovered that systemd-journald allocated variable-length buffersfor certain message fields on the stack. A local attacker couldpotentially exploit this to cause a denial of service, or executearbitrary code. --------------------------------------------- https://usn.ubuntu.com/3855-1/ ∗∗∗ Sicherheitslücken (teils kritisch) in Juniper ATP, Junos OS und Space OS Software - Patches verfügbar ∗∗∗ --------------------------------------------- Sicherheitslücken (teils kritisch) in Juniper ATP, Junos OS und Space OS Software - Patches verfügbar 11. Jänner 2019 Beschreibung Der Netzwerkausrüster Juniper hat mehrere Security Advisories zu teils kritischen Sicherheitslücken in Juniper Space OS, Junos OS und ATP Software veröffentlicht. Zwei der Schwachstellen in Juniper ATP werden mit dem höchstmöglichen CVSS3 Score von 10 als kritisch eingestuft: CVE-2019-0020, CVE-2019-0022 [...] --------------------------------------------- http://www.cert.at/warnings/all/20190111.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (systemd and wireshark-cli), Debian (libsndfile and tmpreaper), Fedora (beep, electrum, gnutls, haproxy, krb5, mupdf, php-horde-Horde-Image, python-django, and wget), Mageia (libarchive and terminology), openSUSE (libraw, polkit, and singularity), SUSE (haproxy, java-1_8_0-openjdk, LibVNCServer, and webkit2gtk3), and Ubuntu (exiv2, gnupg2, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/776518/ ∗∗∗ ZDI-19-013: (0day) Microsoft Windows vcf File Insufficient UI Warning Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-013/ ∗∗∗ Format String Vulnerability in SSH username ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-018 ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by an IBM WebSphere Application Server vulnerability(CVE-2017-1788) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by multiple vulnerabilities (CVE-2018-1956, CVE-2018-1969, CVE-2018-1967 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1904) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-remote-code… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.01.2019
by Daily end-of-shift report 10 Jan '19

10 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-01-2019 18:00 − Donnerstag 10-01-2019 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ WordPress-Related Vulnerabilities Tripled in 2018 ∗∗∗ --------------------------------------------- WordPress-related vulnerabilities have seen a 300% increase in 2018 compared to the previous year, a recent study has found. Most of the bugs were in the plugins that extend the functionality of WordPress websites. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-related-vulnerabil… ∗∗∗ Global DNS Hijacking Campaign: DNS Record Manipulation at Scale ∗∗∗ --------------------------------------------- Introduction FireEye’s Mandiant Incident Response and Intelligence teams have identified a wave of DNS hijacking that has affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-ca… ∗∗∗ North Korea APT(?) and recent Ryuk Ransomware attacks ∗∗∗ --------------------------------------------- Our Threat Intelligence team has been tracking the Emotet botnet throughout 2018. In our previous post we reported a large scale Emotet campaign focused on e-mail content exfiltration.Today, we review the evidence gathered from our Telltale Threat Intelligence Service, which suggests the involvement of Emotet as the delivery mechanism for the latest wave of Ryuk ransomware attacks being dubbed as North Korean state-sponsored cyber-attacks.The evidence from the dataset completes the missing --------------------------------------------- https://blog.kryptoslogic.com/malware/2019/01/10/dprk-emotet.html ∗∗∗ E-Mail von mir selbst-erklärt ∗∗∗ --------------------------------------------- Sie erhalten vermeintlich von sich selbst eine E-Mail und fragen sich, wie das möglich ist? Die Antwort darauf ist, dass Kriminelle eine E-Mail so verändern können, dass die Absender/innen- mit der Empfänger/innen-Adresse ident ist. Das bedeutet jedoch nicht, dass Unbekannte Zugriff auf Ihr Konto haben und über dieses betrügerische Nachrichten an Sie versenden. --------------------------------------------- https://www.watchlist-internet.at/news/erklaerung-fuer-e-mail-von-mir-selbs… ∗∗∗ Gehälter durch Datenklau bei Wohnungssuche gestohlen! ∗∗∗ --------------------------------------------- Konsument/innen, die auf Mietwohnungssuche sind, stoßen mitunter auf gefälschte Wohnungsinserate. Bei Interesse an einer Immobilie senden sie, wie üblich, ihre Gehaltsabrechnungen der letzten Monate an die angeblichen Vermieter/innen. Kriminelle nutzen die Daten, um die Arbeitgeber/innen der Wohnungssuchenden über einen Kontowechsel zu informieren und Gehälter abzuzweigen! --------------------------------------------- https://www.watchlist-internet.at/news/gehaelter-durch-datenklau-bei-wohnun… ===================== = Vulnerabilities = ===================== ∗∗∗ Phone Field - Critical - SQL Injection - SA-CONTRIB-2019-001 ∗∗∗ --------------------------------------------- Description: This module provides a phone field for Drupal 7 that supports the HTML5 tel:-schema. In an API function that is not used by the module, the name for the phone field is not sufficiently sanitised when using it in database queries. This vulnerability is mitigated by the fact that it affects an unused function. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-001 ∗∗∗ Sicherheitslücken mit Höchstwertung in Juniper ATP ∗∗∗ --------------------------------------------- Angreifer könnten mit vergleichsweise wenig Aufwand die volle Kontrolle über das Schutzprodukt Advanced Threat Prevention (ATP) übernehmen. Darüber hinaus sind verschiedene Versionen des Betriebssystems Junos OS und die Management-Plattform für Netzwerke Junos Space angreifbar. Zwei Lücken (CVE-2019-0022, CVE-2019-0025) sind mit dem höchstmöglichen CVSS 3 Score 10 von 10 eingestuft. --------------------------------------------- http://heise.de/-4271009 ∗∗∗ Multiple Vulnerabilities in Cisco VOIP Phones, e.g. models 88XX ∗∗∗ --------------------------------------------- SEC Consult was able to identify a JavaScript like code injection in the Cisco VoIP Phone 8800 Series via the built-in T9 keyboard. Moreover, multiple outdated libraries and hard coded credentials got identified by conducting a static firmware analysis using the IoT Inspector platform. Patches are already available by Cisco. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/vulnerabilities-in-cisco-voi… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libcaca), Fedora (beep and libgxps), Mageia (krb5, live, ffmpeg, mplayer, and vlc, and mbedtls), SUSE (helm-mirror, java-1_7_0-openjdk, and systemd), and Ubuntu (nss and python-django). --------------------------------------------- https://lwn.net/Articles/776397/ ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.01.2019
by Daily end-of-shift report 09 Jan '19

09 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-01-2019 18:00 − Mittwoch 09-01-2019 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Face Unlock: 42 von 110 Handys lassen sich mit Portrait-Fotos austricksen ∗∗∗ --------------------------------------------- Im Test einer NGO ließen sich alle Handys von Nokia und Sony mit Portrait-Fotos entsperren. Die Bilanz anderer Hersteller ist mit einer Ausnahme durchwachsen. --------------------------------------------- http://heise.de/-4269897 ∗∗∗ Gefälschte card complete Sicherheits-App enthält Schadsoftware ∗∗∗ --------------------------------------------- Internetnutzer/innen finden gefälschte card complete Nachrichten in ihrem Posteingang. Darin behaupten die kriminellen Versender/innen, dass eine Sicherheits-App am Mobiltelefon installiert werden muss, damit die Kreditkarte weiterhin genutzt werden kann. Die App darf nicht heruntergeladen werden, denn sie enthält Schadsoftware! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-card-complete-sicherheit… ===================== = Vulnerabilities = ===================== ∗∗∗ Schneider Electric Zelio Soft 2 ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a use after free vulnerability in Schneider Electrics Zelio Soft 2 programming platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-008-01 ∗∗∗ Schneider Electric IIoT Monitor ∗∗∗ --------------------------------------------- This advisory includes mitigations for path traversal, unrestricted upload of file with dangerous type, and XXE vulnerabilities in the Schneider Electric IIoT Monitor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-008-02 ∗∗∗ Intel Patches High-Severity Privilege-Escalation Bugs ∗∗∗ --------------------------------------------- Overall, the chip giant patched five vulnerabilities across an array of its products. --------------------------------------------- https://threatpost.com/intel-patches-privilege-escalation-bugs/140665/ ∗∗∗ Patchday: Fast nur "wichtige" Sicherheitsupdates für Windows & Co. ∗∗∗ --------------------------------------------- Microsoft kümmert sich um Software-Schwachstellen in unter anderem Windows. Nutzer sollten eine baldige Installation der Updates sicherstellen. --------------------------------------------- http://heise.de/-4269105 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (elfutils, polkit, and tar), Debian (python-django and ruby-loofah), and Mageia (ansible, avidemux, coreutils, discount, nettle, openafs, opensc, and qtbase5). --------------------------------------------- https://lwn.net/Articles/776310/ ∗∗∗ Cisco Content Security Management Appliance Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco ASR 900 Series Aggregation Services Router Software Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Business Suite Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Password Recovery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Two Vulnerabilities in Huawei PCManager Porduct ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-… ∗∗∗ Security Advisory - Use After Free Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by an httpclient package in WAS internally Vulnerability(CVE-2012-5783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.01.2019
by Daily end-of-shift report 08 Jan '19

08 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 07-01-2019 18:00 − Dienstag 08-01-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Digging Up the Past: Windows Registry Forensics Revisited ∗∗∗ --------------------------------------------- Introduction FireEye consultants frequently utilize Windows registry data when performing forensic analysis of computer networks as part of incident response and compromise assessment missions. This can be useful to discover malicious activity and to determine what data may have been stolen from a network. Many different types of data are present in the registry that can provide evidence of program execution, application settings, malware persistence, and other valuable artifacts. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-win… ∗∗∗ Software auf vielen Routern nutzt etablierte Sicherheitsmechanismen nicht ∗∗∗ --------------------------------------------- Sicherheitsforscher von Cyber-ITL haben sich die Software auf 28 Router mit ARM- und MIPS-Architektur für den Heimgebrauch angeschaut und herausgefunden, dass viele Modelle ihr Sicherheitspotenzial nicht ausschöpfen: Viele Firmware-Versionen setzen in der Linux-Basis eigentlich vorhandene Sicherheitsmechanismen wie Address Space Layout Randomization (ASLR) und Data Execution Prevention (DEP) nicht ein. --------------------------------------------- http://heise.de/-4268046 ∗∗∗ Bitcoin-Erpressung mit Masturbationsvideo ∗∗∗ --------------------------------------------- Internet-User/innen finden E-Mails mit dem Betreff „Hohe Gefahr. Konto wurde angegriffen.“ in ihrem Posteingang. Die Versandadresse entspricht fälschlicherweise der Empfangsadresse. Eine angebliche Hacker/in droht damit, ein Selbstbefriedigungs-Video der Empfänger/in zu veröffentlichen. Der geforderte Bitcoin-Betrag darf nicht bezahlt werden, denn das Video existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressung-mit-masturbations… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB19-01), Adobe Connect (APSB19-05) and Adobe Digital Editions (APSB19-04). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1685 ∗∗∗ Google Android: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen. Als Folge kann der Angreifer die Kontrolle über das Gerät übernehmen, Daten ausspionieren, das Gerät zum Absturz bringen oder unbrauchbar machen. Zur erfolgreichen Ausnutzung der Schwachstellen genügt es, eine manipulierte App zu öffnen oder einen Link anzutippen, der zu einer bösartigen Software führt. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/01/warn… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libav), Fedora (krb5), Red Hat (source-to-image), and SUSE (gpg2, libgit2, and libsoup). --------------------------------------------- https://lwn.net/Articles/776215/ ∗∗∗ SAP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in verschiedenen SAP Produkten ausnutzen, um dadurch die Vertraulichkeit, Verfügbarkeit und die Integrität der Anwendung zu gefährden. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0012 ∗∗∗ VU#317277: Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/317277 ∗∗∗ Vulnerability in Java Deserialization Affecting Cisco Products ∗∗∗ --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ SIP User Directory Information Disclosure ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5741 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities affect IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ SSA-180635 (Last Update: 2019-01-08): Denial-of-Service Vulnerabilities in S7-1500 CPU ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf ∗∗∗ SSA-293562 (Last Update: 2019-01-08): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf ∗∗∗ SSA-306710 (Last Update: 2019-01-08): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf ∗∗∗ SSA-559174 (Last Update: 2019-01-08): Multiple Vulnerabilities in CP1604 and CP1616 devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf ∗∗∗ SSA-579309 (Last Update: 2019-01-08): Denial-of-Service in SICAM A8000 Series ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf ∗∗∗ SSA-325546 (Last Update: 2019-01-08): Denial-of-Service Vulnerabilities in EN100 Ethernet Communication Module of SWT3000 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf ∗∗∗ Java SE vulnerability CVE-2018-3136 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16940442 ∗∗∗ Java SE vulnerability CVE-2018-3139 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65481741 ∗∗∗ GnuTLS vulnerability CVE-2018-16868 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18955141 ∗∗∗ Nettle vulnerability CVE-2018-16869 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45616155 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.01.2019
by Daily end-of-shift report 07 Jan '19

07 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-01-2019 18:00 − Montag 07-01-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Betrügerische Mails versprechen Millionen ∗∗∗ --------------------------------------------- Immer wieder erhalten Internetnutzer/innen E-Mails, die schnelles Geld in Form von Erbschaften, Spenden und Geschenken in Millionenhöhe versprechen. Im konkreten Fall hat der Absender angeblich 533 Millionen US-Dollar gewonnen und möchte zwei Millionen davon an die Empfänger/in spenden. Damit die Konsument/innen das Geld erhalten, sollen sie Vorauszahlungen leisten. Wer dies tut, verliert Geld und persönliche Daten an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-mails-versprechen-mil… ∗∗∗ Warnung vor monaco-modding.com ∗∗∗ --------------------------------------------- Der Anbieter monaco-modding.com bezeichnet sich als Deutschland schnellsten Moddingservice. Er bietet Kund/innen Unlock Alls für GTA 5, Skins für Fortnite, Eingabekeys für Black Ops 4 oder Red Dead Redemption 2 sowie günstige Netflix- und Spotify-Accounts an. Von einer Bestellung auf monaco-modding.com ist dringend abzuraten, denn der Anbieter liefert keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-monaco-moddingcom/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Mit Skype Android-PIN umgehen ∗∗∗ --------------------------------------------- Mit einem einfachen Skype-Anruf lassen sich trotz PIN-Sperre Fotos, Kontakte und mehr auf einem Android-Smartphone einsehen. Ein Update wurde veröffentlicht, steht aber noch nicht für alle Geräte zur Verfügung. (Android, Skype) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-mit-skype-android-pin-umgehen-1… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (keepalived), Debian (python-django), Fedora (tcpreplay), Mageia (apache-commons-compress, aubio, dcraw, freerdp, imagemagick, ldb, talloc, samba, libao, libextractor, libgxps, libpgf, openjpeg2, pdns, pdns-recursor, php-phpmailer, plexus-archiver, units, wget, and xmlrpc), Oracle (keepalived and kernel), and SUSE (polkit and xen). --------------------------------------------- https://lwn.net/Articles/776162/ ∗∗∗ IBM Security Bulletin: API Connect is affected by a vulnerability in the role-based access control (CVE-2018-1932) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-affect… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpComponents HttpClient ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache Apache Commons BeanUtils (CVE-2014-0114) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Dojo Toolkit (CVE-2018-15494) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2018-1918) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ Java SE vulnerabilities CVE-2018-3149, CVE-2018-3169, and CVE-2018-3209 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K50394032 ∗∗∗ Java SE vulnerability CVE-2018-3180 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30503705 ∗∗∗ Java SE vulnerability CVE-2018-3214 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K86075480 ∗∗∗ TLS in Mozilla NSS vulnerability CVE-2018-12404 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10281096 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.01.2019
by Daily end-of-shift report 04 Jan '19

04 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-01-2019 18:00 − Freitag 04-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Open redirects - the vulnerability class no one but attackers cares about ∗∗∗ --------------------------------------------- Open redirects is an underrated bug class that is often considered a non-vulnerability. In certain cases it could lead to Windows credential stealing, javascript execution and in the best case it can only be used in phishing attacks, malicious redirecting and damaging the brand off the vulnerable company. --------------------------------------------- https://stevetabernacle.github.io/blog/open-redirects-the-vulnerability-cla… ∗∗∗ OWASP Top 10 Security Risks – Part IV ∗∗∗ --------------------------------------------- To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. --------------------------------------------- https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-iv.html ∗∗∗ Phishing template uses fake fonts to decode content and evade detection ∗∗∗ --------------------------------------------- Proofpoint researchers recently observed a phishing kit with peculiar encoding utilized in a credential harvesting scheme impersonating a major retail bank. While encoded source code and various obfuscation mechanisms have been well documented in phishing kits, this technique appears to be unique for the time being in its use of web fonts to implement the encoding. --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fa… ∗∗∗ Sicherheitsupdates: Zwei kritische Lücken in Adobe Acrobat und Reader ∗∗∗ --------------------------------------------- Adobe patcht seine PDF-Anwendungen außer der Reihe. Über ein Schlupfloch könnten Angreifer Schadcode ausführen. --------------------------------------------- http://heise.de/-4265230 ===================== = Vulnerabilities = ===================== ∗∗∗ Schneider Electric Pro-face GP-Pro EX ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper input validation vulnerability in Schneider Electrics Pro-face GP-Pro EX, an HMI screen editor and logic programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01 ∗∗∗ Yokogawa Vnet/IP Open Communication Driver ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a resource management error vulnerability in Yokogawas Vnet/IP open communication driver. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-02 ∗∗∗ Hetronic Nova-M ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an authentication bypass by capture-relay vulnerability in Hetronics Nova-M remote control transmitters and receivers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (wget), Oracle (kernel), Red Hat (keepalived), Scientific Linux (keepalived), and SUSE (GraphicsMagick and mailman). --------------------------------------------- https://lwn.net/Articles/776019/ ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0007 ∗∗∗ Foxit Reader und Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0006 ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where the use of Local Read Only Cache (LROC) may result in directory corruption and undetected data corruption in regular files. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-has-b… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale (CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. IBM Rational Service Tester is affected by this vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-eclipse-jetty-is-vuln… ∗∗∗ IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. IBM Rational Performance Tester is affected by this vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-eclipse-jetty-is-vuln… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-1677) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by glibc vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by weak cryptographic algorithms (CVE-2018-1665) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a man in the middle vulnerability (CVE-2018-1663) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a XML External Entity Injection (XXE) vulnerability (CVE-2018-1669) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.01.2019
by Daily end-of-shift report 03 Jan '19

03 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-01-2019 18:00 − Donnerstag 03-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ NRSMiner updates to newer version ∗∗∗ --------------------------------------------- More than a year after the world first saw the Eternal Blue exploit in action during the May 2017 WannaCry outbreak, we are still seeing unpatched machines in Asia being infected by malware that uses the exploit to spread. Starting in mid-November 2018, our telemetry reports indicate that the newest version of the NRSMiner cryptominer, [...] --------------------------------------------- https://labsblog.f-secure.com/2019/01/03/nrsminer-updates-to-newer-version/ ∗∗∗ Malicious Script Leaking Data via FTP ∗∗∗ --------------------------------------------- The last day of 2018, I found an interesting Windows cmd script which was uploaded from India (SHA256: dff5fe50aae9268ae43b76729e7bb966ff4ab2be1bd940515cbfc0f0ac6b65ef) with a very low VT score. The script is not obfuscated and contains a long list of commands based on standard Windows tools. --------------------------------------------- https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/244… ∗∗∗ Vulnerability Spotlight: Multiple privilege escalation vulnerabilities in CleanMyMac X ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing several vulnerabilities in MacPaws CleanMyMac X software. CleanMyMac X is a cleanup application for Mac operating systems that allows users to free up extra space on their machines by scanning for unused or unnecessary files and deleting them. In all of these bugs, an attacker with local access to the victim machine could modify the file system as root. --------------------------------------------- https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-CleanMyM… ∗∗∗ CastHack: Zehntausende Chromecast-Adapter spielten plötzlich Youtube-Video ab ∗∗∗ --------------------------------------------- Gutmütige Hacker zeigen, dass Googles Chromecast oft über das Internet erreichbar ist. Das ist ein generelles Problem und durchaus gefährlich. --------------------------------------------- http://heise.de/-4263887 ∗∗∗ Unterkunft nicht auf bookingsallgala.com buchen! ∗∗∗ --------------------------------------------- Auf bookinsallgala.com finden Sie Unterkünfte und Hotels rund um die Welt. Eine Buchung sollten Sie hier aber auf keinen Fall abschließen, denn die Seite wird von Kriminellen betrieben! Während Geld von Ihrer Kreditkarte abgebucht wird, erreicht Ihre Reservierung nie das Hotel und Sie erhalten die bezahlte Leistung nicht. --------------------------------------------- https://www.watchlist-internet.at/news/unterkunft-nicht-auf-bookingsallgala… ∗∗∗ Betrugsgefahren beim Privateinkauf ∗∗∗ --------------------------------------------- Personen, die über Kleinanzeigen-Plattformen Produkte kaufen, können an Kriminelle geraten. Sie verlangen eine Bezahlung der Ware im Voraus oder einen Identitätsnachweis zu ihrer Sicherheit. Ihre Ware liefern sie jedoch nicht, weshalb Opfer ihr Geld und ihre Identität an Kriminelle verlieren. Die Watchlist Internet zeigt Ihnen bekannte Betrugsformen beim Privateinkauf, damit Sie sicher auf Kleinanzeigen-Plattformen einkaufen können. --------------------------------------------- https://www.watchlist-internet.at/news/betrugsgefahren-beim-privateinkauf/ ∗∗∗ Gefälschte Billa-Gewinn-SMS im Umlauf! ∗∗∗ --------------------------------------------- Erneut haben Betrüger/innen eine gefälschte Gewinn-SMS von Billa in Umlauf gebracht. Personen, die der Nachricht Glauben schenken, dem Link in der SMS folgen und die Umfrage beantworten, sollen zwei Euro per Kreditkarte zahlen, um ein iPhone XS mit 256 GB geschenkt zu bekommen. Wer das macht, tappt in eine Abo-Falle und erhält kein iPhone XS. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-billa-gewinn-sms-im-umla… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB19-02) ∗∗∗ --------------------------------------------- Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB19-02). The updates referenced in the bulletin address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1682 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jasper, libdatetime-timezone-perl, qtbase-opensource-src, thunderbird, and tzdata), Red Hat (rh-perl524-perl), and SUSE (libraw, polkit, and xen). --------------------------------------------- https://lwn.net/Articles/775937/ ∗∗∗ Microsoft Windows 10: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0005 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an OpenSource Apache Struts vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2018-1888. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-access-for-wind… ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is vulnerable to horizontal privilege escalation (CVE-2018-1859) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Apache PDFBox affects IBM Emptoris Contract Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-pdfbox-affects… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerabilities affect Rational Publishing Engine ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by multiple GSKit and OpenSSL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.01.2019
by Daily end-of-shift report 02 Jan '19

02 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 28-12-2018 18:00 − Mittwoch 02-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Windows Zero-Day Bug Allows Overwriting Files with Arbitrary Data ∗∗∗ --------------------------------------------- A security researcher has disclosed exploit code for a fourth zero-day vulnerability in Windows operating system in just as many months. The bug enables overwriting a target file with arbitrary data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-zero-day-bug-allows-… ∗∗∗ How to Decrypt the FilesLocker Ransomware with FilesLockerDecrypter ∗∗∗ --------------------------------------------- On December 29th, an unknown user released the master RSA decryption key for FilesLocker v1 and v2. This allowed Michael Gillespie to release a decryptor for files encrypted by the FilesLocker Ransomware that have the .[fileslocker(a)pm.me] extension appended to file names. --------------------------------------------- https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-fi… ∗∗∗ EU finanziert Bug Bounty für Open-Source-Software wie VLC ∗∗∗ --------------------------------------------- Wer Fehler in Open-Source-Software entdeckt, kann sich ab Jänner von der EU dafür belohnen lassen. --------------------------------------------- https://futurezone.at/netzpolitik/eu-finanziert-bug-bounty-fuer-open-source… ∗∗∗ Sicherheitslücke: DoS-Angriff auf Bluetooth-Chips von Broadcom ∗∗∗ --------------------------------------------- Bluetooth auf einem fremden Smartphone ausknipsen und einen Bluetooth-Lautsprecher zum Schweigen bringen? Mit einer Sicherheitslücke in Bluetooth-Chips von Broadcom ist das möglich. (Bluetooth, CCC) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-dos-angriff-auf-bluetooth-chips… ∗∗∗ Phishing & Co: Immer skeptisch bleiben – sicher unterwegs im vernetzten Büro ∗∗∗ --------------------------------------------- Firmen geraten zunehmend ins Visier von Angreifern. Die IT-Systeme stellen dabei gar nicht die größte Schwachstelle dar. Es sind die Mitarbeiter. --------------------------------------------- http://heise.de/-4260197 ∗∗∗ Vorsicht bei Veröffentlichung und Kauf beim AV Akademikerverlag ∗∗∗ --------------------------------------------- Universitätsabsolvent/innen, die kurz nach Abschluss ihres Studiums überlegen, ihre Bachelor-, Master- oder Doktorarbeiten zu publizieren, ist von einer Veröffentlichung beim AV Akademikerverlag abzuraten. Während die Publikation kostenlos ist, tritt man seine Veröffentlichungsrechte an der Arbeit an einen Verlag ab, der einen zweifelhaften Ruf hat. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-veroeffentlichung-und-k… ∗∗∗ cyber-giant.com ist ein Fake-Shop ∗∗∗ --------------------------------------------- Der Fake-Shop cyber-giant.com bietet günstige Elektroartikel an. Konsument/innen, die bei dem Händler einkaufen, verlieren ihr Geld und ihre Identität an Kriminelle, denn er ist betrügerisch und liefert keine Waren. Das zeigt eine Internetrecherche, ein Preisvergleich und die ausschließliche Möglichkeit, die Ware nur im Voraus zu bezahlen. --------------------------------------------- https://www.watchlist-internet.at/news/cyber-giantcom-ist-ein-fake-shop/ ∗∗∗ DNS-Blacklists und Neujahrsvorsätze ∗∗∗ --------------------------------------------- Die altehrwürdige DNS-Blacklist njabl.org hat 2013 den Betrieb eingestellt. Vor kurzem dürfte nun die Domain den Besitzer gewechselt haben, und wer diese DNSBL noch immer benutzt, bekommt nun auf alle Anfragen ein positives Ergebnis. Mit dem Effekt, dass etliche Mailserver alle eingehende Mail ablehnen. --------------------------------------------- http://www.cert.at/services/blog/20190102135412-2339.html ∗∗∗ Spooked by a speaking security camera? Polite hacker tells owner how to fix his IoT security ∗∗∗ --------------------------------------------- The "white hat" hacker, who claimed to be part of a group calling itself the "Anonymous Calgary Mindhive", said it hadn’t been hard for him to hijack control of a man's Nest security camera. --------------------------------------------- https://hotforsecurity.bitdefender.com/blog/spooked-by-a-speaking-security-… ===================== = Vulnerabilities = ===================== ∗∗∗ [CVE-2018-17191] Apache NetBeans 9.0 Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE) ∗∗∗ --------------------------------------------- To be vulnerable to the issue, the system running NetBeans needs to be configured to use Proxy Auto-Configuration (PAC), NetBeans must be configured to use the system proxy settings and the attacker needs to be able to modify the PAC script. --------------------------------------------- https://seclists.org/oss-sec/2018/q4/275 ∗∗∗ Fehler in Software-Suite gefährdet NAS-Geräte von Synology ∗∗∗ --------------------------------------------- Kritische Sicherheitslücken betreffen Software von Synology und machen Netzwerkspeicher des Herstellers angreifbar. Updates sind verfügbar. --------------------------------------------- http://heise.de/-4261032 ∗∗∗ Synology-SA-19:01 Photo Station ∗∗∗ --------------------------------------------- These vulnerabilities allow remote attackers to execute arbitrary SQL commands and remote authenticated users to upload arbitrary files via a susceptible version of Photo Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_01 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (go, go-pie, and webkit2gtk), Debian (c3p0, debian-security-support, libextractor, and tar), Fedora (electron-cash, leptonica, LibRaw, mingw-leptonica, mingw-openjpeg2, mingw-poppler, nettle, openjpeg2, php-pear, sqlite, and vcftools), Gentoo (GKSu and rust), Mageia (keepalived and libtiff), openSUSE (containerd, docker, go, go, GraphicsMagick, libraw, mozilla-nspr and mozilla-nss, netatalk, polkit, wireshark, and xen), and SUSE (containerd, [...] --------------------------------------------- https://lwn.net/Articles/775790/ ∗∗∗ Security updates for the new year ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (graphicsmagick, poppler, python, and python-lxml) and openSUSE (GraphicsMagick). --------------------------------------------- https://lwn.net/Articles/775824/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (thunderbird), Fedora (terminology), openSUSE (GraphicsMagick), and Red Hat (rh-perl526-perl). --------------------------------------------- https://lwn.net/Articles/775852/ ∗∗∗ Vuln: ZTE ZMAX Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106361 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Binutils vulnerabilities CVE-2018-18605, CVE-2018-18606, and CVE-2018-18607 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24353255 ∗∗∗ Binutils vulnerability CVE-2018-17985 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35710418 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.12.2018
by Daily end-of-shift report 28 Dec '18

28 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 27-12-2018 18:00 − Freitag 28-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ BUNDESGESETZBLATT FÜR DIE REPUBLIK ÖSTERREICH ∗∗∗ --------------------------------------------- 111. Bundesgesetz, mit dem das Bundesgesetz zur Gewährleistung eines hohen Sicherheitsniveaus von Netz- und Informationssystemen (Netz- und Informationssystemsicherheitsgesetz – NISG) erlassen und das Telekommunikationsgesetz 2003 geändert wird --------------------------------------------- https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2018_I_111/BGBLA_2018_I_… ∗∗∗ 35C3: Hacker zeigt Schwachstellen in IoT-Netzwerk Sigfox auf ∗∗∗ --------------------------------------------- Die Datenkommunikation über das Sigfox-Funknetz, das auf das Internet der Dinge ausgerichtet ist, lässt sich momentan bei vielen Geräten recht einfach abhören. --------------------------------------------- http://heise.de/-4259662 ∗∗∗ Warnung vor elektro-hilfe.at ∗∗∗ --------------------------------------------- Bei elektro-hilfe.at handelt es sich um einen 24h-Elektriker-Notdienst, der verspricht, Pannen und Schäden die durch Wasserrohrbrüche, verstopfte Leitungen u.Ä. verursacht wurden, zu beheben. Verlockend klingen vor allem auch die günstigen Preise, mit denen auf der Website geworben wird. Der Anbieter ist nicht vertrauenswürdig, denn vor Ort werden überhöhte Preise verrechnet. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-elektro-hilfeat/ ∗∗∗ Hijacking Online Accounts Via Hacked Voicemail Systems ∗∗∗ --------------------------------------------- Proof-of-concept hack of a voicemail systems shows how it can lead to account takeovers multiple online services. --------------------------------------------- https://threatpost.com/hijacking-online-accounts-via-hacked-voicemail-syste… ∗∗∗ Guardzilla Home Cameras Open to Anyone Wanting to Watch Their Footage ∗∗∗ --------------------------------------------- The home surveillance cams have hard-coded credentials. --------------------------------------------- https://threatpost.com/guardzilla-cameras-flaw/140415/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ghostscript, graphicsmagick, libarchive, libsndfile, libvncserver, ruby-sanitize, and wireshark), Fedora (mosquitto and tinc), Mageia (monit, sqlite3, and thunderbird), and SUSE (openssl). --------------------------------------------- https://lwn.net/Articles/775635/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libphp-phpmailer), Fedora (mosquitto and tinc), and Mageia (ruby-i18n and tcpdump). --------------------------------------------- https://lwn.net/Articles/775670/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-open-source-apache-to… ∗∗∗ BIG-IP APM portal access may potentially leak host name information for back-end servers ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31333705 ∗∗∗ BIG-IP APM webtop vulnerability CVE-2018-15334 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K74114570 ∗∗∗ BIG-IP ARM BGP vulnerability CVE-2018-17539 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K17264695 ∗∗∗ The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95010813 ∗∗∗ BIG-IP vulnerability CVE-2018-15333 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K53620021 ∗∗∗ BIG-IP APM OAuth failure response message vulnerability CVE-2018-15335 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K27617652 Next End-of-Day report: 2019-01-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.12.2018
by Daily end-of-shift report 27 Dec '18

27 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 21-12-2018 18:00 − Donnerstag 27-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB19-02) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB19-02) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Thursday, January 03, 2019. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1680 ∗∗∗ 5 Steps to Mitigate Endpoint Security Incidents ∗∗∗ --------------------------------------------- Endpoint security may be the best investment you have ever made. According to a Ponemon survey – The 2017 State of Endpoint Security Risk – the average cost to an organization of attacks that managed to breach endpoint security was $5 million. In this article, we will look at what you need to know about [...] --------------------------------------------- https://resources.infosecinstitute.com/5-steps-to-mitigate-endpoint-securit… ∗∗∗ Warnung vor Auresoil Sensi & Secure ∗∗∗ --------------------------------------------- Auf einem erfundenen österreichischen Medizinportal behaupten Unbekannte, dass es mit Auresoil Sensi & Secure möglich sei, „das Hörvermögen zu 100% wiederherzustellen“. Das Produkt können Interessent/innen um 57 Euro auf bestmarkethub.com/43/auresoil-med/gps erwerben. Davon raten wir ab, denn die medizinische Wirkung von Auresoil Sensi & Secure ist unklar und kann schädlich sein. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-auresoil-sensi-secure/ ∗∗∗ Nicht bei der Knurf GmbH & Co. KG bewerben ∗∗∗ --------------------------------------------- Die betrügerische Knurf GmbH & Co. KG sucht über knurf.net Proband/innen, die Produkte oder Dienstleitungen testen sollen. Die Aufgabe von Interessent/innen besteht letzen Endes darin, dass sie ein Online-Konto eröffnen und ihre Zugangsdaten an das erfundene Unternehmen senden. Damit ist es den Kriminellen möglich, Verbrechen und Geldwäscherei unter dem Namen ihrer Opfer zu begehen. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bei-der-knurf-gmbh-co-kg-bewer… ===================== = Vulnerabilities = ===================== ∗∗∗ spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials ∗∗∗ --------------------------------------------- An authenticated user can visit the page spaces.htm, for example, http://victime_ip/spaces.htm, and obtain clear text password of user admin [...] --------------------------------------------- https://seclists.org/fulldisclosure/2018/Dec/45 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (ghostscript, libarchive, openjpeg2, and sqlite3), Fedora (krb5, mariadb, mariadb-connector-c, mingw-openjpeg2, openjpeg2, phpMyAdmin, python-lxml, spatialite-tools, sqlite, and squid), Mageia (kernel), openSUSE (bluez, git, go1.10, libnettle, libqt5-qtbase, ovmf, pdns, perl, tcpdump, tiff, tryton, and yast2-rmt), Slackware (netatalk), and SUSE (buildah, caasp-cli, caasp-dex, cni-plugins, container-feeder, containerd-kubic, cri-o, [...] --------------------------------------------- https://lwn.net/Articles/775549/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libextractor and nagios3) and Fedora (adplug, mingw-podofo, and podofo). --------------------------------------------- https://lwn.net/Articles/775584/ ∗∗∗ Synology-SA-18:63 DS File ∗∗∗ --------------------------------------------- A vulnerability allows local users to obtain sensitive information via a susceptible version of Android DS File. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_63 ∗∗∗ Synology-SA-18:64 DSM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Diskstation Manager (DSM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_64 ∗∗∗ Synology-SA-18:65 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_65 ∗∗∗ Vuln: McAfee Application and Change Control Multiple Security Bypass Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106282 ∗∗∗ Vuln: Kibana CVE-2018-17246 Local File Include Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106285 ∗∗∗ diverse Router: Schwachstelle ermöglicht Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1200 ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Java runtime environment that IBM provides affect WebSphere eXtreme Scale ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ja… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for PHP (CVE-2018-12882) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Content Classification is affected by IBM SDK, Java Technology Edition Quarterly CPU – Jul 2018 – Includes Oracle Jul 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-classific… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.12.2018
by Daily end-of-shift report 21 Dec '18

21 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 20-12-2018 18:00 − Freitag 21-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fake Amazon Order Confirmations Push Banking Trojans on Holiday Shoppers ∗∗∗ --------------------------------------------- Phishing and malspam campaigns are in high gear for the holidays and a new campaign pretending to be an Amazon order confirmation is particularly dangerous as people shop for holiday gifts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-amazon-order-confirmati… ∗∗∗ Warnung vor Phishing-Mails mit Adresse help(a)orf.at ∗∗∗ --------------------------------------------- Seit einigen Stunden sind Phishing-Mails in Umlauf, die als Reply-Adresse help(a)orf.at eingetragen haben. ORF.at weist ausdrücklich darauf hin, dass von der Konsumentenredaktion des ORF-Radio keinerlei Mails ausgeschickt werden und warnt davor, solche Mails zu öffnen. --------------------------------------------- https://orf.at/stories/3105176 ∗∗∗ Betrügerische WhatsApp-Nachrichten beim Privatverkauf ∗∗∗ --------------------------------------------- Privatverkäufer/innen erhalten von einer Nummer mit der Vorwahl „+1“ eine WhatsApp-Nachricht. Darin erkundigen sich Kriminelle nach dem Produktpreis und schlagen die Kaufabwicklung mit der EMS Shipping Company vor. Sie bestätigt einen überhöhten Zahlungseingang. Verkäufer/innen sollen den Differenzbetrag und die Ware ins Ausland senden. Dadurch verlieren sie beides. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-whatsapp-nachrichten-… ===================== = Vulnerabilities = ===================== ∗∗∗ Horner Automation Cscape ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper input validation vulnerability in Horner Automation’s Cscape, a Control System Application programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-354-01 ∗∗∗ Schneider Electric EcoStruxure ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an open redirect vulnerability in Schneider Electric’s EcoStruxure, an IoT-enabled architecture and platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-354-02 ∗∗∗ JSON:API - Moderately critical - Access bypass - SA-CONTRIB-2018-081 ∗∗∗ --------------------------------------------- Project: JSON:APIDate: 2018-December-19Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module provides a JSON:API specification-compliant HTTP API for accessing and manipulating Drupal content and configuration entities.The module doesnt sufficiently check access when responding to certain filtered collection requests, thereby causing an access bypass vulnerability. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-081 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libapache-mod-jk, libav, and netatalk), Fedora (kernel-headers, kernel-tools, and phpMyAdmin), Gentoo (go), Mageia (netty, jctools, php, and phpmyadmin), openSUSE (keepalived), Scientific Linux (ntp), SUSE (enigmail, libqt5-qtbase, mariadb, netatalk, and yast2-rmt), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-hwe, linux-aws-hwe, [...] --------------------------------------------- https://lwn.net/Articles/775420/ ∗∗∗ Synology-SA-18:62 Netatalk ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Diskstation Manager (DSM) and Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_62 ∗∗∗ Vuln: Ghostscript CVE-2018-19134 Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106278 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect API Connect ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: a CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis known as Variant 4 or SpectreNG vulnerability affects IBM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-cpu-hardware-utiliz… ∗∗∗ December 20, 2018 TNS-2018-17 [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-17 ∗∗∗ TMM vulnerability CVE-2018-15330 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23328310 ∗∗∗ BIG-IP AAM DCDB vulnerability CVE-2018-15331 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54843525 ∗∗∗ TMUI vulnerability CVE-2018-15329 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K61620494 Next End-of-Day report: 2018-12-27 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.12.2018
by Daily end-of-shift report 20 Dec '18

20 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-12-2018 18:00 − Donnerstag 20-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ On VBScript ∗∗∗ --------------------------------------------- Vulnerabilities in the VBScript scripting engine are a well known way to attack Microsoft Windows. In order to reduce this attack surface, in Windows 10 Fall Creators Update, Microsoft disabled VBScript execution in Internet Explorer in the Internet Zone and the Restricted Sites Zone by default. Yet this did not deter attackers .. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/on-vbscript.html ∗∗∗ Rise of the Webminers ∗∗∗ --------------------------------------------- About a year ago webminers began to appear on more and more website. It was popularized by CoinHive and a couple of high-profile scandals revolving around ThePirateBay and Showtime and, in .. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rise-of-the… ∗∗∗ WPA3 WLAN Encryption: All Good Things Come In 3s! ∗∗∗ --------------------------------------------- The current protocol WPA2 (WiFi Protected Access) from 2004 is getting on in years. In early 2018, the WiFi Alliance (WFA) announced an update at the Consumer Electronics Show in Las Vegas. WPA3 is the designated successor, which should eliminate weak points as well as the comfort and the security would clearly increase. In the last .. --------------------------------------------- http://www.ikarussecurity.com/about-ikarus/security-blog/wpa3-wlan-encrypti… ∗∗∗ Kritische Sicherheitslücke in Internet Explorer - Patches verfügbar ∗∗∗ --------------------------------------------- Microsoft hat ausserhalb des monatlichen Patch-Zyklus Updates für den Internet Explorer veröffentlicht, mit denen eine kritische Sicherheitslücke geschlossen wird. Diese Schwachstelle soll bereits aktiv .. --------------------------------------------- http://www.cert.at/warnings/all/20181219.html ∗∗∗ sgifashop.com ist unseriös ∗∗∗ --------------------------------------------- Der Online-Shop sgifashop.com ist mit seinem Sortiment sehr breit aufgestellt, so ist auch bestimmt für Sie das gewünschte Produkt dabei. Der Alleskönner ist jedoch betrügerisch und liefert .. --------------------------------------------- https://www.watchlist-internet.at/news/sgifashopcom-ist-unserioes/ ∗∗∗ Researcher publishes PoC for new Windows zero-day ∗∗∗ --------------------------------------------- This is the third Windows zero-day the researcher dumps online in the last five months. --------------------------------------------- https://www.zdnet.com/article/researcher-publishes-poc-for-new-windows-zero… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4355 openssl1.0 - security update ∗∗∗ --------------------------------------------- Several local side channel attacks and a denial of service via largeDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. --------------------------------------------- https://www.debian.org/security/2018/dsa-4355 ∗∗∗ Vuln: Jenkins Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106176 ∗∗∗ JSON:API - Moderately critical - Access bypass - SA-CONTRIB-2018-081 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-081 ∗∗∗ E-Sign - Moderately critical - Cross site scripting - SA-CONTRIB-2018-080 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-080 ∗∗∗ Security Advisory - MaxAge LSA Vulnerability in OSPF Protocol of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170720-… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability in IBM Business Automation Workflow (CVE-2018-1849) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ D-LINK Router: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1191 ∗∗∗ FreeBSD OS: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1192 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.12.2018
by Daily end-of-shift report 19 Dec '18

19 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 18-12-2018 18:00 − Mittwoch 19-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Gefälschte Energie AG-Rechnung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden ein gefälschtes Energie AG-Schreiben. Darin behaupten sie, dass Kund/innen ihre aktuelle Rechnung herunterladen und ausdrucken können. Dazu sollen sie eine unbekannte Website aufrufen und eine ZIP-Datei öffnen. Diese verbirgt Schadsoftware. Konsument/innen, die die vermeintliche Rechnung öffnen, installieren diese auf ihrem Computer. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-energie-ag-rechnung-verb… ∗∗∗ Searching statically-linked vulnerable library functions in executable code ∗∗∗ --------------------------------------------- Software supply chains are increasingly complicated, and it can be hard to detect statically-linked copies of vulnerable third-party libraries in executables. This blog post discusses the technical details of an Apache-licensed open-source library to detect code from other open-source libraries in executables, along with some real-world findings of forked open-source libraries in real-world [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/searching-statically-linked-… ∗∗∗ Das letzte Silvester für PHP 5.6 ∗∗∗ --------------------------------------------- PHP 5.6 steht kurz vor dem Ende seiner Lebenszeit. Mit 31.12.2018 endet der Security-Support für die letzte Version der PHP 5 Familie, ab dann wird nur noch PHP 7 weiterentwickelt. Das bedeutet, dass ab dem Jahreswechsel neu entdeckte Sicherheitslücken in PHP 5.6 Upstream nicht mehr gepatcht werden. Die uns zur Verfügung stehenden Daten von Shodan zeigen, dass derzeit die Mehrheit der Server in Österreich noch PHP 5 im [...] --------------------------------------------- http://www.cert.at/services/blog/20181219120223-2326.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript), Fedora (ansible and wireshark), openSUSE (go1.11, pdns, and pdns-recursor), Oracle (firefox), Red Hat (java-1.8.0-ibm), Scientific Linux (firefox), and SUSE (crash, libqt5-qtbase, perl, and qemu). --------------------------------------------- https://lwn.net/Articles/775230/ ∗∗∗ Advantech WebAccess/SCADA ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper input validation vulnerability identified in Advantechs WebAccess/SCADA software platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02 ∗∗∗ 3S-Smart Software Solutions GmbH CODESYS Control V3 Products ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper access control vulnerability identified in the 3S-Smart Software Solutions CODESYS Control V3 products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03 ∗∗∗ 3S-Smart Software Solutions GmbH CODESYS V3 Products ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for use of insufficiently random values and improper restriction of communication channel to intended endpoints vulnerabilities identified in the 3S-Smart Software Solutions GmbH CODESYS V3 products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 ∗∗∗ BSRT-2018-005 Vulnerabilities in Management Console Impact Affected Versions of BlackBerry UEM ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN99810718/ ∗∗∗ Vuln: Symfony Local File Include and Open Redirection Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106249 ∗∗∗ Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Notice - Statement on Information Leak Vulnerability in Huawei HG Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20181219-01-… ∗∗∗ IBM Security Bulletin: Privilege Escalation in Notes System Diagnostic Service of both IBM Notes and Domino (CVE-2018-1771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-privilege-escalation-… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a critical privilege escalation vulnerability in Kubernetes (CVE-2018-1002105) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: IBM API Connect V5 – Admin Users Can Elevate Own Permissions (CVE-2018-1973) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-ad… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework (CVE-2018-1784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by authentication bypass vulnerability in LoopBack (CVE-2018-1778) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from Network Time Protocol (NTP) (CVE-2018-12327) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a Denial of Service vulnerability (CVE-2018-1677) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a CSRF vulnerability (CVE-2018-1661) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.12.2018
by Daily end-of-shift report 18 Dec '18

18 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Montag 17-12-2018 18:00 − Dienstag 18-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hidden Code in Memes Instruct Malware via Twitter ∗∗∗ --------------------------------------------- Analysts discover malicious code embedded in tweeted images. --------------------------------------------- https://threatpost.com/hidden-code-in-memes-instruct-malware-via-twitter/14… ∗∗∗ Sneaky phishing campaign beats two-factor authentication ∗∗∗ --------------------------------------------- Protecting an account with multi-factor authentication (MFA) is a no-brainer, but that doesn’t mean every method for doing this is equally secure. --------------------------------------------- https://nakedsecurity.sophos.com/2018/12/18/sneaky-phishing-campaign-beats-… ∗∗∗ Your trust, our signature ∗∗∗ --------------------------------------------- Every organisation, whatever its size, will encounter phishing emails sooner or later. While the number of phishing attacks is increasing every day, the way in which phishing is used within a cyber-attack has not changed: an attacker comes up with a scenario [...] --------------------------------------------- https://blog.fox-it.com/2018/12/18/your-trust-our-signature/ ∗∗∗ Clever SEO Spam Injection ∗∗∗ --------------------------------------------- It's very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I'll be presenting how one particularly ingenious malware manages to hide so well inside a WordPress website. --------------------------------------------- https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html ∗∗∗ Erpressungstrojaner Everbe, Hidden Tear und InsaneCrypt kostenlos entschlüsseln ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher hat für verschiedene Verschlüsselungstrojaner Gratis-Entschlüsselungstools veröffentlicht. --------------------------------------------- http://heise.de/-4254364 ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate, 14.12.18 ∗∗∗ --------------------------------------------- [...] haben wir eine potenzielle Sicherheitsschwachstelle in unserer iCal-Feed-Funktion festgestellt, in dem durch vom Benutzer manuelles Manipulieren von Teilen der Feed-URL es theoretisch möglich gewesen wäre, zufällig auf die iCal-Feeds anderer TimeTac-Benutzer zugreifen zu können. [...] Dieses Problem wurde unmittelbar nach Bekanntwerden durch ein Sicherheitsupdate behoben und bei allen theoretisch betroffenen TimeTac-Kundenkonten ausgerollt. --------------------------------------------- https://support.timetac.com/de/changelog-de/sicherheitsupdate-14-12-18/ ∗∗∗ Razer Cortex Debugger Remote Command Execution ∗∗∗ --------------------------------------------- Razer "Cortex" has CEF debugger stub enabled by default allowing arbitrary remote command execution. I was alerted on... --------------------------------------------- https://cxsecurity.com/issue/WLB-2018120170 ∗∗∗ VMSA-2018-0031 ∗∗∗ --------------------------------------------- vRealize Operations updates address a local privilege escalation vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0031.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libapache-mod-jk and sleuthkit), Fedora (kernel, kernel-headers, mbedtls, php, php-symfony, php-symfony3, php-symfony4, and wireshark), openSUSE (pdns, pdns-recursor, and salt), Oracle (firefox and ghostscript), Red Hat (ansible, firefox, ghostscript, and kernel), Scientific Linux (firefox and ghostscript), and SUSE (ovmf). --------------------------------------------- https://lwn.net/Articles/775172/ ∗∗∗ Synology-SA-18:61 Magellan ∗∗∗ --------------------------------------------- Magellan vulnerability allows remote authenticated users to conduct denial-of-service attacks or possibly execute arbitrary code via a susceptible version of Synology products. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_61 ∗∗∗ libexif: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1182 ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1180 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in curl affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-cu… ∗∗∗ IBM Security Bulletin: Vulnerabilities in krb5 affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-kr… ∗∗∗ IBM Security Bulletin: A vulnerability in git affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-gi… ∗∗∗ IBM Security Bulletin: Vulnerabilities in GnuTLS affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gn… ∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU binutils affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gn… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-py… ∗∗∗ IBM Security Bulletin: A vulnerability in wpa_supplicant affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-wp… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.12.2018
by Daily end-of-shift report 17 Dec '18

17 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-12-2018 18:00 − Montag 17-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Shamoon Disk Wiper Returns with Second Sample Uncovered this Month ∗∗∗ --------------------------------------------- Shamoons comeback early last week was not marked by one, but two occurrences of the data-wiping malware. The second sighting observed a different sample that could indicate a follow-up to the initial attack. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/shamoon-disk-wiper-returns-w… ∗∗∗ Datenbank: Fehler in SQLite ermöglichte Codeausführung ∗∗∗ --------------------------------------------- Anwendungen, die SQLite einsetzen und von außen SQL-Zugriff darauf bieten, sind offenbar von einem Fehler betroffen, der eine beliebige Codeausführung ermöglicht. Dazu gehören unter anderem Browser auf Chromium-Basis, für die inzwischen Updates bereitstehen. (Security, Browser) --------------------------------------------- https://www.golem.de/news/datenbank-fehler-in-sqlite-ermoeglichte-codeausfu… ∗∗∗ Worst passwords list is out, but this time we’re not scolding users ∗∗∗ --------------------------------------------- This is on you, makers of sites and services that allow users to create passwords like "password." You can do better! --------------------------------------------- https://nakedsecurity.sophos.com/2018/12/17/worst-passwords-list-is-out-but… ∗∗∗ The GPS 2019 Week Rollover - What You Need to Know ∗∗∗ --------------------------------------------- The Global Positioning System provides accurate timing information to many of our critical systems - power grid, communications, financial markets, emergency services, and industrial control to name a few. [...] The next time the counter will reach week 1023 and rollover to zero is on April 6, 2019. --------------------------------------------- https://spectracom.com/resources/blog/lisa-perdue/2018/gps-2019-week-rollov… ∗∗∗ Intels NUCs: Viele Mini-PCs mit fehlerhaftem BIOS-Schutz ∗∗∗ --------------------------------------------- Bei einigen Mini-PCs aus Intels NUC-Reihe lässt sich das BIOS mit manipuliertem Code überschreiben, etwa um eine Backdoor einzupflanzen. --------------------------------------------- http://heise.de/-4251738 ∗∗∗ Betrügerische Androhung von Pfändungsterminen ∗∗∗ --------------------------------------------- Konsument/innen erhalten von erfundenen Inkassobüros und Rechtsanwält/innen letzte Zahlungsaufforderungen in Höhe von 479,16 Euro. Darin heißt es, dass es zu einer Pfändung ihrer Wertgegenstände komme, wenn sie den geforderten Geldbetrag nicht bezahlen. Empfänger/innen können das Schreiben ignorieren und müssen keine Überweisung tätigen. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-androhung-von-pfaendu… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (php5, poppler, and samba), Fedora (firefox, mbedtls, nbdkit, pdns-recursor, php, php-symfony, php-symfony3, and php-symfony4), Gentoo (CouchDB, scala, and spamassassin), Mageia (firefox, libwpd, nss, and thunderbird), openSUSE (Chromium, cups, ghostscript, kernel, openvswitch, phpMyAdmin, qemu, and tcpdump), Red Hat (RHGS WA), and SUSE (ansible, openldap2, openvswitch, qemu, and tcpdump). --------------------------------------------- https://lwn.net/Articles/775102/ ∗∗∗ IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gs… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affect multiple IBM Rational products based on IBM Jazz technology Oct 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a vulnerability in WAS liberty. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ IBM Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2018-12327, CVE-2018-7170) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-nt… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerability. (CVE-2018-1667) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1643) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential redirection to external site when using the the IBM Event Streams API (CVE-2018-1833) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-redirection… ∗∗∗ NodeJS vulnerability CVE-2018-12120 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37111863 ∗∗∗ OpenSSL vulnerabilities CVE-2018-0734 and CVE-2018-0735 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43741620 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.12.2018
by Daily end-of-shift report 14 Dec '18

14 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-12-2018 18:00 − Freitag 14-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ The economics of vulnerability disclosure ∗∗∗ --------------------------------------------- A new ENISA report aims to provide a glimpse into the costs, incentives, and impact related to discovering and disclosing vulnerabilities in information security. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/the-economics-of-vulnerability-… ∗∗∗ How to protect yourself as the threat of scam apps grows ∗∗∗ --------------------------------------------- As the threat of bogus apps continues, what can we do to protect ourselves against these fraudulent practices? --------------------------------------------- https://www.welivesecurity.com/2018/12/14/protect-yourself-threat-scam-apps… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry powered by Android Security Bulletin - December 2018 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Logitech Keystroke Injection Flaw Went Unaddressed for Months ∗∗∗ --------------------------------------------- The flaw allows a remote attacker to gain full access over a machine. --------------------------------------------- https://threatpost.com/logitech-keystroke-injection-flaw/139928/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript, git, java-1.7.0-openjdk, java-11-openjdk, kernel, NetworkManager, python-paramiko, ruby, sos-collector, thunderbird, and xorg-x11-server), Debian (gcc-4.9), and SUSE (amanda, ntfs-3g_ntfsprogs, and tiff). --------------------------------------------- https://lwn.net/Articles/774940/ ∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0009 ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE identifiers: CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464. --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0009.html ∗∗∗ QEMU: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in QEMU ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1175 ∗∗∗ Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-347-01 ∗∗∗ Schneider Electric GUIcon Eurotherm ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-01 ∗∗∗ Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-02 ∗∗∗ Geutebrück GmbH E2 Series IP Cameras ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-03 ∗∗∗ GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04 ∗∗∗ Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN87535892/ ∗∗∗ 2018-12-14: Vulnerability in GATE E2 – Cross-site scripting (CVE-2018-18997) ∗∗∗ --------------------------------------------- https://search-ext.abb.com/library/Download.aspx?DocumentID=2CMT2018-005753… ∗∗∗ 2018-12-14: Vulnerability in GATE E2 – No Access Control (CVE-2018-18995) ∗∗∗ --------------------------------------------- https://search-ext.abb.com/library/Download.aspx?DocumentID=2CMT2018-005751… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Guardium (CVE-2016-1181, CVE-2016-1182) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-st… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Cross-Site scripting vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Cross-Site scripting vulnerability in user login vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Foreshadow Spectre Variant vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java affect Rational Build Forge (CVE-2018-1656; CVE-2018-2973; CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a public disclosed vulnerability from Apache ZooKeeper ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.12.2018
by Daily end-of-shift report 13 Dec '18

13 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-12-2018 18:00 − Donnerstag 13-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Captchas are dead...ish. ∗∗∗ --------------------------------------------- According to a recently published research paper, some types of Captchas are now obsolete. The reason: machines have learned to solve those Captchas. --------------------------------------------- https://www.gdatasoftware.com/blog/2018/12/31374-captchas-are-dead-ish ∗∗∗ OWASP Top 10 Security Risks – Part III ∗∗∗ --------------------------------------------- Today, we are going to explore items 5 and 6: broken access control and security misconfigurations. --------------------------------------------- https://blog.sucuri.net/2018/12/owasp-top-10-security-risks-part-iii.html ∗∗∗ Wichtiges Sicherheitsupdate: WordPress 5.0.1 ist da ∗∗∗ --------------------------------------------- Aufgrund von mehreren Sicherheitslücken könnten Angreifer mit WordPress erstellte Websites attackieren. Eine fehlerbereinigte Version steht bereit. --------------------------------------------- http://heise.de/-4249500 ∗∗∗ Scanning for Flaws, Scoring for Security ∗∗∗ --------------------------------------------- Is it fair to judge an organizations information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. --------------------------------------------- https://krebsonsecurity.com/2018/12/scanning-for-flaws-scoring-for-security/ ∗∗∗ Vorsicht bei gamestar4.com ∗∗∗ --------------------------------------------- Der Online-Shop gamestar4.com, mit angeblichem Sitz in Wien, ist betrügerisch. Auf gamestar4.com finden Sie neben Haushaltszubehör und Elektrogeräten, billige Spielkonsolen, die als Wochendeals beworben werden. Bestellen Sie bei gamestar4.com, verlieren Sie Ihr Geld, übermitteln Betrüger/innen sensible Daten und erhalten keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-gamestar4com/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (singularity), openSUSE (compat-openssl098, cups, firefox, mozilla-nss, and xen), and SUSE (cups, exiv2, ghostscript, and git). --------------------------------------------- https://lwn.net/Articles/774845/ ∗∗∗ Linux kernel vulnerability CVE-2018-5390 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95343321 ∗∗∗ IBM Security Bulletin: IBM® DB2® contains a denial of service vulnerability in scalar functions (CVE-2018-1977) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-contains-a-de… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability in IBM Business Automation Workflow (CVE-2018-1848) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Potential MITM attack in Apache CXF used by IBM Event Streams (CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-mitm-attack… ∗∗∗ IBM Security Bulletin: IBM Security Directory Server is affected by multiple vulnerabilities in GSKit ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-director… ∗∗∗ IBM Security Bulletin: IBM Security Directory Server is affected by a vulnerability in GSKit ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-director… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.12.2018
by Daily end-of-shift report 12 Dec '18

12 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-12-2018 18:00 − Mittwoch 12-12-2018 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Logitech Options: Logitech-Software ermöglicht bösartige Codeausführung ∗∗∗ --------------------------------------------- In einer Software zur Konfiguration von Logitech-Tastaturen und Mäusen klafft ein riesiges Sicherheitsloch. Nutzer von Logitech Options sollten es vorerst deinstallieren: Bisher gibt es keinen Fix. (Logitech, Eingabegerät) --------------------------------------------- https://www.golem.de/news/logitech-options-logitech-software-ermoeglicht-bo… ∗∗∗ Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp ∗∗∗ --------------------------------------------- Posted by Natalie Silvanovich, Project ZeroWhatsApp is another application that supports video conferencing that does not use WebRTC as its core implementation. Instead, it uses PJSIP, which contains some WebRTC code, but also contains a substantial amount of other code, and predates the WebRTC project. I fuzzed this implementation to see if it had similar results to WebRTC and FaceTime.Fuzzing Set-upPJSIP is open source, so it was easy to identify the PJSIP code in the Android WhatsApp binary [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferen… ∗∗∗ A bug in Microsoft’s login system made it easy to hijack anyone’s Office account ∗∗∗ --------------------------------------------- A string of bugs when chained together created the perfect attack to gain access to someones Microsoft account - simply by tricking a user into clicking a link. --------------------------------------------- https://techcrunch.com/2018/12/11/microsoft-login-bug-hijack-office-account… ∗∗∗ Patchday: Attacken auf Windows-Kernel-Lücke ∗∗∗ --------------------------------------------- Microsoft hat wichtige Sicherheitsupdates für Office, Windows & Co. veröffentlicht. Mehrere Schwachstellen gelten als kritisch. --------------------------------------------- http://heise.de/-4248309 ∗∗∗ Sicherheitsupdates: Angreifer könnten IP-Kameras von Bosch übernehmen ∗∗∗ --------------------------------------------- Einige IP-Kamera-Modelle von Bosch sind über eine als kritisch eingestufte Sicherheitslücke attackierbar. Updates schaffen Abhilfe. --------------------------------------------- http://heise.de/-4248751 ∗∗∗ Bitcoin Profit ist Betrug ∗∗∗ --------------------------------------------- Auf einer gefälschten orf.at-Website bewerben Kriminelle die Trading-Plattform Bitcoin Profit. In dem irreführenden Beitrag behaupten sie, dass es damit sehr einfach sei, sehr hohe Gewinne zu erzielen. Über die Werbung gelangen Leser/innen auf btcprofitnow.pro. Melden sie sich auf der Website für Bitcoin Profit an und überweisen sie ihr Geld an Kriminelle, verlieren sie es und ihre Daten an Betrüger/innen. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-profit-ist-betrug/ ∗∗∗ Schadsoftware in gefälschter DHL-Sendungsbenachrichtigung ∗∗∗ --------------------------------------------- Zur Weihnachtszeit ist es leicht möglich, dass Sie Versandbenachrichtigungen in Ihrem E-Mail-Posteingang erwarten. Dennoch überrascht Sie dort womöglich eine gefälschte DHL-Nachricht. Die Mail gibt vor, Sie über eine anstehende Lieferung zu informieren, die gar nicht existiert. Wenn Sie auf den Link in der Nachricht klicken, wird versucht eine Datei herunterzuladen. Vorsicht! Diese vermeintliche Word-Datei enthält Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/schadsoftware-in-gefaelschter-dhl-se… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, firefox, lib32-openssl, lib32-openssl-1.0, openssl, openssl-1.0, texlive-bin, and wireshark-cli), Fedora (perl), openSUSE (pdns), Oracle (kernel), Red Hat (kernel), Slackware (mozilla), SUSE (kernel, postgresql10, qemu, and xen), and Ubuntu (firefox, freerdp, freerdp2, pixman, and poppler). --------------------------------------------- https://lwn.net/Articles/774731/ ∗∗∗ Security Advisory - Cache Timing Vulnerability in OpenSSL RSA Key Generation ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181212-… ∗∗∗ IBM Security Bulletin: Denial of service vulnerability affects IBM Unified Extensible Firmware Interface (CVE-2018-9085) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-denial-of-service-vul… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2018-0734, CVE-2018-5407) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: Vulnerability in Xorg affects AIX (CVE-2018-14665) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-xorg… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect Rational Publishing Engine ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerability in Oracle Solaris affects AIX (CVE-2017-3623) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-orac… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ BIG-IP SNMP vulnerability CVE-2018-15328 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42027747 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.12.2018
by Daily end-of-shift report 11 Dec '18

11 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Montag 10-12-2018 18:00 − Dienstag 11-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ MySQL-Frontend: Lücke in PhpMyAdmin erlaubt Datendiebstahl ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im MySQL-Frontend PhpMyAdmin erlaubt es, lokale Dateien auszulesen. Dafür benötigt man jedoch einen bereits existierenden Login. (MySQL, PHP) --------------------------------------------- https://www.golem.de/news/mysql-frontend-luecke-in-phpmyadmin-erlaubt-daten… ∗∗∗ Warnung vor schlossauf.at ∗∗∗ --------------------------------------------- Die Website schlossauf.at wirbt mit einem seriösen und preiswerter Schlüsseldienst, der in 20min vor Ort bei Kund/innen ist. Konsument/innen, die den Dienst nutzen, nehmen in Wahrheit Kontakt mit der deutschen Gesellschaft MK Notservice GmbH auf. Sie vermittelt Schlosser/innen. Die Dienste vor Ort sind laut Kund/innenmeinungen mit langen Wartezeiten verbunden und sehr teuer. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-schlossaufat/ ∗∗∗ Augen auf beim digitale Vignetten-Kauf! ∗∗∗ --------------------------------------------- Die digitale Vignette können Sie an unterschiedlichsten Stellen erstehen. Neben der ASFINAG, dem ÖAMTC oder dem ARBÖ vertreiben nämlich auch andere unbekanntere Anbieter die digitale Vignette. Achtung: Hier werden zum Teil zusätzliche Kosten verrechnet, die Sie leicht vermeiden können, indem Sie einen kurzen Vergleich anstellen. --------------------------------------------- https://www.watchlist-internet.at/news/augen-auf-beim-digitale-vignetten-ka… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB18-41) ∗∗∗ --------------------------------------------- Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB18-41). The updates referenced in the bulletin address critical and important vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1674 ∗∗∗ Decoupled Router - Critical - Access bypass - SA-CONTRIB-2018-071 ∗∗∗ --------------------------------------------- Project: Decoupled RouterVersion: 8.x-1.18.x-1.0Date: 2018-October-31Security risk: Critical 15∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module enables you to resolve the provided Drupal path in order to find the canonical path and information about the resolved entity. This information includes entity type ID, entity ID, entity UUID and entity label.The module doesnt sufficiently check access before displaying entity labels. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-071 ∗∗∗ TYPO3 9.5.2, 8.7.21 and 7.6.32 security releases published ∗∗∗ --------------------------------------------- We are announcing the release of the following TYPO3 updates: * TYPO3 9.5.2 LTS * TYPO3 8.7.21 LTS * TYPO3 7.6.32 LTS All versions are security releases and contain important security fixes. --------------------------------------------- https://typo3.org/article/typo3-952-8721-and-7632-security-releases-publish… ∗∗∗ SAP Security Patch Day – December 2018 ∗∗∗ --------------------------------------------- On 11th of December 2018, SAP Security Patch Day saw the release of 9 Security Notes. Additionally, there were 3 updates to previously released security notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (php7.0), Fedora (keepalived, kernel, kernel-headers, kernel-tools, mingw-uriparser, and uriparser), openSUSE (pdns-recursor), Oracle (kernel), SUSE (compat-openssl098, glibc, java-1_8_0-ibm, kernel, opensc, python, python-base, python-cryptography, python-pyOpenSSL, samba, and soundtouch), and Ubuntu (cups). --------------------------------------------- https://lwn.net/Articles/774590/ ∗∗∗ SSA-982399: Missing Authentication in TIM 1531 IRC Modules ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-982399.txt ∗∗∗ SSA-181018: Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-181018.txt ∗∗∗ SSA-674165: Vulnerability in McAfee MACC product for SINAMICS PERFECT HARMONY GH180 drives ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-674165.txt ∗∗∗ SSA-170881: Vulnerabilities in SINUMERIK Controllers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-170881.txt ∗∗∗ IBM Security Bulletin: Open Source Python-paramiko vulnerability affects IBM Netezza Host Management. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-open-source-python-pa… ∗∗∗ IBM Security Bulletin: Potential cross-site request forgery in WebSphere Application Server Admin Console (CVE-2018-1926) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-cross-site-… ∗∗∗ IBM Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-privilege-e… ∗∗∗ IBM Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-remote-code… ∗∗∗ IBM Security Bulletin: Vulnerability in BIND affects Power Hardware Management Console (CVE-2018-5740) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-bind… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a glibc vulnerability (CVE-2017-15670) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-access-m… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2018-1060, CVE-2018-1061) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0732, CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-manager-wit… ∗∗∗ glibc vulnerability CVE-2017-16997 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43546166 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.12.2018
by Daily end-of-shift report 10 Dec '18

10 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-12-2018 18:00 − Montag 10-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Gefälschte T-Mobile-Nachricht fordert Auskunft ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte T-Mobile-Nachricht. Darin behaupten sie, dass Kund/innen im Zusammenhang mit der Nutzung von Diensten persönliche Daten bekannt geben und ihre Telefonnummer bestätigen müssen. Das soll auf einer gefälschten T-Mobile-Website geschehen. Konsument/innen, die die von Ihnen verlangten Informationen bekannt geben, werden Opfer eines Datendiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-t-mobile-nachricht-forde… ∗∗∗ Sextortion Emails now Leading to Ransomware and Info-Stealing Trojans ∗∗∗ --------------------------------------------- Sextortion email scams have been a very successful way of generating money for criminals. A new Sextortion campaign is now taking it to the next level by tricking recipients into installing the Azorult information-stealing Trojan, which then downloads and installs the GandCrab ransomware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sextortion-emails-now-leadin… ∗∗∗ How can businesses get the most out of pentesting? ∗∗∗ --------------------------------------------- More than 4.5 billion data records were compromised in the first half of this year. If you still feel like your enterprise is secure after reading that statistic, you’re one of the few. Hackers utilizing high-profile exploits to victimize organizations is becoming an almost daily occurrence, with 18,000 to 19,000 new vulnerabilities estimated to show up in 2018. Here’s the thing though – we can still address the situation and make the current threat landscape [...] --------------------------------------------- https://www.helpnetsecurity.com/2018/12/10/get-the-most-out-of-pentesting/ ∗∗∗ Mac malware combines EmPyre backdoor and XMRig miner ∗∗∗ --------------------------------------------- New Mac malware is using the EmPyre backdoor and the XMRig cryptominer to drain processor power—and possibly worse. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/12/mac-malware-combines-… ∗∗∗ Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix ∗∗∗ --------------------------------------------- Bug dealt with in Chrome and Edge, but still a problem for Firefox users. --------------------------------------------- https://www.zdnet.com/article/malicious-sites-abuse-11-year-old-firefox-bug… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium-browser and lxml), Fedora (cairo, hadoop, and polkit), Mageia (tomcat), openSUSE (apache2-mod_jk, Chromium, dom4j, ImageMagick, libgit2, messagelib, ncurses, openssl-1_0_0, otrs, pam, php5, php7, postgresql10, rubygem-activejob-5_1, tiff, and tomcat), Red Hat (chromium-browser and rh-git218-git), Slackware (php), SUSE (audiofile, cri-o and kubernetes packages, cups, ImageMagick, libwpd, SMS3.2, and systemd), and Ubuntu (lxml). --------------------------------------------- https://lwn.net/Articles/774489/ ∗∗∗ WPForms <= 1.4.8 - Unauthenticated Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9164 ∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-s, 1801-t and 1801-u ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-s… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2018 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2018-8013) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains a stored cross-site scripting vulnerability (CVE-2018-1900) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-prog… ∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains an open redirect vulnerability (CVE-2018-1654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-prog… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateways is affected by a Denial of Service vulnerability (CVE-2018-1652) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: IBM Cloud Private is affected by a privilege escalation vulnerability in Kubernetes API server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-is-… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for libcURL (CVE-2018-14618) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from OpenSSL (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-1652) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.12.2018
by Daily end-of-shift report 07 Dec '18

07 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-12-2018 18:00 − Freitag 07-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Using Fuzzing to Mine for Zero-Days ∗∗∗ --------------------------------------------- Infosec Insider Derek Manky discusses how new technologies and economic models are facilitating fuzzing in todays security landscape. --------------------------------------------- https://threatpost.com/using-fuzzing-to-mine-for-zero-days/139683/ ∗∗∗ Is it Time to Uninstall Flash? (If you havent already) ∗∗∗ --------------------------------------------- If you havent uninstalled Flash yet, maybe today should be that day. The update posted yesterday has a remote code exec proof-of-concept already here: [...] --------------------------------------------- https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+have… ∗∗∗ Array string obfuscation ∗∗∗ --------------------------------------------- We continue to see an increase in the number of these PHP injections that use multiple obfuscation methods to evade detection, but lately one method has been increasingly utilized: [...] --------------------------------------------- http://labs.sucuri.net/?note=2018-12-06 ===================== = Vulnerabilities = ===================== ∗∗∗ Philips HealthSuite Health Android App ∗∗∗ --------------------------------------------- This advisory includes mitigations for an inadequate encryption strength vulnerability in Philips HealthSuite Health Android App. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01 ∗∗∗ GE Proficy GDS ∗∗∗ --------------------------------------------- This advisory contains mitigations for an improper restriction of XML external entity reference vulnerability in GEs Proficy GDS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-340-01 ∗∗∗ Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules ∗∗∗ --------------------------------------------- This advisory contains mitigations for a missing authentication vulnerability in the Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02 ∗∗∗ watchOS 5.1.2 ∗∗∗ --------------------------------------------- This document describes the security content of watchOS 5.1.2. --------------------------------------------- https://support.apple.com/en-us/HT209343 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (jupyter-notebook), CentOS (ghostscript), Debian (libphp-phpmailer and policykit-1), Fedora (bird), Gentoo (ede), Mageia (flash-player-plugin), openSUSE (dom4j, dpdk, glib2, nextcloud, postgresql94, and qemu), Oracle (kernel), SUSE (firefox, libarchive, libgit2, libreoffice, ncurses, openssl-1_0_0, squid, and tiff), and Ubuntu (ghostscript, openssl, openssl1.0, and wavpack). --------------------------------------------- https://lwn.net/Articles/774270/ ∗∗∗ Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN89767228/ ∗∗∗ IBM Security Bulletin: Potential information disclosure in WebSphere Application Server (CVE-2018-1957) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-information… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by multiple openssl vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a CPU vulnerability (CVE-2018-3620) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Social Program Management Design System contains an HTML injection vulnerability (CVE-2018-1671) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-social-program-ma… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.12.2018
by Daily end-of-shift report 06 Dec '18

06 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-12-2018 18:00 − Donnerstag 06-12-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Adventures in Video Conferencing Part 2: Fun with FaceTime ∗∗∗ --------------------------------------------- FaceTime is Apple’s video conferencing application for iOS and Mac. It is closed source, and does not appear to use any third-party libraries for its core functionality. I wondered whether fuzzing the .. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferen… ∗∗∗ Data Exfiltration in Penetration Tests ∗∗∗ --------------------------------------------- In many penetration tests, therell be a point where you need to exfiltrate some data. Sometimes this is a situation of "OK, we got the crown jewels, lets get the data off premise". Or sometimes in .. --------------------------------------------- https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24… ∗∗∗ Campaign evolution: Hancitor changes its Word macros ∗∗∗ --------------------------------------------- Todays diary reviews trends in recent malicious spam (malspam) pushing Hancitor. --------------------------------------------- https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+changes+its+W… ∗∗∗ MikroTik: Hunderttausende Router schürfen heimlich Kryptogeld ∗∗∗ --------------------------------------------- Eine im August bekannt gewordenen Schwachstelle in den Geräten wird momentan öfter angegriffen denn je. --------------------------------------------- http://heise.de/-4243857 ∗∗∗ Linux: Besserer Spectre-V2-Schutz jetzt im Kernel, kaum Geschwindigkeitsverlust ∗∗∗ --------------------------------------------- Nach einem abgelehnten Patch haben die Linux-Entwickler den Schutz gegen die CPU-Lücke Spectre V2 in den Kerneln 4.14.86 und 4.19.7 verbessert. --------------------------------------------- http://heise.de/-4244052 ∗∗∗ Betrügerischer Sicherheitsalarm im Postfach ∗∗∗ --------------------------------------------- Konsument/innen finden in ihrem E-Mailpostfach eine Nachricht mit dem Betreff „Sicherheitsalarm. Hacker kennen das Passwort vom (E-Mailadresse)“. In dem Schreiben behaupten Kriminelle .. --------------------------------------------- https://www.watchlist-internet.at/index.php?id=71&tx_news_pi1[news]=3205&tx… ∗∗∗ konsolensultan.de ist ein Fake-Shop ∗∗∗ --------------------------------------------- Bestellen Sie nicht bei konsolensultan.de, es handelt sich um einen unseriösen Anbieter. Die gewünschten Spielkonsolen und Controller werden Sie nie erreichen. Sie verlieren Ihr Geld. --------------------------------------------- https://www.watchlist-internet.at/news/konsolensultande-ist-ein-fake-shop/ ∗∗∗ A botnet of over 20,000 WordPress sites is attacking other WordPress sites ∗∗∗ --------------------------------------------- Botnet is still up and running but law enforcement has been notified. --------------------------------------------- https://www.zdnet.com/article/a-botnet-of-over-20000-wordpress-sites-is-att… ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-41) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB18-41) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, December 11, 2018. We will continue to provide updates on the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1669 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (kio-extras), Red Hat (flash-plugin and openstack-neutron), Slackware (gnutls and nettle), SUSE ( aphp53, apache2, apache2-mod_jk, compat-openssl097g, firefox, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, glib2, kvm, mariadb, ncurses, openssl-1_0_0, openssl1, pam, php5, php7, qemu, rubygem-activejob-5_1, tomcat, and wireshark), and Ubuntu (libraw and spamassassin). --------------------------------------------- https://lwn.net/Articles/774089/ ∗∗∗ MISP 2.4.99 released (aka API/UI fixes and critical security vulnerability fixed) ∗∗∗ --------------------------------------------- A new version of MISP (2.4.99) has been released with improvements in the UI, API, STIX import and a fixed critical security vulnerability.Thanks to Francois-Xavier Stellamans from NCI Agency Cyber Security who reported a critical vulnerability in the STIX 1 import code. The vulnerability allows a malicious authenticated user to inject commands via .. --------------------------------------------- https://www.misp-project.org/2018/12/06/MISP.2.4.99.released.html ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/12/05/Apple-Releases-Mul… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in Kubernetes API server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2018-5407 and CVE-2018-0734 in OpenSSL affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2… ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1896) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-secur… ∗∗∗ IBM Security Bulletin: IBM MQ Console could allow an attacker to execute a denial of service attack. (CVE-2018-1883) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-console-could-… ∗∗∗ IBM Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty affects IBM WebSphere Application Server in IBM Cloud (CVE-2018-1851) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-code-execution-vulner… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateways is affected by a downgrade vulnerability (CVE-2018-1663) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerab… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.12.2018
by Daily end-of-shift report 05 Dec '18

05 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-12-2018 18:00 − Mittwoch 05-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Adventures in Video Conferencing Part 1: The Wild World of WebRTC ∗∗∗ --------------------------------------------- Over the past five years, video conferencing support in websites and applications has exploded. Facebook, WhatsApp, FaceTime and Signal are just a few of the many ways that users can make audio and video calls across networks. While a lot of research has been done into the cryptographic and privacy properties of video conferencing, there is limited information available about the attack surface of these platforms [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferen… ∗∗∗ Notfallpatch: Exploit-Code für kritische Flash-Lücke im Umlauf ∗∗∗ --------------------------------------------- Es gibt ein wichtiges Sicherheitsupdate für Adobes Flash Player. Nutzer sollten es dringend installieren. --------------------------------------------- http://heise.de/-4242328 ∗∗∗ SplitSpectre: Neue Methode macht Prozessor-Angriffe einfacher ∗∗∗ --------------------------------------------- Eine neue Abwandlung des Spectre-V1-Angriffs macht solche Attacken auf CPUs realistischer. Sie lässt sich über die JavaScript-Engine eines Browsers ausführen. --------------------------------------------- http://heise.de/-4241478 ∗∗∗ Achtung Dynamit-Phishing: Gefährliche Trojaner-Welle legt ganze Firmen lahm ∗∗∗ --------------------------------------------- BSI, CERT-Bund und Cybercrime-Spezialisten der LKAs sehen eine akute Welle von Infektionen mit Emotet, die Millionenschäden anrichtet. --------------------------------------------- http://heise.de/-4241424 ∗∗∗ The Dark Side of the ForSSHe ∗∗∗ --------------------------------------------- ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, "The Dark Side of the ForSSHe", they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats --------------------------------------------- https://www.welivesecurity.com/2018/12/05/dark-side-of-the-forsshe/ ∗∗∗ Achtung: Gefälschte PayPal-Rechnungen im Umlauf ∗∗∗ --------------------------------------------- Konsument/innen wird per E-Mail eine angebliche Rechnung von PayPal zugesandt - für ein Produkt, das nie bestellt wurde. Um die Rechnung zu stornieren, soll man einem Link folgen und dort seine persönlichen Daten und Zahlungsinformationen bekannt geben. Wer der Aufforderung nachkommt, wird Opfer eines Datendiebstahls und ermöglicht Kriminellen Zahlungen im eigenen Namen! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-gefaelschte-paypal-rechnunge… ∗∗∗ It looked like a Citrix ShareFile phishing attack, but wasn’t ∗∗∗ --------------------------------------------- Guest contributor Bob Covello isn’t happy about a password reset email that Citrix has been sending its customers.If you’re a company contacting your customers via email, please make sure it doesn’t look phishy. --------------------------------------------- https://www.grahamcluley.com/citrix-sharefile-not-phishing-email/ ===================== = Vulnerabilities = ===================== ∗∗∗ Omron CX-One ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow and use after free vulnerabilities in Omrons CX-One software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01 ∗∗∗ SpiderControl SCADA WebServer ∗∗∗ --------------------------------------------- This advisory includes mitigations for a reflected cross-site scripting vulnerability in SpiderControls SCADA WebServer software management platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02 ∗∗∗ Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018 ∗∗∗ --------------------------------------------- Version 1.15: Final --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Inadequate cryptography implementation in Kerio Control VPN protocol ∗∗∗ --------------------------------------------- A vulnerability in the Kerio Control VPN protocol allowed an attacker to modify data transferred through the VPN. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/inadequate-cryptography-impl… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (suricata), Fedora (cobbler), Oracle (ghostscript), Red Hat (ansible), and Scientific Linux (ghostscript and ruby). --------------------------------------------- https://lwn.net/Articles/773964/ ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1935) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-secur… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affect Rational Asset Analyzer (RAA). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: IBM Financial Transaction Manager for Check Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-17/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2018-1656) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-im… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Asset Analyzer (RAA). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a XSS vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS Liberty vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 (CVE-2018-1656, CVE-2018-0732, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.12.2018
by Daily end-of-shift report 04 Dec '18

04 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Montag 03-12-2018 18:00 − Dienstag 04-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ KoffeyMaker: notebook vs. ATM ∗∗∗ --------------------------------------------- Kaspersky Lab’ experts investigated one such toolkit, dubbed KoffeyMaker, in 2017-2018, when a number of Eastern European banks turned to us for assistance after their ATMs were quickly and almost freely raided. It soon became clear that we were dealing with a black box attack. --------------------------------------------- https://securelist.com/koffeymaker-notebook-vs-atm/89161/ ∗∗∗ SamSam Ransomware ∗∗∗ --------------------------------------------- Original release date: December 03, 2018 The Department of Homeland Security and the Federal Bureau of Investigation have identified cyber threat actors using SamSam ransomware—also known as MSIL/SAMAS.A—to target industries in the United States and worldwide.NCCIC encourages users and administrators to review Alert AA18-337A: SamSam Ransomware and Malware Analysis Reports AR18-337A, AR18-337B, AR18-337C, and AR18-337D for more information. This product is provided subject to this --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/12/03/SamSam-Ransomware ∗∗∗ App-Store-Betrug mit Touch-ID-Geräten ∗∗∗ --------------------------------------------- Verschiedene Entwickler versuchen, Nutzer zum Kauf teurer In-App-Angebote zu bringen – mittels "Fingerabdruckklau". Apple reagiert. --------------------------------------------- http://heise.de/-4239342 ∗∗∗ Kubernetes: Kritisches Update für Container-Verwaltung ∗∗∗ --------------------------------------------- In Kubernetes steckt eine gefährliche Sicherheitslücke, über die unangemeldete Angreifer Code mit Admin-Rechten im Cluster ausführen können. --------------------------------------------- http://heise.de/-4240804 ∗∗∗ Gebietskörperschaften erhalten gefälschte Geschäftskorrespondenz ∗∗∗ --------------------------------------------- Betrüger/innen schreiben Gebietskörperschaften an und geben sich als Geschäftspartner/innen des Bundes, der Länder oder der Gemeinden aus. Sie erfinden einen Grund, der es angeblich notwendig macht, dass sie die Vertragskopie für ein Rechtsgeschäft erhalten. In diese fügen sie neue Bankdaten ein und fordern die Geldüberweisung auf ein neues Konto. Beamt/innen und Vertragsbedienstete, die die Transaktion durchführen, überweisen Geld an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/gebietskoerperschaften-erhalten-gefa… ∗∗∗ In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct ∗∗∗ --------------------------------------------- Since we began reporting on online card skimming, we have noted consistent evolutions in modus operandi of the various Magecart groups, and even the Magecart phenomenon itself. The web-skimming ecosystem has exploded, spawning multiple groups that want a piece of the action, many of which we reported on in our recent report “Inside Magecart.” […]The post In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct appeared first on RiskIQ. --------------------------------------------- https://www.riskiq.com/blog/labs/magecart-vision-direct/ ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - December 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-12-05 or later address all of these issues. --------------------------------------------- https://source.android.com/security/bulletin/2018-12-01.html ∗∗∗ Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.In accordance with our coordinated disclosure policy, Cisco Talos worked with Netgate to ensure that these issues are resolved and that an update is [...] --------------------------------------------- https://blog.talosintelligence.com/2018/12/Netgate-pfsense-command-injectio… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (glibc, qemu, and tmux), Mageia (messagelib), Oracle (ghostscript), Red Hat (ghostscript, OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, OpenShift Container Platform 3.2, OpenShift Container Platform 3.3, OpenShift Container Platform 3.4, OpenShift Container Platform 3.5, OpenShift Container Platform 3.6, and OpenShift Container Platform 3.8), Slackware (mozilla), and Ubuntu (linux, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, [...] --------------------------------------------- https://lwn.net/Articles/773826/ ∗∗∗ Cisco Energy Management Suite Default PostgreSQL Password Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ TMM vulnerability CVE-2018-5535 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19634255 ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technolo… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM WebSphere Portal ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-15/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Transparent Cloud Tiering ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-14/ ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to XML External Entity Injection (CVE-2018-1730) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-1728) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: QRadar Advisor with Watson ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-13/ ∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability. (CVE-2018-8034, CVE-2018-8037) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used… ∗∗∗ IBM Security Bulletin: Apache PDFBox as used in IBM QRadar Incident Forensics is vulnerable to Publicly disclosed vulnerability. (CVE-2018-8036) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-pdfbox-as-used… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.12.2018
by Stephan Richter 03 Dec '18

03 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-11-2018 18:00 − Montag 03-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Who Is Targeting Industrial Facilities and ICS Equipment, and How? ∗∗∗ --------------------------------------------- Industrial Control Systems (ICS) are expected to be installed and left isolated for a long time. Technical changes and the necessity of reducing operating costs led to this equipment being left in operation longer than expected, exposing it to a broad range of cyber-threats. Malware designed to compromise [...] --------------------------------------------- https://resources.infosecinstitute.com/who-is-targeting-industrial-faciliti… ∗∗∗ DeepSec 2018 Wrap-Up ∗∗∗ --------------------------------------------- I’m writing this quick wrap-up in Vienna, Austria where I attended my first DeepSec conference. This event was already on my schedule for a while but I never had a chance to come. This year, I submitted a training and I was accepted! Good opportunity to visit the beautiful city [...] --------------------------------------------- https://blog.rootshell.be/2018/11/30/deepsec-2018-wrap-up/ ∗∗∗ The 9 Lives of Bleichenbachers CAT: New Cache ATtacks on TLS Implementations ∗∗∗ --------------------------------------------- In this whitepaper*, nine different implementations of TLS were tested against cache attacks and seven were found to be vulnerable: [...] --------------------------------------------- https://www.nccgroup.trust/us/our-research/the-9-lives-of-bleichenbachers-c… ∗∗∗ Injecting Code into Windows Protected Processes using COM - Part 2 ∗∗∗ --------------------------------------------- In my previous blog I discussed a technique which combined numerous issues I’ve previously reported to Microsoft to inject arbitrary code into a PPL-WindowsTCB process. The techniques presented don’t work for exploiting the older, stronger Protected Processes (PP) for a few different reasons. This blog seeks to remedy this omission and provide details of how I was able to also hijack a full PP-WindowsTCB process without requiring administrator privileges. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-… ∗∗∗ What the Marriott Breach Says About Security ∗∗∗ --------------------------------------------- We dont yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised. --------------------------------------------- https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-sec… ∗∗∗ Gefälschte iPhone-Gewinn-SMS von Billa im Umlauf ∗∗∗ --------------------------------------------- Betrüger/innen versenden SMS-Nachrichten im Namen von Billa an Konsument/innen. Wer die Nachricht öffnet, soll einige Fragen beantworten und kann anschließend den Gewinn, ein iPhone XS im Wert von über 1200 Euro, auswählen. Für den Erhalt sollen 1,50 Euro per Kreditkarte bezahlt werden. Betroffene dürfen Ihre Daten nicht eingeben, denn es handelt sich um eine Abo-Falle und das versprochene iPhone wird nie verschickt! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-iphone-gewinn-sms-von-bi… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital Oscilloscope ∗∗∗ --------------------------------------------- A digital oscilloscope by Siglent Technologies is affected by multiple vulnerabilities such as hardcoded backdoor accounts or missing authentication. The vendor was unresponsive and did not provide a patch. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libarchive, perl, and qemu), Fedora (glibc, glusterfs, links, and moodle), Gentoo (libsndfile and postgresql), openSUSE (openssh, rubygem-loofah, and tiff), Oracle (ruby), Red Hat (ruby), and Ubuntu (libssh and linux-aws). --------------------------------------------- https://lwn.net/Articles/773437/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nsis, openssl, poppler, and tiff), Fedora (dnsdist, drupal7, kernel, kernel-headers, kernel-tools, net-snmp, perl, php-Smarty2, and samba), Gentoo (connman, nagios-core, php, and webkit-gtk), Mageia (apache-mod_perl, kdeconnect-kde, and python-requests), Red Hat (rh-postgresql10-postgresql), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/773650/ ∗∗∗ Vuln: NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote Command Injection Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106059 ∗∗∗ IBM Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6, Version 7, Version 8, that is used by IBM Workload Scheduler. These issues were disclosed as part of the IBM Java SDK updates in [...] ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-there-are-multiple-vu… ∗∗∗ Ruby on Rails: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1138

1 0

Tageszusammenfassung - 03.12.2018
by Daily end-of-shift report 03 Dec '18

03 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-11-2018 18:00 − Montag 03-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Who Is Targeting Industrial Facilities and ICS Equipment, and How? ∗∗∗ --------------------------------------------- Industrial Control Systems (ICS) are expected to be installed and left isolated for a long time. Technical changes and the necessity of reducing operating costs led to this equipment being left in operation longer than expected, exposing it to a broad range of cyber-threats. Malware designed to compromise [...] --------------------------------------------- https://resources.infosecinstitute.com/who-is-targeting-industrial-faciliti… ∗∗∗ DeepSec 2018 Wrap-Up ∗∗∗ --------------------------------------------- I’m writing this quick wrap-up in Vienna, Austria where I attended my first DeepSec conference. This event was already on my schedule for a while but I never had a chance to come. This year, I submitted a training and I was accepted! Good opportunity to visit the beautiful city [...] --------------------------------------------- https://blog.rootshell.be/2018/11/30/deepsec-2018-wrap-up/ ∗∗∗ The 9 Lives of Bleichenbachers CAT: New Cache ATtacks on TLS Implementations ∗∗∗ --------------------------------------------- In this whitepaper*, nine different implementations of TLS were tested against cache attacks and seven were found to be vulnerable: [...] --------------------------------------------- https://www.nccgroup.trust/us/our-research/the-9-lives-of-bleichenbachers-c… ∗∗∗ Injecting Code into Windows Protected Processes using COM - Part 2 ∗∗∗ --------------------------------------------- In my previous blog I discussed a technique which combined numerous issues I’ve previously reported to Microsoft to inject arbitrary code into a PPL-WindowsTCB process. The techniques presented don’t work for exploiting the older, stronger Protected Processes (PP) for a few different reasons. This blog seeks to remedy this omission and provide details of how I was able to also hijack a full PP-WindowsTCB process without requiring administrator privileges. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-… ∗∗∗ What the Marriott Breach Says About Security ∗∗∗ --------------------------------------------- We dont yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised. --------------------------------------------- https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-sec… ∗∗∗ Gefälschte iPhone-Gewinn-SMS von Billa im Umlauf ∗∗∗ --------------------------------------------- Betrüger/innen versenden SMS-Nachrichten im Namen von Billa an Konsument/innen. Wer die Nachricht öffnet, soll einige Fragen beantworten und kann anschließend den Gewinn, ein iPhone XS im Wert von über 1200 Euro, auswählen. Für den Erhalt sollen 1,50 Euro per Kreditkarte bezahlt werden. Betroffene dürfen Ihre Daten nicht eingeben, denn es handelt sich um eine Abo-Falle und das versprochene iPhone wird nie verschickt! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-iphone-gewinn-sms-von-bi… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital Oscilloscope ∗∗∗ --------------------------------------------- A digital oscilloscope by Siglent Technologies is affected by multiple vulnerabilities such as hardcoded backdoor accounts or missing authentication. The vendor was unresponsive and did not provide a patch. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libarchive, perl, and qemu), Fedora (glibc, glusterfs, links, and moodle), Gentoo (libsndfile and postgresql), openSUSE (openssh, rubygem-loofah, and tiff), Oracle (ruby), Red Hat (ruby), and Ubuntu (libssh and linux-aws). --------------------------------------------- https://lwn.net/Articles/773437/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nsis, openssl, poppler, and tiff), Fedora (dnsdist, drupal7, kernel, kernel-headers, kernel-tools, net-snmp, perl, php-Smarty2, and samba), Gentoo (connman, nagios-core, php, and webkit-gtk), Mageia (apache-mod_perl, kdeconnect-kde, and python-requests), Red Hat (rh-postgresql10-postgresql), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/773650/ ∗∗∗ Vuln: NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote Command Injection Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106059 ∗∗∗ IBM Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6, Version 7, Version 8, that is used by IBM Workload Scheduler. These issues were disclosed as part of the IBM Java SDK updates in [...] ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-there-are-multiple-vu… ∗∗∗ Ruby on Rails: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1138 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.11.2018
by Daily end-of-shift report 30 Nov '18

30 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 29-11-2018 18:00 − Freitag 30-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Here are another 45,000 reasons to patch Windows systems against old NSA exploits ∗∗∗ --------------------------------------------- Its 2018 and UPnP is still opening up networks - this time to leaked SMB cyber-weapons Earlier this year, Akamai warned that vulnerabilities in Universal PlugNPlay (UPnP) had been exploited by scumbags to hijack 65,000 home routers. In follow-up research released this week, it revealed little has changed.… --------------------------------------------- https://www.theregister.co.uk/2018/11/30/akamai_routerwreckers_active/ ∗∗∗ Good practices for identifying and assessing cybersecurity interdependencies ∗∗∗ --------------------------------------------- A glance at the interdependency landscape reveals several emerging interdependencies between operators of essential services (OES) and digital service providers (DSP), at both system and service level. Due to these interdependencies, there is an increasing number of cybersecurity incidents that either propagated across organisations (often across borders), or had a cascading effect at the level of essential services. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/good-practices-for-identifying-… ∗∗∗ Gezielte Angriffe gegen Firmen mit Trojaner in AutoCAD-Dateien ∗∗∗ --------------------------------------------- Echte CAD-Pläne mit beigefügten Skripten kopieren unbemerkt Firmengeheimnisse, warnen Sicherheitsforscher. --------------------------------------------- http://heise.de/-4236488 ∗∗∗ Hackers in Hot Water. Pwning smart hot tubs, yes really ∗∗∗ --------------------------------------------- We were given a tip by the awesome Ceri Coburn that something was amiss with the Balboa Water App, a mobile app used for controlling >30,000 hot tubs. You can remotely control your tub, so you can heat it up for when you’re ready, saving […] --------------------------------------------- https://www.pentestpartners.com/security-blog/hackers-in-hot-water-pwning-s… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Zoom Flaw Lets Hackers Hijack Conference Meetings ∗∗∗ --------------------------------------------- Hackers can spoof messages, hijack screen controls and kick others out of meetings. --------------------------------------------- https://threatpost.com/critical-zoom-flaw-lets-hackers-hijack-conference-me… ∗∗∗ GatherContent - Moderately critical - Access bypass - SA-CONTRIB-2018-075 ∗∗∗ --------------------------------------------- Project: GatherContent Date: 2018-November-28 Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All Vulnerability: Access bypass Description: This module enables you to import and export data from the GatherContent service.The module didnt properly protect its administrative paths. Solution: Install the latest version:If you use the gathercontent module for Drupal 7.x, upgrade to gathercontent 7.x-3.5Also see the GatherContent project page. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-075 ∗∗∗ DSA-4347 perl - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4347 ∗∗∗ INVT Electric VT-Designer ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01 ∗∗∗ IBM Security Bulletin: Potential Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1840) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-privilege-e… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ OpenSSL and Intel processor SMT side-channel vulnerability (PortSmash) CVE-2018-5407 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K49711130 ∗∗∗ USN-3833-1: Linux kernel (AWS) vulnerabilities ∗∗∗ --------------------------------------------- https://usn.ubuntu.com/3833-1/ ∗∗∗ USN-3832-1: Linux kernel (AWS) vulnerabilities ∗∗∗ --------------------------------------------- https://usn.ubuntu.com/3832-1/ ∗∗∗ HPESBHF03906 rev.1 - HPE Intelligent Management Center (IMC), Remote Buffer Overflow, Code Execution, Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.11.2018
by Daily end-of-shift report 29 Nov '18

29 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 28-11-2018 18:00 − Donnerstag 29-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitsvorfall: Dell setzt Kennwörter von Kunden zurück ∗∗∗ --------------------------------------------- Unbekannte hatten Zugriff auf Dell.com und waren auf der Suche nach Kundendaten. --------------------------------------------- http://heise.de/-4235101 ∗∗∗ PayPal-Käuferschutz-Falle bei Kleinanzeigenkauf ∗∗∗ --------------------------------------------- PayPal genießt hohes Vertrauen bei seinen Nutzer/innen aufgrund des angebotenen Käuferschutzes. Dennoch ist hier Vorsicht geboten, denn nicht immer kommt der Käuferschutz zum Tragen. Nutzen Sie beim Einkauf über Willhaben, Ebay, Geizhals und Co nicht die Funktion "Geld an Freunde oder Familie senden" bei PayPal. Der Käuferschutz gilt nicht und Ihr Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/paypal-kaeuferschutz-falle-bei-klein… ∗∗∗ Achtung bei Anrufen von Microsoft ∗∗∗ --------------------------------------------- Aktuell häufen sich wieder betrügerische Anrufe von angeblichen Microsoft-Mitarbeiter/innen, die Sie auf Probleme mit Ihrem Computer aufmerksam machen. Im Zuge eine Fernwartung übernehmen Kriminelle Ihren Computer und fangen sensible Daten ab. Es handelt sich um eine Betrugsmasche. Legen Sie gleich auf! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-bei-anrufen-von-microsoft/ ∗∗∗ Fake-Shop-Alarm bei modchips24.com ∗∗∗ --------------------------------------------- Modchips24.com bietet neben R4-Karten für diverse Konsolen, wie die Nintendo 3DS oder die Nintendo Switch, auch Playstations, Xboxen und unterschiedlichstes Zubehör an. Sie sollten hier auf keinen Fall bestellen, denn uns erreichen zahlreiche Meldungen über ausbleibende Lieferungen. Bezahlen müssen Sie per Vorkasse, Ihr Geld wäre also verloren. --------------------------------------------- https://www.watchlist-internet.at/news/fake-shop-alarm-bei-modchips24com/ ∗∗∗ Not A Security Boundary: Breaking Forest Trusts ∗∗∗ --------------------------------------------- For years Microsoft has stated that the forest was the security boundary in Active Directory. For example, Microsoft's "What Are Domains and Forests?" document (last updated in 2014) has a "Forests as Security Boundaries" section which states (emphasis added): --------------------------------------------- https://posts.specterops.io/not-a-security-boundary-breaking-forest-trusts-… ===================== = Vulnerabilities = ===================== ∗∗∗ Bootstrap - Moderately critical - Cross site scripting - SA-CONTRIB-2018-074 ∗∗∗ --------------------------------------------- Project: BootstrapVersion: 7.x-3.228.x-3.14Date: 2018-November-28Security risk: Moderately critical 11∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross site scriptingDescription: This base theme bridges the gap between Drupal and the Bootstrap Framework.The theme doesnt sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-074 ∗∗∗ Norton and SEP Multiple Issues ∗∗∗ --------------------------------------------- Symantec has released updates to address issues that were discovered in the Norton, Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Small Business Edition (SEP SBE) and Symantec Endpoint Protection Cloud (SEP Cloud) products. --------------------------------------------- https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Gentoo (openssl and rpm), Mageia (icecast and yaml-cpp), Oracle (kernel and sos-collector), Red Hat (rh-ruby23-ruby, rh-ruby24-ruby, and rh-ruby25-ruby), Slackware (samba), SUSE (tomcat6), and Ubuntu (ghostscript). --------------------------------------------- https://lwn.net/Articles/773296/ ∗∗∗ 2018-11-26: Vulnerability in CP400 Panel Builder TextEditor 2.0 - Improper Input Validation Vulnerability ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=3BSE091042&Language… ∗∗∗ jQuery vulnerability CVE-2012-6708 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62532311 ∗∗∗ SNMPv2 vulnerability CVE-1999-0517 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04463175 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.11.2018
by Daily end-of-shift report 28 Nov '18

28 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 27-11-2018 18:00 − Mittwoch 28-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ The Nature of Mass Exploitation Campaigns ∗∗∗ --------------------------------------------- Examples of how attackers carry out mass exploitation campaigns and how to defend against them. --------------------------------------------- https://threatpost.com/the-nature-of-mass-exploitation-campaigns/139428/ ∗∗∗ TA18-331A: 3ve – Major Online Ad Fraud Operation ∗∗∗ --------------------------------------------- This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred to by the U.S. Government as "3ve"—involving the control of over 1.7 million unique Internet Protocol (IP) addresses --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA18-331A ∗∗∗ Windows 10 1809: Update gegen Spectre-NG-Lücken ∗∗∗ --------------------------------------------- Mit dem Update KB4465065 liefert Microsoft Microcode-Updates für einige Intel-Prozessortypen zum Schutz gegen L1TF sowie Spectre V3a und V4. --------------------------------------------- http://heise.de/-4234362 ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA Vijeo Citect and Citect SCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for an uncontrolled search path element vulnerability in Schneider Electrics Software Update utility affecting AVEVAs Vijeo Citect and Citect SCADA products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-331-01 ∗∗∗ Cisco Prime License Manager SQL Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web framework code of Cisco Prime License Manager(PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ FreeBSD: Multiple vulnerabilities in NFS server code ∗∗∗ --------------------------------------------- Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. --------------------------------------------- https://www.freebsd.org/security/advisories/FreeBSD-SA-18:13.nfs.asc ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (powerdns-recursor and samba), Debian (ghostscript), Fedora (community-mysql, flatpak, gettext, git, php-PHPMailer, php-phpmailer6, and wireshark), Oracle (kernel and NetworkManager), Scientific Linux (ghostscript, kernel, NetworkManager, and sos-collector), SUSE (dpdk, java-1_7_1-ibm, kernel, python-oslo.cache, python-oslo.concurrency, python-oslo.db, python-oslo.log, python-oslo.messaging, python-oslo.middleware, python-oslo.serialization, [...] --------------------------------------------- https://lwn.net/Articles/773179/ ∗∗∗ Synology-SA-18:60 Samba AD DC ∗∗∗ --------------------------------------------- CVE-2018-16841 and CVE-2018-16851 allow remote authenticated users to conduct denial-of-service attacks via a susceptible version of Synology Active Directory Server.None of Synology products are affected by CVE-2018-14629, CVE-2018-16852, CVE-2018-16853, and CVE-2018-16857 as these vulnerabilities only affect Samba 4.9.0 and later. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_60 ∗∗∗ Microsoft Windows: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1128 ∗∗∗ Security Advisory - Out-of-bounds Write Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181128-… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM SONAS (CVE-2016-0705) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale (CVE-2018-1783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-elastic-storage-s… ∗∗∗ IBM Security Bulletin: The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale (CVE-2018-1782) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-elastic-storage-s… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1723). CVE-2018-1723, gpfs, spectrum scale Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-luw-on-aix-an… ∗∗∗ IBM Security Bulletin: This Power System firmware update is being released to address DHCP issue number CVE-2018-5732 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-fir… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.11.2018
by Daily end-of-shift report 27 Nov '18

27 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 26-11-2018 18:00 − Dienstag 27-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor ∗∗∗ --------------------------------------------- BLADABINDI, also known as njRAT/Njw0rm, is a remote access tool (RAT) with a myriad of backdoor capabilities - from keylogging to carrying out distributed denial of service (DDoS) — and has been rehashed and reused in various cyberespionage campaigns since it first emerged. Indeed, BLADABINDI's customizability and seeming availability in the underground make it a prevalent threat. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled… ∗∗∗ NPM-Paket EventStream mit Bitcoin-Miner infiziert ∗∗∗ --------------------------------------------- In die Code-Bibliothek EventStream hat sich Schadcode eingeschlichen, der das Bitcoin Wallet Copay für Angreifer öffnet. --------------------------------------------- http://heise.de/-4233171 ∗∗∗ Lux-Codex nicht bestellen! ∗∗∗ --------------------------------------------- Auf lux-codex.com und wideally.com wird Ihnen der Lux-Codex - eine LED-Lampe in ausgefallenem Design - angeboten. Sie sollten hier nicht bestellen, denn Konsument/innen berichten uns von ausbleibender Lieferung trotz erfolgter Bezahlung! --------------------------------------------- https://www.watchlist-internet.at/news/lux-codex-nicht-bestellen/ ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the current firmware version V2.6.0 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP. These GNU/Linux vulnerabilities have been externally identified and will be fixed with the next firmware version. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gnuplot and samba), Fedora (flatpak, kernel-headers, kernel-tools, mariadb-connector-c, php-PHPMailer, php-phpmailer6, and xml-security-c), Gentoo (binutils, libav, mupdf, spice-gtk, strongswan, and tablib), Mageia (libpng(12), mariadb, and openssl), Oracle (ghostscript), Red Hat (.NET Core, ghostscript, java-1.7.1-ibm, kernel, kernel-alt, kernel-rt, NetworkManager, rh-nginx112-nginx, rh-nginx114-nginx, and sos-collector), Scientific Linux [...] --------------------------------------------- https://lwn.net/Articles/773100/ ∗∗∗ Vuln: Multiple Pivotal Cloud Foundry Products CVE-2018-15759 Access Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106019 ∗∗∗ Vuln: TIBCO Statistica Server CVE-2018-18807 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106021 ∗∗∗ ZDI-18-1362: (ODay) Juuko DATA Packet Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1362/ ∗∗∗ IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-3139 and CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-ident… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux – July 2018 Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by a vulnerability which could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node (CVE-2018-1723) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-scale-fo… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross site scripting (CVE-2018-1584) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ Samba: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1123 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.11.2018
by Daily end-of-shift report 26 Nov '18

26 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 23-11-2018 18:00 − Montag 26-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ His phone went dark, then $1m was sucked out in SIM-swap crypto-heist ∗∗∗ --------------------------------------------- A 21-year-old allegedly SIM-swapped Silicon Valley execs' phones to steal cryptocurrency, including one mans $1m tuition fund for his kids. --------------------------------------------- https://nakedsecurity.sophos.com/2018/11/26/his-phone-went-dark-then-1m-was… ∗∗∗ Unseriöse Handwerker aus dem Internet ∗∗∗ --------------------------------------------- Konsument/innen, die in der Nacht Probleme mit ihren Heizkörpern, ihrem Schloss oder ihrer Elektronik haben, können über das Internet unseriöse Installateur/innen, Schlosser/innen oder Elektriker/innen finden. Sie werben auf Websites mit günstigen Angeboten. Vor Ort verlangen die Unternehmen jedoch ein Vielfaches des vereinbarten Preises. Nachträgliche Beanstandungen sind nicht möglich, weil sie Kund/innen erfundene Daten nennen. --------------------------------------------- https://www.watchlist-internet.at/news/unserioese-handwerker-aus-dem-intern… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gnuplot5, icecast2, liblivemedia, otrs2, phpbb3, roundcube, squid3, and xml-security-c), Fedora (kio-extras, tmux, and xen), Gentoo (asterisk, chromium, exiv2, ghostscript-gpl, and thunderbird), openSUSE (libwpd, openssl, openssl-1_1, postgresql10, and SDL2_image), Red Hat (chromium-browser, rh-mysql57-mysql, rh-nginx110-nginx, and rh-nginx18-nginx), SUSE (exiv2, libgcrypt, rpm, and tiff), and Ubuntu (firefox and qemu). --------------------------------------------- https://lwn.net/Articles/772954/ ∗∗∗ ZDI-18-1361: (0Day) INVT Electric VT-Designer PM3 File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1361/ ∗∗∗ ZDI-18-1360: (0Day) INVT Electric VT-Designer File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1360/ ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Storwize V7000 Unified (CVE-2016-0705) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by spoofing attack vulnerability in WAS Logout Form ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by java deserialization vulnerability resulting in execution of untrusted data via the application server’s SOAP port ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Snapshot for VMware (CVE-2018-1553) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ git: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1120 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.11.2018
by Daily end-of-shift report 23 Nov '18

23 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 22-11-2018 18:00 − Freitag 23-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Aurora / Zorro Ransomware Actively Being Distributed ∗∗∗ --------------------------------------------- A ransomware that has been distributed since the summer of 2018 has started to pick up steam in the latest variant. This new variant is currently being called Zorro Ransomware, but has also been called Aurora Ransomware in the past. --------------------------------------------- https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-acti… ∗∗∗ Old Printer Vulnerabilities Die Hard ∗∗∗ --------------------------------------------- New research on an old problem reveals despite efforts, the InfoSec professionals still have a way to go when it comes to securing printers. --------------------------------------------- https://threatpost.com/old-printer-vulnerabilities-die-hard/139318/ ∗∗∗ Sicherheitsupdate: VMware Fusion und Workstation anfällig für Schadcode ∗∗∗ --------------------------------------------- Aktualisierte Versionen von Fusion und Workstation schließen eine kritische Sicherheitslücke. --------------------------------------------- http://heise.de/-4231452 ∗∗∗ l+f: Hacker ärgern Hacker ∗∗∗ --------------------------------------------- Online-Kreditkarten-Skimmer fechten Revierkämpfe aus. --------------------------------------------- http://heise.de/-4231527 ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: A Vulnerability in IBM Java SDK (April 2018) affecting IBM Application Delivery Intelligence V5.0.5 and V5.0.4 (CVE-2018-2783) ∗∗∗ --------------------------------------------- A vulnerability is identified in IBM® SDK Java Technology Edition Version 1.7 and Version 1.8 that are used by IBM Application Delivery Intelligence V5.0.4 and V5.0.5 respectively. This issue was disclosed as part of the IBM Java SDK updates in April 2018.CVE(s): CVE-2018-2783Affected product(s) and affected version(s):IBM Application Delivery Intelligence V5.0.4IBM Application Delivery Intelligence V5.0.5Refer to the following reference URLs for remediation and additional vulnerability [...] --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ VMSA-2018-0030 ∗∗∗ --------------------------------------------- VMware Workstation and Fusion updates address an integer overflow issue. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0030.html ∗∗∗ Security updates for (US) Thanksgiving Day ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ceph, openssl, and pixman), Fedora (kernel-headers, kernel-tools, libconfuse, python-urllib3, and xen), Mageia (gettext and roundcubemail), openSUSE (GraphicsMagick and libwpd), Oracle (thunderbird), Slackware (openssl), and Ubuntu (libapache2-mod-perl2). --------------------------------------------- https://lwn.net/Articles/772811/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (flashplugin, lib32-libtiff, and webkit2gtk), Debian (libphp-phpmailer and openjdk-7), Mageia (flash-player-plugin, Ghostscript, and poppler), openSUSE (chromium and virtualbox), and SUSE (java-1_8_0-ibm, libwpd, openssl, openssl-1_1, realtime-kernel, salt, and SDL_image). --------------------------------------------- https://lwn.net/Articles/772851/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.11.2018
by Daily end-of-shift report 22 Nov '18

22 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 21-11-2018 18:00 − Donnerstag 22-11-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ New mining Trojan for Linux removes anti-viruses ∗∗∗ --------------------------------------------- November 20, 2018 One of today’s most common ways of obtaining illegal earnings is to mine cryptocurrency covertly, using the resources of a computer without the owner’s consent. Doctor Web recently discovered a .. --------------------------------------------- https://news.drweb.com/show/?i=12942&lng=en&c=9 ∗∗∗ ECCploit: Rowhammer-Angriff funktioniert auch mit ECC ∗∗∗ --------------------------------------------- Ein Forscherteam konnte zeigen, dass Angriffe mit Bitflips im Arbeitsspeicher auch dann möglich sind, wenn man Speichermodule mit Fehlerkorrektur verwendet. --------------------------------------------- https://www.golem.de/news/eccploit-rowhammer-angriff-funktioniert-auch-mit-… ∗∗∗ Malware scum want to build a Linux botnet using Mirai ∗∗∗ --------------------------------------------- Hadoop YARN is the attack vector, so lock it away Diligent hackers .. --------------------------------------------- www.theregister.co.uk/2018/11/22/mirai_for_linux_on_x86/ ∗∗∗ Markenfälschungen auf rmc-bad-grosspertholz.at ∗∗∗ --------------------------------------------- Bei rmc-bad-grosspertholz.at finden Sie Markenkleidung, Schuhe und Accessoires zu sagenhaften Preisen. Erwarten Sie sich jedoch nicht viel von Ihrer Bestellung, Sie werden – falls überhaupt – minderwertige Waren .. --------------------------------------------- https://www.watchlist-internet.at/news/markenfaelschungen-auf-rmc-bad-gross… ∗∗∗ Achtung: Betrug über den Amazon Marketplace ∗∗∗ --------------------------------------------- Kriminelle übernehmen Amazon-Händlerkonten und bieten günstige Waren an. Ihre Bestellung wird zunächst angenommen, dann aber grundlos storniert. Kontaktieren Sie die Anbieter per E-Mail, erhalten Sie .. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-betrug-ueber-den-amazon-mark… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2018-1656) ∗∗∗ --------------------------------------------- There is a vulnerability in IBM® Runtime Environment Java Technology Edition, Version 8 that is used by IBM Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-af… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat, Open SSL, and Apache HTTPD affects Rational Build Forge ∗∗∗ --------------------------------------------- Apache Tomcat, Open SSL, and Apache Tomcat have multiple security vulnerabilities that could allow a remote attacker to exploit the Rational Build Forge application. Respective security vulnerabilities are discussed in .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0732 ∗∗∗ --------------------------------------------- Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0732CVE(s): CVE-2018-0732Affected product(s) and affected version(s):WebSphere .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-websphere-mq-v5-3-for… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus, IBM App Connect Enterpise v11 and WebSphere Message Broker ∗∗∗ --------------------------------------------- Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 8.0.5.5 & 8.0.5.15 and IBM® Runtime Environment Java Versions 7.0.10.15 & 7.0.10.25 used by IBM Integration .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0737 ∗∗∗ --------------------------------------------- WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) has addressed the following vulnerability: CVE-2018-0737 CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)CVE(s): CVE-2018-0737Affected .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-websphere-mq-v5-3-for… ∗∗∗ Download WP-DBManager <= 2.79.1 - Arbitrary File Delete ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9151 ∗∗∗ Security Advisory - Smart SMS Verification Code Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181121-… ∗∗∗ Moodle Login Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1042154 ∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008 ∗∗∗ --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0008.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.11.2018
by Daily end-of-shift report 21 Nov '18

21 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 20-11-2018 18:00 − Mittwoch 21-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Governikus: Personalausweis-Webanwendungen lassen sich austricksen ∗∗∗ --------------------------------------------- Mit einem relativ simplen Trick lässt sich die Authentifizierung von Webanwendungen mit dem elektronischen Personalausweis austricksen. Der Hersteller Governikus behauptet, dass dies in realen Anwendungen nicht funktioniert, kann aber nicht erklären, warum. (E-Personalausweis, Java) --------------------------------------------- https://www.golem.de/news/governikus-personalausweis-webanwendungen-lassen-… ∗∗∗ Werbe-Malware für macOS ∗∗∗ --------------------------------------------- Ein unter "SearchAwesome" und "SearchPageInjector" bekannter Datenschädling macht jetzt auf Macs die Runde. Er manipuliert Reklame und kann CPU-Zeit klauen. --------------------------------------------- http://heise.de/-4227303 ∗∗∗ Dell und VMware teilen sich Sicherheitslücken und servieren Patches ∗∗∗ --------------------------------------------- In Dell EMC Avamar Virtual Edition und VMware vSphere Data Protection klafft eine kritische Sicherheitslücke. --------------------------------------------- http://heise.de/-4228698 ∗∗∗ XSS Injection Campaign Exploits WordPress AMP Plugin ∗∗∗ --------------------------------------------- News broke last week disclosing a number of vulnerabilities in the AMP For WP plugin, installed on over 100,000 WordPress sites. WordPress contributor Sybre Waaijer identified the security issue and confidentially disclosed it to the WordPress plugins team. To exploit the flaw, an attacker needs to have a minimum of subscriber-level access on a vulnerable site. --------------------------------------------- https://www.wordfence.com/blog/2018/11/xss-injection-campaign-exploits-word… ∗∗∗ Warnung vor gefälschter PayLife-Sicherheits-App ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte PayLife-Nachricht. Darin fordern sie Kund/innen dazu auf, dass sie sich eine vermeintliche Sicherheits-App auf ihrem Smartphone installieren. Sie ist angeblich für die weitere Nutzung von PayLife-Kreditkarten notwendig. In Wahrheit ist die gefälschte PayLife-Sicherheits-App Schadsoftware, die wichtige Daten von Kund/innen stiehlt. Dadurch können Kriminelle Geld ihrer Opfer stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-gefaelschter-paylife-sic… ===================== = Vulnerabilities = ===================== ∗∗∗ Teledyne DALSA Sherlock ∗∗∗ --------------------------------------------- This advisory includes mitigations for a stack-based buffer overflow vulnerability in Teledyne DALSAs Sherlock machine vision software interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-324-01 ∗∗∗ Schneider Electric Modicon M221 ∗∗∗ --------------------------------------------- This advisory includes mitigations for an insufficient verification of data authenticity vulnerability in the Schneider Electric Modicon M221 product. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-324-02 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libtiff), CentOS (java-1.7.0-openjdk, spice-server, and thunderbird), Debian (jasper, liblivemedia, ruby-i18n, and ruby-rack), Fedora (curl, elfutils, firefox, kde-connect, kio-extras, libarchive, poppler, and webkit2gtk3), openSUSE (chromium, GraphicsMagick, kernel, libmatroska, mkvtoolnix, SDL2_image, and squid), Oracle (qemu), and Red Hat (flash-plugin and kernel). --------------------------------------------- https://lwn.net/Articles/772718/ ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181121-… ∗∗∗ IBM Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2018-16840) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-community-edition… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential XML External Entity (XXE) Injection Vulnerability in WebSphere Application Server (CVE-2018-1905) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-xml-externa… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-1061, CVE-2018-1060) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-py… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker , IBM Integration Bus and IBM App Connect ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by a JDBC XA switch load files Vulnerability(CVE-2017-1418) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… ∗∗∗ IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.11.2018
by Daily end-of-shift report 20 Nov '18

20 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 19-11-2018 18:00 − Dienstag 20-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Datendiebstahl durch FinanzOnline-Phishing-Mails ∗∗∗ --------------------------------------------- Kriminelle versenden im Namen des Bundesministeriums für Finanzen (BMF) betrügerische Phishing-Mails. Darin werden Sie dazu aufgefordert, Ihre Daten zu aktualisieren, um eine Steuerrückzahlung zu ermöglichen. Folgen Sie den Anweisungen nicht, denn Sie könnten erheblichen finanziellen Schaden erleiden! Es handelt sich um einen Versuch, Ihre persönlichen Daten und Kontoinformationen zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/datendiebstahl-durch-finanzonline-ph… ∗∗∗ Internet Domain Services Austria-Mahnung nicht bezahlen ∗∗∗ --------------------------------------------- Unternehmen erhalten von Internet Domain Services Austria (IDSA) einen Payment Reminder. Darin heißt es, dass es unbeglichene Rechnungen gebe und der Betrag in Höhe von 237 Euro innerhalb von 5 Tagen bezahlt werden müsse. Empfänger/innen müssen den Betrag nicht bezahlen, denn dafür gibt es keinen Rechtsgrund. --------------------------------------------- https://www.watchlist-internet.at/news/internet-domain-services-austria-mah… ∗∗∗ TP-Link-Router TL-R600VPN vielfältig angreifbar ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für einen VPN-Router von TP-Link. --------------------------------------------- http://heise.de/-4225979 ∗∗∗ Notfall-Patch: Adobe sichert Flash außer der Reihe ab ∗∗∗ --------------------------------------------- Eigentlich veröffentlicht Adobe nur ein Mal im Monat Sicherheitsupdates für seine Produkte. Für eine gefährliche Flash-Lücke macht der Hersteller eine Ausnahme. --------------------------------------------- http://heise.de/-4227033 ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2018-0029 ∗∗∗ --------------------------------------------- vSphere Data Protection (VDP) updates address multiple security issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0029.html ∗∗∗ Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing three remote code execution vulnerabilities in the Atlantis Word Processor. Atlantis Word Processor is a traditional word processor that provides a number of basic features for users, in line with what is in other similar types of software. --------------------------------------------- https://blog.talosintelligence.com/2018/11/Atlantis-Word-Processor-RCE-vuln… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium), Debian (mariadb-10.1, openjpeg2, systemd, and uriparser), Mageia (389-ds-base, apache, and soundtouch), SUSE (libwpd, py26-compat-salt, salt, and SMS3.1), and Ubuntu (systemd). --------------------------------------------- https://lwn.net/Articles/772621/ ∗∗∗ x86: DoS from attempting to use INVPCID with a non-canonical addresses ∗∗∗ --------------------------------------------- A buggy or malicious PV guest can crash the host. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-279.html ∗∗∗ Fix for XSA-240 conflicts with shadow paging ∗∗∗ --------------------------------------------- A malicious or buggy x86 PV guest may cause Xen to crash, resulting in a DoS (Denial of Service) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-280.html ∗∗∗ Insufficient TLB flushing / improper large page mappings with AMD IOMMUs ∗∗∗ --------------------------------------------- A malicious or buggy guest may be able to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access (information leak). --------------------------------------------- https://xenbits.xen.org/xsa/advisory-275.html ∗∗∗ Resource accounting issues in x86 IOREQ server handling ∗∗∗ --------------------------------------------- A compromised DM stubdomain may cause Xen to crash, resulting in a DoS (Denial of Service) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-276.html ∗∗∗ x86: incorrect error handling for guest p2m page removals ∗∗∗ --------------------------------------------- A malicious or buggy guest may cause a deadlock, resulting in a DoS (Denial of Service) affecting the entire host. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-277.html ∗∗∗ Ricoh myPrint Hardcoded Credentials / Information Disclosure ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2018110154 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private Cloud Foundry (CVE-2018-14645) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2018-1843) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2015-9251) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2017-7526) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private Cloud Foundry (CVE-2018-3646, CVE-2018-3615, CVE-2018-3620) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK (July 2018) affecting IBM Application Delivery Intelligence V5.0.5 and V5.0.4 (CVE-2016-0705, CVE 2017-3732, CVE 2017-3736, and CVE-2018-2973) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct FTP+ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for Microsoft Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.11.2018
by Daily end-of-shift report 19 Nov '18

19 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-11-2018 18:00 − Montag 19-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Schwere Sicherheitslücken in GPS-Kinderuhren ∗∗∗ --------------------------------------------- Eigentlich sollten GPS-Uhren die Sicherheit der Kinder erhöhen. Nun werden sie selbst zum Risiko. --------------------------------------------- https://futurezone.at/digital-life/schwere-sicherheitsluecken-in-gps-kinder… ===================== = Vulnerabilities = ===================== ∗∗∗ Synaccess netBooter NP-0801DU 7.4 CSRF Add Admin Exploit ∗∗∗ --------------------------------------------- The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5501.php ∗∗∗ Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass ∗∗∗ --------------------------------------------- netBooter suffers from an authentication bypass vulnerability due to missing control check when calling webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create admin user account and bypass authentication giving her the power to turn off a power supply to a resource. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5500.php ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (grafana and patch), Debian (chromium-browser), Fedora (cabextract, curl, elfutils, firefox, flatpak, glusterfs, kernel, kernel-headers, kernel-tools, kio-extras, libmspack, mariadb, mupdf, poppler, suricata, and wireshark), Mageia (hylafax+, jhead, libmspack/cabextract, nginx, sdl2/mingw-SDL2, and squid), openSUSE (amanda, apache-pdfbox, chromium, ImageMagick, LibreOffice and dependency libraries, libxkbcommon, openssh, systemd, and [...] --------------------------------------------- https://lwn.net/Articles/772522/ ∗∗∗ Serial number disclosure in the FortiOS PPTP server hostname protocol field ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-101 ∗∗∗ Cross-site scripting (XSS) vulnerability via DHCP Hostname parameter ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-121 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK Affects IBM Algo Credit Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability via large JSON payloads (CVE-2018-1779) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1683, CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Manager FastBack (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.11.2018
by Daily end-of-shift report 16 Nov '18

16 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-11-2018 18:00 − Freitag 16-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Serverüberwachungssoftware Nagios XI: Mehrere Schlupflöcher für Angreifer ∗∗∗ --------------------------------------------- Nagios XI ist angreifbar und gefährdet IT-Infrastrukturen. Eine abgesicherte Version ist verfügbar. --------------------------------------------- http://heise.de/-4222806 ∗∗∗ Warnung vor Gelenkcreme Artrovex ∗∗∗ --------------------------------------------- Kriminelle geben sich als Bundesministerium für Arbeit, Soziales, Gesundheit und Konsumentenschutz aus und behaupten, dass die österreichische Regierung bei Gelenkschmerzen die Creme Artrovex empfiehlt. Das ist erfunden. Konsument/innen dürfen Artrovex nicht bestellen, denn die Creme hat keine medizinische Wirkung. Ebenso übermitteln Käufer/innen damit persönliche Daten an Unbekannte. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-gelenkcreme-artrovex/ ∗∗∗ tRat Emerges as New Pet for APT Group TA505 ∗∗∗ --------------------------------------------- The modular malware seems to be in a testing phase, but TA505s interest made researchers take note. --------------------------------------------- https://threatpost.com/trat-emerges-as-new-pet-for-apt-group-ta505/139136/ ∗∗∗ Lock-Screen Bypass Bug Quietly Patched in Handsets ∗∗∗ --------------------------------------------- The flaw in a high-end phones and up-and-coming handsets made by top OEMs allows hackers to bypass handset lock screens in seconds. --------------------------------------------- https://threatpost.com/lock-screen-bypass-bug-quietly-patched-in-handsets/1… ∗∗∗ Hacking Connected Home Alarm Systems – The Expensive [part 2] ∗∗∗ --------------------------------------------- TL;DR: We were wondering whether price affects the security of IoT appliances. So we verified the security of two differently priced connected home alarm systems. Both IoT alarms are marketed as an easy solution to protect your home. Unfortunately we find this not to be the case as we identified multiple critical vulnerabilities in both systems. --------------------------------------------- https://blog.nviso.be/2018/11/15/hacking-connected-home-alarm-systems-the-e… ∗∗∗ 0-Day in ELBA5's Network Installation: Overtaking your company's bank account ∗∗∗ --------------------------------------------- This blog post is about a previously unknown critical vulnerability in the Austrian electronic banking application ELBA5. The issue discussed here could be abused to gain full control over any ELBA5 database server as well as the underlying operating system. It has a confirmed CVSSv3 score of 10.0. --------------------------------------------- https://bogner.sh/2018/11/0-day-in-elba5s-network-installation-overtaking-y… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (lldpad, pdns, and php), Mageia (flash-player-plugin, gdal, mutt, patch, php-pear-CAS, postgresql9.4|6, ruby-rack, and teeworlds), SUSE (kernel-rt, postgresql10, and squid), and Ubuntu (openjdk-7). --------------------------------------------- https://lwn.net/Articles/772259/ ∗∗∗ Multiple critical vulnerabilities in Miss Marple Enterprise Edition ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil… ∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache Tomcat and Apache HTTP Server (CVE-2018-11763; CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-build-forge-… ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2018-1841) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for Email, IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime Version 8 SR4FP10 affect IBM Notes and Domino ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2018-10892) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.11.2018
by Daily end-of-shift report 15 Nov '18

15 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-11-2018 18:00 − Donnerstag 15-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now ∗∗∗ --------------------------------------------- A security researcher has discovered a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website. The vulnerable WordPress plugin in question is "AMP for WP – Accelerated Mobile Pages" that lets websites automatically generate valid accelerated mobile pages for --------------------------------------------- https://thehackernews.com/2018/11/amp-plugin-for-WordPress.html ∗∗∗ Patchday: Schwerwiegende Sicherheitslücke in SAP HANA Streaming Analytics ∗∗∗ --------------------------------------------- SAP hat Updates veröffentlicht, die unter anderem eine kritische Schwachstelle im Software-Portfolio des Herstellers schließen. --------------------------------------------- http://heise.de/-4221574 ∗∗∗ Achtung: Rechnungs-Trojaner vom Kollegen ∗∗∗ --------------------------------------------- Mit einem miesen Trick versuchen Kriminelle, unvorsichtige Anwender mit Online-Banking-Trojanern zu infizieren. --------------------------------------------- http://heise.de/-4221813 ∗∗∗ Sicherheitsupdate: Skype kann an Emojis ersticken ∗∗∗ --------------------------------------------- Zu viele Emojis in Chat-Nachrichten können Skype for Business und Lync 2013 zum Erliegen bringen. --------------------------------------------- http://heise.de/-4221978 ∗∗∗ Kauf bei potenzmittel-apotheke.eu schädigt Brieftasche und Gesundheit ∗∗∗ --------------------------------------------- Bei potenzmittel-apotheke.eu finden Kund/innen rezeptfreie Potenzmittel und ersparen sich die unangenehme Erfahrung, dieses Medikament auf herkömmlichen Weg, nämlich über Rezept, zu erwerben. potenzmittel-apotheke.eu ist jedoch eine illegale Versandapotheke, Sie verlieren Ihr Geld und spielen Betrüger/innen persönliche Daten in die Hände! --------------------------------------------- https://www.watchlist-internet.at/news/kauf-bei-potenzmittel-apothekeeu-sch… ∗∗∗ Gefälschte Gemeinde-Rechnungen verbreiten Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden gefälschte Gemeinde-Rechnungen mit der Adress-Endung gv.at. Darin behaupten sie, dass Unternehmen eine offene Rechnung haben und der Verwaltung noch Geld schulden. Weiterführende Informationen dazu finden sich angeblich in einem Dateianhang. Er verbirgt Schadsoftware und darf nicht geöffnet werden. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-gemeinde-rechnungen-verb… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (kde-connect, mingw-SDL2_image, SDL2_image, and subscription-manager), Red Hat (flash-plugin), SUSE (openssh-openssl1, systemd, and thunderbird), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-hwe, linux-azure, linux-gcp, linux-lts-trusty, linux-lts-xenial, linux-aws, [...] --------------------------------------------- https://lwn.net/Articles/772103/ ∗∗∗ Digium Asterisk: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-2347/ ∗∗∗ IBM Security Bulletin: Potential directory traversal vulnerability in WebSphere Application Server (CVE-2018-1797) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-directory-t… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private (CVE-2018-0732, CVE-2018-12115, CVE-2018-7166, CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2018-1639) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.11.2018
by Daily end-of-shift report 14 Nov '18

14 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-11-2018 18:00 − Mittwoch 14-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackers Change WordPress Siteurl to Pastebin ∗∗∗ --------------------------------------------- Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]net domain didn't work and the infection simply broke the compromised sites. Our SiteCheck scanner detected the infection on about 700 sites over the weekend [...] --------------------------------------------- https://blog.sucuri.net/2018/11/hackers-change-wordpress-siteurl-to-pastebi… ∗∗∗ Want to hack an ATM for free cash? Its as easy as Windows XP ∗∗∗ --------------------------------------------- Bank machines pen testing reveals alarming results ATM machines are vulnerable to an array of basic attack techniques that would allow hackers to lift thousands in cash. --------------------------------------------- https://www.theregister.co.uk/2018/11/14/atm_security_lousy/ ∗∗∗ November 2018 Microsoft Patch Tuesday ∗∗∗ --------------------------------------------- This month, Microsoft patches two issues that have already been disclosed publically. One is related to BitLocker trusting SSDs with faulty encryption. [...] The second publicly disclosed vulnerability is the ALPC elevation of privilege issue that was disclosed by SandboxEscaper via Twitter. [...] Finally, these updates address a Win32k elevation of privilege vulnerability (cve:2018-8589) which has been exploited in the wild. --------------------------------------------- https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/243… ∗∗∗ Patchday bei Adobe: Nicht kritisch, aber wichtig ∗∗∗ --------------------------------------------- Sicherheitsupdates von Adobe schließen Lücken in Acrobat, Flash, Photoshop CC und Reader. Keine Schwachstelle gilt als "kritisch". --------------------------------------------- http://heise.de/-4220586 ∗∗∗ Generalschlüssel für Fingerabdruckscanner: Master-Prints entsperren Smartphones ∗∗∗ --------------------------------------------- Mit KI-Methoden erstellten Forscher Fingerabdrücke, die als eine Art Generalschlüssel für Fingerabdruckscanner fungieren und damit etwa Smartphones entsperren. --------------------------------------------- http://heise.de/-4220782 ∗∗∗ Prozessor-Sicherheit: Sieben neue Varianten von Spectre-Lücken ∗∗∗ --------------------------------------------- Die Spectre-Sicherheitslücken in Prozessoren lassen sich angeblich noch anders nutzen, als bisher bekannt; Intel gibt allerdings Entwarnung. --------------------------------------------- http://heise.de/-4220854 ∗∗∗ Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies ∗∗∗ --------------------------------------------- You know what I really like? A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). You know what I really dont like? Logging on to Report URI and being greeted with something like this: [...] --------------------------------------------- https://www.troyhunt.com/add-ons-extensions-and-csp-violations-playing-nice… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2018-10: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- This advisory covers a problem with a data migration discovered in the OTRS framework. --------------------------------------------- https://community.otrs.com/security-advisory-2018-10-security-update-for-ot… ∗∗∗ VMSA-2018-0028 ∗∗∗ --------------------------------------------- VMware vRealize Log Insight updates address an authorization bypass vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0028.html ∗∗∗ November 2018 Office Update Release ∗∗∗ --------------------------------------------- The November 2018 Public Update releases for Office are now available! This month, there are 29 security updates and 16 non-security updates. All of the security and non-security updates are listed in KB article 4469617. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/11/13… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (powerdns and powerdns-recursor), Debian (ceph and spamassassin), Fedora (feh, flatpak, and xen), Red Hat (kernel, kernel-rt, openstack-cinder, python-cryptography, and Red Hat Single Sign-On 7.2.5), and Ubuntu (python2.7, python3.4, python3.5). --------------------------------------------- https://lwn.net/Articles/771881/ ∗∗∗ Security Advisory - Information Leakage Vulnerability on Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ Security Advisory - Two Vulnerabilities in Huawei eSpace Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Planning Analytics Local is affected by multiple Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-planning-analytic… ∗∗∗ Denial of Service Vulnerability in Microsoft Skype for Business / Lync ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/vulnerability-in-skype-for-b… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.11.2018
by Daily end-of-shift report 13 Nov '18

13 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 12-11-2018 18:00 − Dienstag 13-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Trojaner: Der Banking-Trojaner Trickbot hat neue Tricks gelernt ∗∗∗ --------------------------------------------- Vor zwei Jahren hatte es Trickbot nur auf Bankdaten abgesehen. Nun ist eine neue Variante des Trojaners im Umlauf, die auch Passwörter aus anderen Anwendungen abgreifen kann. (Malware, Spam) --------------------------------------------- https://www.golem.de/news/trojaner-der-banking-trojaner-trickbot-hat-neue-t… ∗∗∗ Blockverschlüsselung: Verschlüsselungsmodus OCB2 gebrochen ∗∗∗ --------------------------------------------- Im Verschlüsselungsmodus OCB2 wurden in kurzer Abfolge zahlreiche Sicherheitsprobleme gefunden. Breite Verwendung findet dieser Modus nicht, obwohl er Teil eines ISO-Standards ist. (Verschlüsselung, Applikationen) --------------------------------------------- https://www.golem.de/news/blockverschluesselung-verschluesselungsmodus-ocb2… ∗∗∗ Should You Send Your Pen Test Report to the MSRC? ∗∗∗ --------------------------------------------- Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept, details of an attack or demonstration of a vulnerability, and a detailed writeup of the... --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/11/12/should-you-send-your-pe… ∗∗∗ Why Google Internet Traffic Rerouted Through China and Russia ∗∗∗ --------------------------------------------- For two hours Monday, Google internet traffic rerouted through China, Russia, and elsewhere. Heres why. --------------------------------------------- https://www.wired.com/story/google-internet-traffic-china-russia-rerouted ∗∗∗ TLS-Aufschlüsselung: Malware und Angriffe in verschlüsselten Datenströmen erkennen ∗∗∗ --------------------------------------------- Die Schlacht um Aufschlüsselungs-Optionen für TLS haben Strafverfolger und Provider verloren. Eine Forschungsgruppe soll nun die Gefahrenabwehr ausloten. --------------------------------------------- http://heise.de/-4219047 ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-39), Adobe Acrobat and Reader (APSB18-40) and Adobe Photoshop CC (APSB18-43). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1648 ∗∗∗ SAP Security Patch Day - November 2018 ∗∗∗ --------------------------------------------- On 13th of November 2018, SAP Security Patch Day saw the release of 11 Security Notes. Additionally, there were 3 updates to previously released security notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firmware-nonfree and imagemagick), Fedora (cabextract, icecast, and libmspack), openSUSE (icecast), Red Hat (httpd24), Slackware (libtiff), SUSE (apache-pdfbox, firefox, ImageMagick, and kernel), and Ubuntu (clamav, spamassassin, and systemd). --------------------------------------------- https://lwn.net/Articles/771697/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-1656 , CVE-2018-12539 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in Installation Verification Tool of WebSphere Application Server (CVE-2018-1643) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ RSA BSAFE Micro Edition Suite Lets Remote Users Cause the Target Service to Crash ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1042057 ∗∗∗ SSA-113131 (Last Update: 2018-11-13): Denial-of-Service Vulnerabilities in S7-400 CPUs ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-113131.txt ∗∗∗ SSA-233109 (Last Update: 2018-11-13): Web Vulnerabilities in SIMATIC Panels ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-233109.txt ∗∗∗ SSA-242982 (Last Update: 2018-11-13): Cross-Site Scripting Vulnerability in SCALANCE S ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-242982.txt ∗∗∗ SSA-584286 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC S7-1200 CPU and SIMATIC S7-1500 CPU ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-584286.txt ∗∗∗ SSA-621493 (Last Update: 2018-11-13): Password Storage Vulnerability in SIMATIC STEP7 (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-621493.txt ∗∗∗ SSA-886615 (Last Update: 2018-11-13): Vulnerability in SIMATIC IT Production Suite ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-886615.txt ∗∗∗ SSA-944083 (Last Update: 2018-11-13): HTTP Header Injection in SIMATIC Panels and SIMATIC WinCC (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-944083.txt ∗∗∗ SSA-168644 (Last Update: 2018-11-13): Spectre and Meltdown Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-168644.txt ∗∗∗ SSA-179516 (Last Update: 2018-11-13): OpenSSL Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-179516.txt ∗∗∗ SSA-254686 (Last Update: 2018-11-13): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt ∗∗∗ SSA-268644 (Last Update: 2018-11-13): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-268644.txt ∗∗∗ SSA-293562 (Last Update: 2018-11-13): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-293562.txt ∗∗∗ SSA-346262 (Last Update: 2018-11-13): Denial-of-Service in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-346262.txt ∗∗∗ SSA-348629 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-348629.txt ∗∗∗ SSA-901333 (Last Update: 2018-11-13): KRACK Attacks Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-901333.txt ∗∗∗ SSA-159860 (Last Update: 2018-11-13): Access Control Vulnerability in IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-159860.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.11.2018
by Daily end-of-shift report 12 Nov '18

12 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-11-2018 18:00 − Montag 12-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Linux CryptoMiners Are Now Using Rootkits to Stay Hidden ∗∗∗ --------------------------------------------- To make it harder to spot a cryptominer process that is utilizing all of the CPU, a new variant has been discovered for Linux that attempts to hide its presence by utilizing a rootkit. --------------------------------------------- https://www.bleepingcomputer.com/news/security/linux-cryptominers-are-now-u… ∗∗∗ DSGVO: Sicherheitslücke in Wordpress-Addon ermöglicht Admin-Rechte ∗∗∗ --------------------------------------------- Durch eine fehlende Identitätsabfrage in einem DSGVO-Plugin für Wordpress können sich Angreifer Administratorkonten für Webseiten anlegen und dann beliebige Schadsoftware verteilen. Die Lücke wird bereits ausgenutzt. (Wordpress, PHP) --------------------------------------------- https://www.golem.de/news/dsgvo-sicherheitsluecke-in-wordpress-addon-ermoeg… ∗∗∗ Virtualisierung: Update behebt Schwachstelle in VMware Player und Workstation ∗∗∗ --------------------------------------------- Eine Sicherheitslücke betrifft die beliebten Virtualisierungsprogramme VMware Player und Workstation. Angreifer können darüber Code auf dem Hostsystem ausführen, was die Lücken recht kritisch macht. Das von VMware verteilte Update sollte schnell installiert werden. (VMware, Virtualisierung) --------------------------------------------- https://www.golem.de/news/virtualisierung-update-behebt-schwachstelle-in-vm… ∗∗∗ Trojaner: Achtung bei angeblichen Rechnungen ∗∗∗ --------------------------------------------- Vetrauenswürdiger Absender, glaubhafter Text in gutem Deutsch – und trotzdem handelt es sich bei der angehängten Rechnung um einen Trojaner. --------------------------------------------- http://heise.de/-4219043 ∗∗∗ Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems ∗∗∗ --------------------------------------------- Malware that attacks industrial control systems (ICS), such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that manage large-scale industrial processes. An essential danger in this threat is that it moves from mere digital damage to risking human lives. --------------------------------------------- https://securingtomorrow.mcafee.com/mcafee-labs/triton-malware-spearheads-l… ∗∗∗ Betrugsversuch beim Privatverkauf ∗∗∗ --------------------------------------------- Kriminelle senden Privatverkäufer/innen über WhatsApp Kaufangebote. Sie geben vor, dass sie im Ausland sind und schlagen die Vertragsabwicklung über eine Spedition vor. Dazu versenden sie gefälschte Überweisungsbelege. Verkäufer/innen sollen sowohl die Ware als auch zu viel transferierte Geldbeträge ins Ausland überweisen. Sie verlieren beides und erhalten nicht den Kaufpreis. --------------------------------------------- https://www.watchlist-internet.at/news/betrugsversuch-beim-privatverkauf/ ∗∗∗ Schadsoftware-Mails von Paymorrow Gbr und Volkswagen VTI GmbH! ∗∗∗ --------------------------------------------- Unternehmen aufgepasst: Betrüger/innen versenden Mails mit angeblichen Rechnungen im .zip-Dateiformat. Die enthaltenen ausführbaren Files dürfen auf keinen Fall geöffnet werden, denn sie infizieren Ihr Gerät oder das Firmennetzwerk mit Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/schadsoftware-mails-von-paymorrow-gb… ∗∗∗ How my personal Bug Bounty Program turned into a Free Security Audit for the Serendipity Blog ∗∗∗ --------------------------------------------- HackerOne is currently one of the most popular bug bounty program platforms. While the usual providers of bug bounty programs are companies, w while ago I noted that some people were running bug bounty programs on Hacker One for their private projects without payouts. It made me curious, so I decided to start one with some of my private web pages in scope. --------------------------------------------- https://blog.hboeck.de:443/archives/896-How-my-personal-Bug-Bounty-Program-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, systemd, and thunderbird), Debian (ansible, ghostscript, qemu, thunderbird, and xen), Fedora (community-mysql, gettext, links, mysql-connector-java, xen, and zchunk), Gentoo (icecast, libde265, okular, pango, and PHProjekt), Mageia (ansible, audiofile, iniparser, libtiff, mercurial, opencc, and python-dulwich), openSUSE (accountsservice, apache2, [...] --------------------------------------------- https://lwn.net/Articles/771574/ ∗∗∗ IBM Security Bulletin: IBM MQ can allow an attacker to execute a privilege escalation attack on a local machine. (CVE-2018-1792) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-can-allow-an-a… ∗∗∗ IBM Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM Network Performance Insight (CVE-2018-11771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-network-performan… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Network Performance Insight ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ BIG-IP iControl and tmsh vulnerability CVE-2018-15325 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K77313277 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.11.2018
by Daily end-of-shift report 09 Nov '18

09 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 08-11-2018 18:00 − Freitag 09-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Root-Zertifikat: Sennheiser-Software hebelt HTTPS-Sicherheit aus ∗∗∗ --------------------------------------------- Eine Software für Headsets des Herstellers Sennheiser installiert ein Root-Zertifikat und sorgt damit dafür, dass HTTPS-Verbindungen nicht mehr sicher sind. In neueren Versionen ist die Lücke etwas weniger schlimm, einen Fix gibt es bisher nicht. (TLS, Sound-Hardware) --------------------------------------------- https://www.golem.de/news/root-zertifikat-sennheiser-software-hebelt-https-… ∗∗∗ Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets ∗∗∗ --------------------------------------------- Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word processor software for specific languages like Urdu, Persian, Pashto, and Arabic. More than 75% of [...] --------------------------------------------- https://cloudblogs.microsoft.com/microsoftsecure/2018/11/08/attack-uses-mal… ∗∗∗ AR18-312A: JexBoss – JBoss Verify and EXploitation Tool ∗∗∗ --------------------------------------------- JBoss Verify and EXploitation tool (JexBoss) is an open-source tool used by cybersecurity hunt teams (sometimes referred to as "red teams") and auditors to conduct authorized security assessments. Threat actors use this tool maliciously to test and exploit vulnerabilities in JBoss Application Server [...] --------------------------------------------- https://www.us-cert.gov/ncas/analysis-reports/AR18-312A ∗∗∗ Passive DNS for the Bad ∗∗∗ --------------------------------------------- Passive DNS is not a new technique but, for the last months, there was more and more noise around it. Passive DNS is a technique used to record all resolution requests performed by DNS resolvers (bigger they are, bigger they will collect) and then allow to search for historical data. --------------------------------------------- https://blog.rootshell.be/2018/11/09/passive-dns-for-the-bad/ ∗∗∗ UAC Bypass by Mocking Trusted Directories ∗∗∗ --------------------------------------------- During research for some new User Account Control (UAC) bypass techniques, I discovered what I believe to be a new bypass method (at the time of this writing). It is worth mentioning that Microsoft doesnt consider UAC a security boundary, however we still reported the bug to Microsoft and want to share its details here. --------------------------------------------- https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directori… ===================== = Vulnerabilities = ===================== ∗∗∗ Philips iSite and IntelliSpace PACS ∗∗∗ --------------------------------------------- This medical device advisory includes mitigations for a weak password Requirements vulnerability in the Philips iSite and IntelliSpace PACS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-312-01 ∗∗∗ PostgreSQL 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25 released ∗∗∗ --------------------------------------------- There is a whole new set of PostgreSQL releases out there, the main purpose of which is to include an important security fix. "Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs `pg_upgrade` on the database or during a pg_dump dump/restore cycle. This attack requires [...] --------------------------------------------- https://lwn.net/Articles/771145/ ∗∗∗ VMSA-2018-0027 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0027.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nginx), Fedora (icu, java-1.8.0-openjdk-aarch32, libgit2, php-pear-CAS, roundcubemail, and ruby), Gentoo (firefox, libX11, openssl, and python), openSUSE (thunderbird), Oracle (java-11-openjdk, kernel, and spice-server), Red Hat (java-1.8.0-ibm and thunderbird), Scientific Linux (spice-server), SUSE (curl, libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1, libxkbcommon, openssh, and [...] --------------------------------------------- https://lwn.net/Articles/771324/ ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-40) ∗∗∗ --------------------------------------------- https://blogs.adobe.com/psirt/?p=1654 ∗∗∗ Roche Diagnostics Point of Care Handheld Medical Devices (Update A) ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01 ∗∗∗ Security Updates for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2018-09-security-update-for-ot… https://community.otrs.com/security-advisory-2018-08-security-update-for-ot… https://community.otrs.com/security-advisory-2018-07-security-update-for-ot… ∗∗∗ Field Notice: FN - 70319 - ASA and FXOS Software - Change in Root Certificate Might Affect Smart Licensing and Smart Call Home Functionality - Software Upgrade Recommended ∗∗∗ --------------------------------------------- https://www.cisco.com/c/en/us/support/docs/field-notices/703/fn70319.html ∗∗∗ IBM Security Bulletin: Denial of Service vulnerability affects IBM Spectrum Protect Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-1786) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-denial-of-service-vul… ∗∗∗ IBM Security Bulletin: Vulnerability in FreeBSD affects AIX (CVE-2018-6922) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-free… ∗∗∗ IBM Security Bulletin: Potential cross-site scripting vulnerability in WebSphere Application Server using SIBMsgMigration Utility (CVE-2018-1798) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-cross-site-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology Affect IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Bulletin: A Zip Slip vulnerability is exposed in Case Manager (CVE-2018-1884) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-a-z… ∗∗∗ IBM Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect for Virtual Environments (CVE-2018-1553) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: OpenSSL Vulnerability Affects IBM Contact Optimization (CVE-2016-8610) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.11.2018
by Daily end-of-shift report 08 Nov '18

08 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-11-2018 18:00 − Donnerstag 08-11-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Beginner’s Guide to Open Source Intrusion Detection (IDS) Tools ∗∗∗ --------------------------------------------- Originally written by Joe Schreiber Re-written and edited by Trevor Giffen (Editorial Contractor) Re-re edited and expanded by Rich Langston Whether you need to monitor hosts or the networks connecting them to identify the .. --------------------------------------------- https://feeds.feedblitz.com/~/579108152/0/alienvault-blogs~Beginner%e2%80%9… ∗∗∗ DJI Patches Forum Bug That Allowed Drone Account Takeovers ∗∗∗ --------------------------------------------- Bug opened door for malicious link attack, giving hacker access to stored DJI drone data of commercial and consumer customers. --------------------------------------------- https://threatpost.com/dji-patches-forum-bug-that-allowed-drone-account-tak… ∗∗∗ Sicherheitsupdates: Cisco entfernt Backdoor aus Business Switches ∗∗∗ --------------------------------------------- Es gibt wichtige Patches zu Absicherung von Hard- und Software von Cisco. --------------------------------------------- http://heise.de/-4216400 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (python-paramiko and thunderbird), Debian (firefox-esr, libdatetime-timezone-perl, and mariadb-10.0), Fedora (curl, NetworkManager, and xorg-x11-server), openSUSE (kernel), Oracle (java-1.7.0-openjdk, .. --------------------------------------------- https://lwn.net/Articles/771129/ ∗∗∗ Synology-SA-18:58 Surveillance Station ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Surveillance Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_58 ∗∗∗ Synology-SA-18:59 VS960HD ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of VS960HD. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_59 ∗∗∗ BlackBerry powered by Android Security Bulletin - November 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ WP GDPR Compliance <= 1.4.2 - Unauthenticated Call Any Action or Update Any Option ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9144 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2018-1872) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5740 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: Node.js as used in IBM QRadar Packet Capture is susceptible to multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-node-js-as-used-in-ib… ∗∗∗ IBM Security Bulletin: An XML External Entity (XXE) processing vulnerability is exposed in Case Manager administration client (CVE-2018-1844) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-xml-external-entit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.11.2018
by Daily end-of-shift report 07 Nov '18

07 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-11-2018 18:00 − Mittwoch 07-11-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Oracle: Verärgerter Forscher veröffentlicht Exploit für Virtualbox ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher hat eine Zero-Day-Lücke für Virtualbox veröffentlicht, die einen Ausbruch aus dem Gastsystem auf das Host-System ermöglicht. Der Forscher sei frustriert darüber, .. --------------------------------------------- https://www.golem.de/news/oracle-veraergerter-forscher-veroeffentlicht-expl… ∗∗∗ BCMPUPnP_Hunter: A 100k Botnet Turns Home Routers to Email Spammers ∗∗∗ --------------------------------------------- This article was co-authored by Hui Wang and RootKiter.Since September 2018, 360Netlab Scanmon has detected multiple scan spikes on TCP port 5431, each time the system logged more than 100k scan .. --------------------------------------------- http://blog.netlab.360.com/bcmpupnp_hunter-a-100k-botnet-turns-home-routers… ∗∗∗ ADV180028 | Guidance for configuring BitLocker to enforce software encryption ∗∗∗ --------------------------------------------- Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain .. --------------------------------------------- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028 ∗∗∗ WordPress Design Flaw Leads to WooCommerce RCE ∗∗∗ --------------------------------------------- A flaw in the way WordPress handles privileges can lead to a privilege escalation in WordPress plugins. This affects for example WooCommerce, the most popular e-commerce plugin with over 4 million .. --------------------------------------------- https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-r… ∗∗∗ Vorsicht! Neue betrügerische Bewerbungsmail mit Erpressungstrojaner im Umlauf ∗∗∗ --------------------------------------------- Derzeit kursiert eine gefakte Bewerbung von "Peter Reif" im Internet. Nach dem Öffnen des Dateianhangs verschlüsselt ein Schädling Daten und fordert Lösegeld. --------------------------------------------- http://heise.de/-4214191 ∗∗∗ Attackers breached Statcounter to steal cryptocurrency from gate.io users ∗∗∗ --------------------------------------------- Web analytics company Statcounter and cryptocurrency exchange gate.io have been compromised in another supply-chain attack, which resulted in an unknown number of gate.io customers getting their money stolen,.. --------------------------------------------- https://www.helpnetsecurity.com/2018/11/07/statcounter-gate-io-compromised/ ∗∗∗ Keine FLIXGLADE und FLIX FORGE LTD- Rechnungen bezahlen! ∗∗∗ --------------------------------------------- Auf der Suche nach kostenlosen Filmen im Internet stoßen Konsument/innen auf flixman.de und inflix.de. Es handelt sich um kriminelle Plattformen, die ihren Opfern keine Leistung erbringen, .. --------------------------------------------- https://www.watchlist-internet.at/news/keine-flixglade-und-flix-forge-ltd-r… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Session Initiation Protocol (SIP) inspectionengine of Cisco Adaptive Security Appliance (ASA) Software and CiscoFirepower Threat Defense (FTD) Software could allow an unauthenticated, .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin:Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system and The IBM Java Runtime Environment’s Diagnostic Tooling Framework for Java does not protect against CVE-2018-1656 and CVE-2018-12539 ∗∗∗ --------------------------------------------- The IBM Java Runtime Environment’s Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletineclipse-openj9-could-a… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Cassandra affects IBM Operations Analytics Predictive Insights (CVE-2018-8016) ∗∗∗ --------------------------------------------- Apache Cassandra is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Note that the usage of Apache Cassandra within IBM Operations .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect IBM Operations Analytics Predictive Insights (CVE-2018-1060, CVE-2018-1061) ∗∗∗ --------------------------------------------- Python is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Note that the usage of Python within IBM Operations Analytics .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-py… ∗∗∗ Roche Point of Care Handheld Medical Devices ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01 ∗∗∗ Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unity Express Arbitrary Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Xen Security Advisory 282 - guest use of HLE constructs may lock up host ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-282.html ∗∗∗ Red Hat JBoss EAP RichFaces Access Control Bug Lets Remote Users Execute Arbitrary Code on the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1042037 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.11.2018
by Daily end-of-shift report 06 Nov '18

06 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 05-11-2018 18:00 − Dienstag 06-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SSD: Forscher umgehen Passwörter bei verschlüsselten Festplatten ∗∗∗ --------------------------------------------- Bei manchen SSDs mit Hardwareverschlüsselung konnten Forscher die Firmware so manipulieren, dass sie beliebige Passwörter akzeptierte. Das war nicht das einzige Problem, das sie fanden. (Solid State Drive, Speichermedien) --------------------------------------------- https://www.golem.de/news/ssd-forscher-umgehen-passwoerter-bei-verschluesse… ∗∗∗ Malicious Powershell Script Dissection, (Tue, Nov 6th) ∗∗∗ --------------------------------------------- Here is another example of malicious Powershell script found while hunting. Such scripts remain a common attack vector and many of them can be easily detected just by looking for some specific strings. Here is an example of YARA rule [...] --------------------------------------------- https://isc.sans.edu/diary/rss/24282 ∗∗∗ Struts 2.3 Vulnerable to Two Year old File Upload Flaw ∗∗∗ --------------------------------------------- Apache today released an advisory, urging users who run Apache Struts 2.3.x to update the commons-fileupload component [1]. Struts 2.3.x uses by default the old 1.3.2 version of commons-fileupload. In November of 2016, a deserialization vulnerability was disclosed and patched in commons-fileupload [2]. The vulnerability can lead to arbitrary remote code execution. --------------------------------------------- https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File… ∗∗∗ GPU side channel attacks can enable spying on web activity, password stealing ∗∗∗ --------------------------------------------- Computer scientists at the University of California, Riverside have revealed for the first time how easily attackers can use a computer’s graphics processing unit, or GPU, to spy on web activity, steal passwords, and break into cloud-based applications. --------------------------------------------- https://www.helpnetsecurity.com/2018/11/06/gpu-side-channel-attacks/ ∗∗∗ Gefälschte Zahlungsanweisung an die Buchhaltung ∗∗∗ --------------------------------------------- Kriminelle geben sich als Geschäftsführung eines Unternehmens aus und versenden eine E-Mail an die Buchhaltung. Darin fordern sie die Mitarbeiter/innen dazu auf, dass sie einen hohen Geldbetrag ins Ausland überweisen. Angestellte, die die Zahlungsanweisung nicht als betrügerisch erkennen, transferieren die geforderte Summe an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-zahlungsanweisung-an-die… ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - November 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-11-05 or later address all of these issues. [...] The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2018-11-01.html ∗∗∗ libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018 ∗∗∗ --------------------------------------------- Cisco has investigated its product line and has determined that no products or services are known to be affected by this vulnerability. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (glusterfs, gthumb, and mysql-5.5), Red Hat (389-ds-base, kernel, and xerces-c), Slackware (mariadb), SUSE (accountsservice, curl, icinga, kernel, and opensc), and Ubuntu (libxkbcommon, openssh, and ruby1.9.1, ruby2.0, ruby2.3, ruby2.5). --------------------------------------------- https://lwn.net/Articles/770856/ ∗∗∗ IBM Security Bulletin: IBM API Connect is vulnerable to CSV Injection (CVE-2018-1774) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-vu… ∗∗∗ IBM Security Bulletin: IBM MQ can cause a Denial of Service attack to connecting MQTT clients (CVE-2018-1684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-can-cause-a-de… ∗∗∗ IBM Security Bulletin: IBM Data Science Experience Local is affected by a Use of Hard-coded Password vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-data-science-expe… ∗∗∗ IBM Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Server Side Input Validation Vulnerability Affects IBM Campaign (CVE-2016-9749) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-server-side-input-v… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.11.2018
by Daily end-of-shift report 05 Nov '18

05 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-11-2018 18:00 − Montag 05-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Microsoft Edge Browser Zero-Day RCE Exploit in the Works ∗∗∗ --------------------------------------------- Details are about to emerge about a zero-day remote code execution vulnerability in the Microsoft Edge web browser, as two researchers plan to reveal a proof-of-concept and publish a general write up. Microsoft has not been told the details of this vulnerability. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-microsoft-edge-browser-z… ∗∗∗ Neue Schwachstelle in Intel-CPUs: Hyper-Threading anfällig für Datenleck ∗∗∗ --------------------------------------------- Forscher demonstrieren einen neuen CPU-Bug bei aktuellen Intel-Prozessoren, über den sich Daten aus einem benachbarten Thread auslesen lassen. --------------------------------------------- http://heise.de/-4210282 ∗∗∗ Streaming-Server Icecast: Angreifer könnten Online-Radiosender ausknipsen ∗∗∗ --------------------------------------------- In der aktuellen Version von Icecast haben die Entwickler eine Sicherheitslücke geschlossen. --------------------------------------------- http://heise.de/-4210875 ∗∗∗ Heres Why [Insert Thing Here] Is Not a Password Killer ∗∗∗ --------------------------------------------- These days, I get a lot of messages from people on security related things. Often its related to data breaches or sloppy behaviour on behalf of some online service playing fast and loose with HTTPS or passwords or some other easily observable security posture. But on a fairly regular basis, [...] --------------------------------------------- https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-password-kill… ∗∗∗ Finger weg vom Fake-Shop gaming-ez.com! ∗∗∗ --------------------------------------------- Kaufen Sie nicht auf gaming-ez.com ein. Die Playstation 4 Pro-, Xbox One- oder Nintendo Switch- Angebote sind zwar verlockend, werden aber nie geliefert. Überwiesenes Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/finger-weg-vom-fake-shop-gaming-ezco… ∗∗∗ Datendiebstahl mit gefälschtem AirAsia-Ticket ∗∗∗ --------------------------------------------- Konsument/innen erhalten ein gefälschtes AirAsia-Ticket für einen Flug von Hong Kong nach Kuala Lumpur. Sie können es stornieren, indem sie die Website eines Payment Center aufrufen. Dieses fragt PayPal-Zugangsdaten sowie Kreditkarten- und Bankinformationen ab. Ebenfalls ist eine persönliche Identifizierung vorgesehen. Kund/innen, die die gewünschten Informationen bekannt geben, werden Opfer eines Daten- und Identitätsdiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/datendiebstahl-mit-gefaelschtem-aira… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products ∗∗∗ --------------------------------------------- Affected product(s) and affected version(s):IBM Cloud Application Performance Management, Base Private IBM Cloud Application Performance Management, Advanced Private IBM Cloud Application Performance Management --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability found by vFinder (CVE-2018-14883 and CVE-2018-14851) ∗∗∗ --------------------------------------------- Affected product(s) and affected version(s):Affected Product NameAffected VersionsIBM Lotus Protector for Mail Security2.8.3.0IBM Lotus Protector for Mail Security2.8.1.0 --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Zookeeper could affect IBM Performance Management products (CVE-2018-8012) ∗∗∗ --------------------------------------------- Apache Zookeeper could allow a remote attacker to bypass security restrictions, caused by the failure to enforce authentication or authorization when a server attempts to join a quorum. An attacker could exploit this vulnerability to join the cluster and begin propagating counterfeit changes to the leader. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect Rational Publishing Engine ∗∗∗ --------------------------------------------- Affected product(s) and affected version(s):Rational Publishing Engine 2.1.0 Rational Publishing Engine 2.1.1 Rational Publishing Engine 2.1.2 Rational Publishing Engine 6.0.5 Rational Publishing Engine 6.0.6 --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- Security vulnerabilities affect multiple products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) and Rational Software Architect Design Manager (RSA DM). --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, icecast2, mupdf, and ruby2.3), Fedora (lldpad, NetworkManager, python-django, roundcubemail, thunderbird, webkit2gtk3, xen, and xorg-x11-server), Mageia (axis, cimg, gmic, dnsmasq, gitolite, gnutls, java-1.8.0-openjdk, lighttpd, mbedtls, mediawiki, perl-Dancer2, python-cryptography, and virtualbox), Red Hat (openvswitch, Red Hat Virtualization, and thunderbird), SUSE (curl, ffmpeg, and soundtouch), and Ubuntu (network-manager and systemd). --------------------------------------------- https://lwn.net/Articles/770744/ ∗∗∗ ZDI-18-1336: (0Day) Juuko JK-800 Replay Attack Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1336/ ∗∗∗ Security Advisory - Lock-screen Bypass Vulnerability in Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181105-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.11.2018
by Daily end-of-shift report 02 Nov '18

02 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 31-10-2018 18:00 − Freitag 02-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Utilities, Energy Sector Attacked Mainly Via IT, Not ICS ∗∗∗ --------------------------------------------- Stealing administrative credentials to carry out months-long spy campaigns is a top threat. --------------------------------------------- https://threatpost.com/utilities-energy-sector-attacked-mainly-via-it-not-i… ∗∗∗ Intel CPUs impacted by new PortSmash side-channel vulnerability ∗∗∗ --------------------------------------------- Intel processors are impacted by a new vulnerability that can allow attackers to leak encrypted data from the CPUs internal processes. --------------------------------------------- https://www.zdnet.com/article/intel-cpus-impacted-by-new-portsmash-side-cha… ∗∗∗ Zero-Day-Lücke in Cisco Adaptive Security Appliance und Firepower Threat Defense ∗∗∗ --------------------------------------------- Unbekannte Angreifer attackieren derzeit Firewalls und Sicherheitslösungen von Cisco. Für die Sicherheitslücke gibt es noch keinen Patch. --------------------------------------------- http://heise.de/-4208546 ∗∗∗ Bleedingbit: Sicherheitslücken in Bluetooth LE gefährden Access Points ∗∗∗ --------------------------------------------- Sicherheitsforscher skizzieren eine ihrer Einschätzung nach kritische Schwachstelle in einigen Bluetooth-Low-Energy-Chips. Es gibt bereits erste Updates. --------------------------------------------- http://heise.de/-4209343 ∗∗∗ Gefälschte iTunes Store-Rechnung im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte iTunes Store-Rechnung. Darin behaupten sie, dass Empfänger/innen einen Einkauf getätigt haben. Diesen können sie angeblich unter Bekanntgabe persönlicher Daten und ihrer Kreditkarteninformationen stornieren. Konsument/innen, die den erfundenen Einkauf rückgängig machen wollen, übermitteln Verbrecher/innen sensible Angaben und werden Opfer eines Datendiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-itunes-store-rechnung-im… ∗∗∗ Coinhive & MikroTik ∗∗∗ --------------------------------------------- Wir haben in den uns zur Verfügung stehenden Shodan Daten nach Systemen gesucht, die von der Krypto-Mining Kampagne gegen MikroTik Geräte betroffen sind. Dabei sind wir auf ca 330 IP-Adressen aus Österreich gestoßen und haben die entsprechenden Abuse-Kontakte informiert. --------------------------------------------- https://www.cert.at/services/blog/20181102151919-2302.html ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow and empty password in configuration file vulnerabilities in AVEVA’s InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01 ∗∗∗ Schneider Electric Software Update (SESU) ∗∗∗ --------------------------------------------- This advisory includes mitigations for a DLL hijacking vulnerability in the Schneider Electric Software Update (SESU). --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-305-02 ∗∗∗ Circontrol CirCarLife ∗∗∗ --------------------------------------------- This advisory includes mitigations for authentication bypass using an alternate path or channel and insufficiently protected credentials vulnerabilities in Circontrol’s CirCarLife, an electric vehicle charging station. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-305-03 ∗∗∗ Fr. Sauter AG CASE Suite ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper restriction of XML External Entity Reference vulnerability in Fr. Sauter AGs CASE Suite software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-305-04 ∗∗∗ Anviz AIM CrossChex Standard 4.3 Excel Macro Injection ∗∗∗ --------------------------------------------- CSV (XLS) Injection (Excel Macro Injection or Formula Injection) exists in the AIM CrossChex 4.3 when importing or exporting users using xls Excel file. This can be exploited to execute arbitrary commands on the affected system via SE attacks when an attacker inserts formula payload in the Name field when adding a user or using the custom fields Gender, Position, Phone, Birthday, Employ Date and Address. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php ∗∗∗ GitLab Critical Security Release: 11.4.4, 11.3.9, 11.2.8 ∗∗∗ --------------------------------------------- These versions contain a number of important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. --------------------------------------------- https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (phpldapadmin, poppler, and tzdata), Fedora (firefox, java-11-openjdk, libarchive, sos-collector, and teeworlds), Scientific Linux (java-1.7.0-openjdk, python-paramiko, and thunderbird), Slackware (curl), and SUSE (kernel, MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, and wireshark). --------------------------------------------- https://lwn.net/Articles/770367/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (kernel and linux-lts), Debian (chromium-browser and mono), Oracle (firefox), and Ubuntu (curl). --------------------------------------------- https://lwn.net/Articles/770473/ ∗∗∗ Session Limit - Critical - Insecure Session Management - SA-CONTRIB-2018-072 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-072 ∗∗∗ Decoupled Router - Critical - Access bypass - SA-CONTRIB-2018- 071 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-071 ∗∗∗ Paragraphs - Moderately critical - Access Bypass - SA-CONTRIB-2018-073 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-073 ∗∗∗ NextCloud Server: Mehrere Schwachstellen ermöglichen u. a. das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-2238/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181101-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.10.2018
by Daily end-of-shift report 31 Oct '18

31 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 30-10-2018 18:00 − Mittwoch 31-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter Next End-of-Day report: 2018-11-02 ===================== = News = ===================== ∗∗∗ Square, PayPal POS Hardware Open to Multiple Attack Vectors ∗∗∗ --------------------------------------------- Popular card readers like Square and PayPal have various flaws that allow attacks ranging from fraud to card data theft. --------------------------------------------- https://threatpost.com/square-paypal-pos-hardware-open-to-multiple-attack-v… ∗∗∗ Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims ∗∗∗ --------------------------------------------- Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Read Recorded Future’s version of this analysis. Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In mid-September it was reported that [...] --------------------------------------------- https://securingtomorrow.mcafee.com/mcafee-labs/fallout-exploit-kit-release… ∗∗∗ Using PHP 5 Becomes Dangerous in 2 Months ∗∗∗ --------------------------------------------- WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older. --------------------------------------------- https://www.wordfence.com/blog/2018/10/php5-dangerous/ ∗∗∗ 5 Types of Malware Currently Affecting macOS ∗∗∗ --------------------------------------------- Mac malware, or macOS malware, exists contrary to the popular belief that Apple’s operating system is immune to online threats. Cybersecurity researchers have been closely observing the threat landscape only to conclude that malware infections targeting Mac devices have increased in 2018. --------------------------------------------- https://www.tripwire.com/state-of-security/security-awareness/5-types-of-ma… ∗∗∗ Wenn Sie in eine Abo-Falle getappt sind… ∗∗∗ --------------------------------------------- Auf der Suche nach kostenlosen Angeboten und gratis Dienstleistungen werden Sie im Internet schnell fündig. Doch Vorsicht: Hier ist nicht alles Gold, was glänzt! Oft handelt es sich nämlich um Abo-Fallen, bei denen Ihnen unbegründet Rechnungen zugeschickt werden und man Ihnen mit Inkassobüro oder Rechtsanwaltsschreiben droht. Die Lösung? Auf gar keinen Fall bezahlen! --------------------------------------------- https://www.watchlist-internet.at/news/wenn-sie-in-eine-abo-falle-getappt-s… ∗∗∗ Warnung vor sierrasport-berlin.de ∗∗∗ --------------------------------------------- Der Online-Shop sierrasport-berlin.de vertreibt Markenfälschungen. Das können Konsument/innen daran erkennen, dass sämtliche Produkte stark rabattiert und lagernd sind. Kaufen sie bei sierrasport-berlin.de ein, müssen sie mit hohen Zusatzkosten, rechtlichen Konsequenzen und einem Identitätsdiebstahl rechnen. Von einem Einkauf bei sierrasport-berlin.de wird dringend abgeraten! --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-sierrasport-berlinde/ ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability ∗∗∗ --------------------------------------------- Integrated Data Protection Appliance (iDPA) contains undocumented accounts with limited access which may potentially be used by a malicious user to compromise the affected system. --------------------------------------------- https://seclists.org/fulldisclosure/2018/Oct/53 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (gitlab), Debian (gnutls28), Fedora (audiofile, coreutils, firefox, hesiod, kernel, kernel-headers, kernel-tools, libssh, lighttpd, mosquitto, opencc, patch, php-horde-nag, sos-collector, strongswan, and thunderbird), Gentoo (libxkbcommon, mutt-1.10, postgresql, systemd, xen, and xorg-server), Mageia (curl, libtiff, samba, spamassassin, and unzip), Oracle (java-1.7.0-openjdk and python-paramiko), Red Hat (git, glusterfs, java-1.7.0-openjdk, [...] --------------------------------------------- https://lwn.net/Articles/770203/ ∗∗∗ VMSA-2015-0008.2 ∗∗∗ --------------------------------------------- VMware product updates address information disclosure issue. Updated advisory to add vCloud Director fixes for 9.0.0.x and 9.1.0.x versions that now address CVE-2015-3269. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2015-0008.html ∗∗∗ HPESBHF03894 rev.1 - HPE Integrated Lights-Out 5 (iLO 5) Firmware Updates, Local Bypass of Security Restrictions ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ ElegantThemes (divi, extra, divi-builder) - Authenticated Stored Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9140 ∗∗∗ Apple security updates ∗∗∗ --------------------------------------------- https://support.apple.com/en-us/HT201222 ∗∗∗ Security Advisory - SegmentSmack Vulnerability in Linux Kernel ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181031-… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Huawei Watches ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181031-… ∗∗∗ IBM Security Bulletin: IBM Robotic Process Automation could disclose sensitive information in a web request (CVE-2018-1878) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735977 ∗∗∗ IBM Security Bulletin: Passwords are unencrypted locally in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1877) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10735973 ∗∗∗ IBM Security Bulletin: Passwords printed to log files in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1876) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735967 ∗∗∗ IBM Security Bulletin: ViewONE is vulnerable to XXE attack when opening PDF documents ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733815 ∗∗∗ IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Python (CVE-2016-5636 CVE-2017-1000158) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737147 ∗∗∗ IBM Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in Python (CVE-2016-5636 CVE-2017-1000158) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737125 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Switch Modules are affected by vulnerabilities in python (CVE-2016-5636 CVE-2017-1000158) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10736105 ∗∗∗ IBM Security Bulletin: Remote Code Execution vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1552) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016247 ∗∗∗ XSS vulnerability in undisclosed TMUI page CVE-2018-15314 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04524282 ∗∗∗ XSS vulnerability in undisclosed TMUI page CVE-2018-15313 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21042153 ∗∗∗ TMM vulnerability CVE-2018-15320 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K72442354 ∗∗∗ BIG-IP tmsh vulnerability CVE-2018-15321 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01067037 ∗∗∗ MQTT vulnerability CVE-2018-15323 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26583415 ∗∗∗ BIG-IP Configuration utility vulnerability CVE-2018-15327 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20222812 ∗∗∗ tmsh utility vulnerability CVE-2018-15322 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K28003839 ∗∗∗ BIG-IP APM portal access vulnerability CVE-2018-15324 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52206731 ∗∗∗ TMM vulnerability CVE-2018-15319 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K64208870 ∗∗∗ BIG-IP iControl & tmsh vulnerability CVE-2018-15325 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K77313277 ∗∗∗ BIG-IP APM CRL vulnerability CVE-2018-15326 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K34652116 ∗∗∗ TMM vulnerability CVE-2018-15318 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16248201 ∗∗∗ TMM vulnerability CVE-2018-15317 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43625118 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.10.2018
by Daily end-of-shift report 30 Oct '18

30 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Montag 29-10-2018 18:00 − Dienstag 30-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ CommonRansom Ransomware Demands RDP Access to Decrypt Files ∗∗∗ --------------------------------------------- A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victims files. --------------------------------------------- https://www.bleepingcomputer.com/news/security/commonransom-ransomware-dema… ∗∗∗ Krankenkassen: Vivy-App gibt Daten preis ∗∗∗ --------------------------------------------- Sicherheitsforscher haben einige gravierende Lücken in der Krankenkassen-App Vivy gefunden. Unter anderem konnte auf Dokumente, die man mit dem Arzt teilte, unberechtigt zugegriffen werden. (Medizin, Verschlüsselung) --------------------------------------------- https://www.golem.de/news/krankenkassen-vivy-app-gibt-daten-preis-1810-1373… ∗∗∗ Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures ∗∗∗ --------------------------------------------- by Stephen Hilt, Numaan Huq, Vladimir Kropotov, Robert McArdle, Cedric Pernet, and Roel Reyes Energy and water are two of the most central critical infrastructures (CIs). Both sectors have undergone necessary changes to reflect the latest in technology and improve how natural resources are harnessed and distributed. At present, these changes are heading toward more interconnected [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5LDw-xUlnAw/ ∗∗∗ Sicherheitsupdates: Multifunktionsgeräte von Lexmark anfällig für "böse" Faxe ∗∗∗ --------------------------------------------- Sicherheitspatches für Drucker-Fax-Kopier-Kombinationen von Lexmark schließen zwei Lücken. Eine davon gilt als kritisch. --------------------------------------------- http://heise.de/-4206719 ∗∗∗ Systemd: DHCPv6-Pakete können Linux-Rechner kapern ∗∗∗ --------------------------------------------- Eine Systemd-Komponente in vielen modernen Linux-Systemen kann missbraucht werden, um den Rechner übers Netz zu kapern. --------------------------------------------- http://heise.de/-4206800 ∗∗∗ Erpresserische E-Mails drohen mit Masturbationsvideo ∗∗∗ --------------------------------------------- Kriminelle versenden betrügerische Nachrichten. Darin behaupten sie, dass sie das Passwort der Empfänger/innen kennen, angeblich Zugriff auf ihren Computer haben und deshalb über Masturbationsvideos verfügen. Die Adressat/innen sollen Bitcoins bezahlen, damit es zu keiner Veröffentlichung der Aufnahmen kommt. Konsument/innen können das Schreiben ignorieren, denn es ist erfunden. Eine Reaktion ist nicht erforderlich. --------------------------------------------- https://www.watchlist-internet.at/news/erpresserische-e-mails-drohen-mit-ma… ===================== = Vulnerabilities = ===================== ∗∗∗ Squid Proxy Cache Security Update Advisory SQUID-2018:4 ∗∗∗ --------------------------------------------- Due to incorrect input handling, Squid is vulnerable to a Cross-Site Scripting vulnerability when generating HTTPS response messages about TLS errors. --------------------------------------------- http://www.squid-cache.org/Advisories/SQUID-2018_4.txt ∗∗∗ Squid Proxy Cache Security Update Advisory SQUID-2018:5 ∗∗∗ --------------------------------------------- Due to a memory leak in SNMP query rejection code, Squid is vulnerable to a denial of service attack. --------------------------------------------- http://www.squid-cache.org/Advisories/SQUID-2018_5.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (xorg-x11-server), Debian (xen), Red Hat (389-ds-base, binutils, curl and nss-pem, fuse, glibc, glusterfs, GNOME, gnutls, jasper, java-1.7.0-openjdk, kernel, kernel-alt, kernel-rt, krb5, libcdio, libkdcraw, libmspack, libreoffice, libvirt, openssl, ovmf, python, python-paramiko, qemu-kvm, qemu-kvm-ma, samba, setup, sssd, wget, wpa_supplicant, X.org X11, xerces-c, zsh, and zziplib), and SUSE (ardana-monasca, ardana-spark, kafka, kafka-kit, [...] --------------------------------------------- https://lwn.net/Articles/770031/ ∗∗∗ Sandbox Bypass in Script Security and Pipeline Groovy Plugins ∗∗∗ --------------------------------------------- https://jenkins.io/security/advisory/2018-10-29/ ∗∗∗ GitLab Security Release: 11.4.3, 11.3.8, and 11.2.7 ∗∗∗ --------------------------------------------- https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-… ∗∗∗ IBM Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty (CVE-2018-1851) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735105 ∗∗∗ IBM Security Bulletin: Vulnerability in the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10732968 ∗∗∗ IBM Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2018-10858) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10732876 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10737813 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735169 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Integration Designer ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733845 ∗∗∗ reposync vulnerability CVE-2018-10897 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23200408 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.10.2018
by Daily end-of-shift report 29 Oct '18

29 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 25-10-2018 18:00 − Montag 29-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows 10 Bug Allowed UWP Apps Full Access to File System ∗∗∗ --------------------------------------------- A bug in Windows 10 allowed UWP apps (Universal Windows Platform) to have access to the entire file system in Windows without permission from the user. This could have allowed a malicious app to access any data stored on the computer without the knowledge or consent of the user. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-10-bug-allowed-uwp-a… ∗∗∗ Linux und BSD: Sicherheitslücke in X.org ermöglicht Root-Rechte ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im Displayserver X.org erlaubt unter bestimmten Umständen das Überschreiben von Dateien und das Ausweiten der Benutzerrechte. Der passende Exploit passt in einen Tweet. (Sicherheitslücke, OpenBSD) --------------------------------------------- https://www.golem.de/news/linux-und-bsd-sicherheitsluecke-in-x-org-ermoegli… ∗∗∗ Sicherheitslücke: Steuerung von Bau-Kran lässt sich übernehmen ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in der kabellosen Kransteuerung Telecrane F25 ermöglicht es, Signale mitzuschneiden und mit diesen anschließend den Kran fernzusteuern. Ein Sicherheitsupdate steht bereit. (Sicherheitslücke, Mobil) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-steuerung-von-bau-kran-laesst-s… ∗∗∗ OWASP Top 10 Security Risks – Part II ∗∗∗ --------------------------------------------- It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series of posts on the OWASP top 10 security risks. --------------------------------------------- https://blog.sucuri.net/2018/10/owasp-top-10-security-risks-part-ii.html ∗∗∗ The D in Systemd stands for Dammmmit! A nasty DHCPv6 packet can pwn a vulnerable Linux box ∗∗∗ --------------------------------------------- Hole opens up remote-code execution to miscreants – or a crash, if youre lucky A security bug in Systemd can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/10/26/systemd_dhc… ∗∗∗ Google schreibt Android-Herstellern zwei Jahre Sicherheitspatches vor ∗∗∗ --------------------------------------------- In einem Vertrag schreibt Google Herstellern von Android-Smartphones regelmäßige Sicherheitsupdates vor. Diese Verpflichtung gilt bereits seit dem Sommer. --------------------------------------------- http://heise.de/-4203113 ∗∗∗ Ransomware and the enterprise: A new white paper ∗∗∗ --------------------------------------------- Ransomware remains a serious threat and this new white paper explains what enterprises need to know, and do, to reduce risk The post Ransomware and the enterprise: A new white paper appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2018/10/29/ransomware-enterprise-new-white-p… ===================== = Vulnerabilities = ===================== ∗∗∗ GEOVAP Reliance 4 SCADA/HMI ∗∗∗ --------------------------------------------- This advisory includes mitigations for a cross-site scripting vulnerability in GEOVAPs Reliance 4 SCADA/HMI system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01 ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow, and improper access control vulnerabilities in Advantechs WebAccess. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02 ∗∗∗ Cisco Advanced Malware Protection for Endpoints on Windows DLL Preloading Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox), CentOS (firefox), Debian (389-ds-base, openjdk-8, thunderbird, and xorg-server), Fedora (firefox), openSUSE (GraphicsMagick, jhead, mysql-community-server, ntp, postgresql96, python-cryptography, rust, tomcat, webkit2gtk3, and zziplib), Scientific Linux (firefox), and SUSE (clamav, firefox, ImageMagick, libgit2, net-snmp, smt, wpa_supplicant, and xorg-x11-server). --------------------------------------------- https://lwn.net/Articles/769613/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (xorg-server), Debian (graphicsmagick, libmspack, paramiko, ruby2.1, teeworlds, and tiff), Fedora (lldpad), Mageia (bitcoin, blueman, busybox, dhcp, exempi, firefox, kernel, kernel-linus, kernel-tmb, lilypond, ruby, and x11-server), openSUSE (audiofile, clamav, hostapd, ImageMagick, lcms2, libgit2, mercurial, net-snmp, and wpa_supplicant), SUSE (audiofile, binutils, kdelibs3, lcms2, mysql, openssh, and xen), and Ubuntu (mysql-5.5 and xorg-server, [...] --------------------------------------------- https://lwn.net/Articles/769891/ ∗∗∗ WebKitGTK+ 2.22.3 released! ∗∗∗ --------------------------------------------- This is a bug fix release in the stable 2.22 series. What’s new in the WebKitGTK+ 2.22.3 release? [...] Fix a memory leak during media playback when using playbin3. Fix portions of Web views not being rendered after resizing. Fix Resource Timing reporting for elements. Fix the build with the remote Web Inspector [...] --------------------------------------------- https://webkitgtk.org/2018/10/29/webkitgtk2.22.3-released.html ∗∗∗ OpenSSL: Eine Schwachstelle ermöglicht das Ausspähen des privaten Schlüssels ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-2188/ ∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801r ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737409 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects IBM® Rational® Team Concert ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737301 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in CacheMonitor for WebSphere Application Server (CVE-2018-1767) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729547 ∗∗∗ Microsoft Skype for Business Audio File Processing Flaw Lets Remote Users Execute Arbitrary Code ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041956 ∗∗∗ Apache Tomcat vulnerability CVE-2018-11784 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K64921482 ∗∗∗ Mozilla NSS vulnerability CVE-2018-12384 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41738501 ∗∗∗ HPESBMU03895 rev.1 - HPE Real Time Management System (RTMS), Multiple Remote Security Issues ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03869 rev.1 - HPE Windows Firmware Installer for certain HPE Gen9,Gen8, G7, and G6 Servers, Local Disclosure of Privileged Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.10.2018
by Daily end-of-shift report 25 Oct '18

25 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 24-10-2018 18:00 − Donnerstag 25-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting ∗∗∗ --------------------------------------------- The sLoad downloader is an example of the stealthy, smart malware trend. --------------------------------------------- https://threatpost.com/sload-banking-trojan-downloader-displays-sophisticat… ∗∗∗ Magecart Cybergang Targets 0days in Third-Party Magento Extensions ∗∗∗ --------------------------------------------- Over two dozen third-party ecommerce plugins contain zero-day vulnerabilities being exploited in a recent Magecart campaign. --------------------------------------------- https://threatpost.com/magecart-cybergang-targets-0days-in-third-party-mage… ∗∗∗ BSI-Mindeststandard zur Protokollierung und Detektion von Cyber-Angriffen ∗∗∗ --------------------------------------------- Cyber-Angriffe auf die IT-Systeme der Bundesverwaltung finden täglich statt. Neben ungezielten Massenangriffen sind die Netze des Bundes auch gezielten Angriffskampagnen ausgesetzt. Um die Detektion von Cyber-Angriffen zu verbessern, hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) einen Mindeststandard zur Protokollierung und der darauf basierenden Erkennung von Cyber-Angriffen definiert. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/Mindeststan… ∗∗∗ EU-Kommission will Zertifizierung für sichere Internetgeräte schaffen ∗∗∗ --------------------------------------------- Die EU arbeitet an einer Verordnung zur Sicherheitszertifizierung, die insbesondere die Geräte im Internet of Things in den Blick nimmt. --------------------------------------------- http://heise.de/-4202642 ∗∗∗ Sicherheitsupdate: Gefährliche Lücke in Cisco Webex Meetings ∗∗∗ --------------------------------------------- Angreifer könnten den Update-Mechanismus von Webex missbrauchen, um eigenen Code auszuführen. Ein Sicherheitsupdate schließt die Schwachstelle. --------------------------------------------- http://heise.de/-4202886 ∗∗∗ Gandcrab: Aktualisiertes Entschlüsselungstool für Erpressungstrojaner ∗∗∗ --------------------------------------------- Opfer der Ransomware Gandcrab in den Versionen 1, 4 und 5 können ihre Daten nun kostenlos entschlüsseln. --------------------------------------------- http://heise.de/-4203283 ∗∗∗ Sextortion emails: They're probably not watching you ∗∗∗ --------------------------------------------- Yes, those sextortion email scams using old passwords are still making the rounds. How can you spot a real sextortion attempt from an empty threat? And when should you report to authorities? Read on to find out. --------------------------------------------- https://blog.malwarebytes.com/101/2018/10/sextortion-emails-theyre-probably… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Xen Security Advisory 278 v1 - x86: Nested VT-x usable even when disabled ∗∗∗ --------------------------------------------- When running HVM guests, virtual extensions are enabled in hardware because Xen is using them. As a result, a guest can blindly execute the virtualisation instructions, and will exit to Xen for processing. --------------------------------------------- https://lists.xenproject.org/archives/html/xen-announce/2018-10/msg00000.ht… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (389-ds-base, clamav, firefox-esr, and mosquitto), openSUSE (Chromium and firefox), Oracle (firefox and kernel), Red Hat (chromium-browser, firefox, java-1.6.0-sun, java-1.7.0-oracle, and java-1.8.0-oracle), SUSE (dom4j, exempi, mercurial, ntp, python-cryptography, tiff, tomcat, and webkit2gtk3), and Ubuntu (audiofile and firefox). --------------------------------------------- https://lwn.net/Articles/769529/ ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects AIX (CVE-2018-15473) Security Bulletin ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733751 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Image for Red Hat Linux Systems on IBM PureApplication ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728607 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10732846 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Admin Console affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1770, CVE-2018-1777) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737065 ∗∗∗ IBM Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/docview.wss?uid=ibm10735863 ∗∗∗ IBM Security Bulletin: A vulnerability in Samba affects IBM OS Image for Red Hat Linux Systems on IBM PureApplication (CVE-2018-1050) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728649 ∗∗∗ IBM Security Bulletin : IBM Storwize V7000 Unified is affected by multiple GSKit vulnerabilities in GPFS ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10734249 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager is affected by multiple vulnerabilities in GSKit ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016890 ∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce could allow some server-side code injection (CVE-2018-1808) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10735905 ∗∗∗ Reflected XSS vulnerability in an undisclosed Configuration utility page CVE-2018-15315 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41704442 Next End-of-Day report: 2018-10-29 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.10.2018
by Daily end-of-shift report 24 Oct '18

24 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 23-10-2018 18:00 − Mittwoch 24-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ The Key New Security Features & Capabilities to Know in Windows 10 ∗∗∗ --------------------------------------------- Last year's WannaCry and Petya malware outbreaks couldn't breach Windows 10's latest security defenses, but companies still running outdated [...] --------------------------------------------- https://www.beyondtrust.com/blog/key-new-security-features-in-windows-10/ ∗∗∗ Hacker Discloses New Windows Zero-Day Exploit On Twitter ∗∗∗ --------------------------------------------- A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability. --------------------------------------------- https://thehackernews.com/2018/10/windows-zero-day-exploit.html ∗∗∗ Sicherheitsupdates: Backup-Software von Arcserve kann Daten leaken ∗∗∗ --------------------------------------------- Angreifer könnten unberechtigt auf Daten von Host-Systemen, auf denen die Backup-Lösung Arcserve Unified Data Protection läuft, zugreifen. --------------------------------------------- http://heise.de/-4202167 ∗∗∗ Einkaufsbetrug mit gefälschten Smile Bank-Nachrichten ∗∗∗ --------------------------------------------- Privatverkäufer/innen erhalten Nachrichten von Kriminellen. Sie geben vor, im Ausland zu sein und wollen die angebotene Ware kaufen. Sie überweisen angeblich einen überhöhten Geldbetrag an ihre Vertragspartner/innen. Das sollen gefälschte Smile Bank-Nachrichten belegen. Schließlich sollen Verkäufer/innen den Differenzbetrag und die Ware ins Ausland senden. Dadurch verlieren sie ihre personenbezogenen Daten, ihr Geld und ihre Produkte an Betrüger/innen. --------------------------------------------- https://www.watchlist-internet.at/news/einkaufsbetrug-mit-gefaelschten-smil… ∗∗∗ Nike-Markenfälscher auf coldenemy.com ∗∗∗ --------------------------------------------- Die neuesten Schuhe von Nike um 70 Prozent vergünstigt? Das gibt's auf coldenemy.com. Wer hier bestellt, erhält minderwertige Ware, die nichts mit dem gekauften Produkt zu tun hat. Außerdem gelangen Kredit- und Personendaten in die Hände von Kriminellen. --------------------------------------------- https://www.watchlist-internet.at/news/nike-markenfaelscher-auf-coldenemyco… ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow, external control of file name or path, improper privilege management, and path traversal vulnerabilities in Advantechs WebAccess. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01 ∗∗∗ GAIN Electronic Co. Ltd SAGA1-L Series ∗∗∗ --------------------------------------------- This advisory includes mitigations for authentication bypass by capture-relay, improper access control, and improper authentication vulnerabilities in GAIN Electronics SAGA1-L series transmitters. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02 ∗∗∗ Telecrane F25 Series ∗∗∗ --------------------------------------------- This advisory includes mitigations for an authentication bypass by capture-replay vulnerability in the Telecrane F25 Series software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-296-03 ∗∗∗ BitDefender Digital Signature Bypass Lets Remote Users Execute Arbitrary Code ∗∗∗ --------------------------------------------- A remote user can cause arbitrary code that is located elsewhere to be executed on the target users system due to a bypass of the digital signature GravityZone verification tools. Additional information is available at: https://labs.nettitude.com/blog/cve-2018-8955-bitdefender-gravityzone-arbit… --------------------------------------------- https://www.securitytracker.com/id/1041940 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (hesiod, lighttpd, and opencc), openSUSE (apache-pdfbox, net-snmp, pam_pkcs11, rpm, tiff, udisks2, and wireshark), SUSE (dhcp, ghostscript-library, ImageMagick, libraw, net-snmp, ntp, postgresql96, rust, tiff, xen, and zziplib), and Ubuntu (mysql-5.5, mysql-5.7). --------------------------------------------- https://lwn.net/Articles/769415/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ October 23, 2018 TNS-2018-13 [R1] LCE 5.1.1 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-13 ∗∗∗ October 23, 2018 TNS-2018-14 [R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-14 ∗∗∗ Security vulnerabilities fixed in Firefox ESR 60.3 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/ ∗∗∗ Security vulnerabilities fixed in Firefox 63 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.10.2018
by Daily end-of-shift report 23 Oct '18

23 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Montag 22-10-2018 18:00 − Dienstag 23-10-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Malicious Powershell using a Decoy Picture ∗∗∗ --------------------------------------------- I found another interesting piece of malicious Powershell while hunting. The file size is 1.3MB and most of the file is a PE file Base64 encoded. You can immediately detect it by checking the first characters of the string: [...] --------------------------------------------- https://isc.sans.edu/forums/diary/Malicious+Powershell+using+a+Decoy+Pictur… ∗∗∗ Jetzt patchen! Scanner und Exploits für kritische libssh-Lücke aufgetaucht ∗∗∗ --------------------------------------------- Da das Angriffsrisiko wächst, sollten Admins zügig die aktuelle libssh-Version auf Servern installieren. --------------------------------------------- http://heise.de/-4198976 ∗∗∗ Serverless botnets could soon become reality ∗∗∗ --------------------------------------------- We have been accustomed to think about botnets as a network of compromised machines – personal devices, IoT devices, servers – waiting for their masters' orders to begin their attack, but Protego researchers say that many compromised machines are definitely not a requirement: botnets can quite as easily be comprised of serverless functions. --------------------------------------------- https://www.helpnetsecurity.com/2018/10/23/serverless-botnets/ ∗∗∗ Who Is Agent Tesla? ∗∗∗ --------------------------------------------- A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity - attracting more than 6,300 customers who pay monthly fees to license the software. Although Agent Tesla includes a multitude of features designed to help it remain undetected on host computers, the malwares apparent creator seems to have done little to hide his real-life identity. --------------------------------------------- https://krebsonsecurity.com/2018/10/who-is-agent-tesla/ ∗∗∗ Betrug mit Euro-Lottosystem & Goggins-Transport ∗∗∗ --------------------------------------------- Konsument/innen erhalten eine betrügerische E-Mail, in der es heißt, dass sie bei einem Euro-Lottosystem 97.000 Euro gewonnen haben. Sie sollen Geld an Goggings-Transport bezahlen, damit sie den Preis ausbezahlt bekommen. Es folgen weitere Zahlungsaufforderungen. Mit jeder Bezahlung verliert das Opfer Geld, denn den Gewinn gibt es nicht. --------------------------------------------- https://www.watchlist-internet.at/news/betrug-mit-euro-lottosystem-goggins-… ∗∗∗ Konsolen-kobold.de liefert keine Ware! ∗∗∗ --------------------------------------------- Kaufen Sie nicht auf konsolen-kobold.de ein. Die dort angebotenen Playstations, Xboxen, Nintendos und Spiele sind zwar verlockend günstig, werden aber auch nicht geliefert! Bezahlt wird per Vorkasse und Ihr Geld ist somit weg. --------------------------------------------- https://www.watchlist-internet.at/news/konsolen-koboldde-liefert-keine-ware/ ∗∗∗ CVE-2018–8414: A Case Study in Responsible Disclosure ∗∗∗ --------------------------------------------- The process of vulnerability disclosure can be riddled with frustrations, concerns about ethics, and communication failure. I have had tons of bugs go well. I have had tons of bugs go poorly. --------------------------------------------- https://posts.specterops.io/cve-2018-8414-a-case-study-in-responsible-discl… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.8.0-openjdk), Fedora (mosquitto), openSUSE (binutils, clamav, exiv2, fuse, haproxy, singularity, and zziplib), Slackware (firefox), SUSE (apache-pdfbox, net-snmp, pam_pkcs11, postgresql94, rpm, tiff, and wireshark), and Ubuntu (kernel, libssh, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-lts-trusty, linux-lts-xenial, linux-aws, net-snmp, paramiko, requests, and texlive-bin). --------------------------------------------- https://lwn.net/Articles/769300/ ∗∗∗ IBM Security Bulletin: IBM BladeCenter Switch Modules are affected by information disclosure vulnerability (CVE-2014-8730) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10736107 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSLP (CVE-2017-17833) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10735359 ∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU OpenSSL affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10734825 ∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce could allow a remote attacker to obtain sensitive information (CVE-2018-1811) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735589 ∗∗∗ IBM Security Bulletin: An Information Disclosure Vulnerability affects WebSphere Commerce (CVE-2018-1809) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10732972 ∗∗∗ IBM Security Bulletin: A authenticated open redirect vulnerability affects IBM WebSphere Commerce Accelerator Tool (CVE-2018-1807) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735581 ∗∗∗ IBM Security Bulletin: An Information Disclosure Vulnerability affects WebSphere Commerce (CVE-2018-1806) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733149 ∗∗∗ IBM Security Bulletin: A cross site scripting vulnerability affects IBM WebSphere Commerce Accelerator tool (CVE-2018-1541) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731225 ∗∗∗ IPsec IKEv1 vulnerability CVE-2018-5389 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42378447 ∗∗∗ Linux kernel vulnerability CVE-2018-14634 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20934447 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.10.2018
by Daily end-of-shift report 22 Oct '18

22 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 19-10-2018 18:00 − Montag 22-10-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Remote Code Execution Flaws Found in FreeRTOS - Popular OS for Embedded Systems ∗∗∗ --------------------------------------------- FreeRTOS, the open-source operating system that powers most of the small microprocessors and microcontrollers in smart homes and critical infrastructure systems has 13 vulnerabilities, a third of them allowing remote code execution. --------------------------------------------- https://www.bleepingcomputer.com/news/security/remote-code-execution-flaws-… ∗∗∗ Sicherheitsupdate: Ein Klick zu viel und Microsoft Yammer führt Schadcode aus ∗∗∗ --------------------------------------------- Es gibt einen wichtigen Patch für die Desktop-Anwendung von Yammer. --------------------------------------------- http://heise.de/-4198055 ∗∗∗ Jetzt patchen! Kritische Lücke in den Mediaplayern VLC und MPlayer ∗∗∗ --------------------------------------------- Angreifer könnten Nutzer der Medienabspieler VLC und MPlayer mit vergleichsweise wenig Aufwand attackieren. --------------------------------------------- http://heise.de/-4198129 ∗∗∗ l+f: Snackautomaten-Flatrate ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher wird zum Snackosaurus. --------------------------------------------- http://heise.de/-4198336 ∗∗∗ TCP/IP, Sockets, and SIGPIPE ∗∗∗ --------------------------------------------- There is a spectre haunting the Internet - the spectre of SIGPIPE errors. Its a bug in the original design of Unix networking from 1981 that is perpetuated by college textbooks, which teach students to ignore it. As a consequence, sometimes software unexpectedly crashes. This is particularly acute on industrial and medical networks, where security professionals cant run port/security scans for fear of crashing critical devices. --------------------------------------------- https://blog.erratasec.com/2018/10/tcpip-sockets-and-sigpipe.html ∗∗∗ Warnung vor verda-maehroboter.de ∗∗∗ --------------------------------------------- Der betrügerische Online-Shop verda-maehroboter.de verkauft günstige Mähroboter und Rasentraktoren. Wer bei ihm einkauft, verliert sein Geld und seine Identität an Verbrecher/innen. Zu einer Warenlieferung kommt es nicht. Der Fake-Shop verda-maehroboter.de ist mithilfe einer Internetrecherche, eines Preisvergleichs und einer Überprüfung der Zahlungsmethoden erkennbar. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-verda-maehroboterde/ ∗∗∗ Let's talk about PAKE ∗∗∗ --------------------------------------------- The first rule of PAKE is: nobody ever wants to talk about PAKE. The second rule of PAKE is that this is a shame, because PAKE — which stands for Password Authenticated Key Exchange — is actually one of the most useful technologies that (almost) never gets used. It should be deployed everywhere, and yet it isn't. --------------------------------------------- https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/ ===================== = Vulnerabilities = ===================== ∗∗∗ libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018 ∗∗∗ --------------------------------------------- A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the attacker to bypass authentication and gain unauthorized access to a targeted system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ SECURITY BULLETIN: Trend Micro Antivirus for Mac (Consumer) Privilege Escalation Vulnerabilities ∗∗∗ --------------------------------------------- Trend Micro has released fixes for the Trend Micro Antivirus for Mac family of consumer products which resolve vulnerabilities that could allow an attacker to escalate privileges on a vulnerable system that they otherwise would not have had access to. --------------------------------------------- https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (thunderbird), Debian (drupal7, exiv2, and ghostscript), Fedora (apache-commons-compress, git, libssh, and patch), Mageia (389-ds-base, calibre, clamav, docker, ghostscript, glib2.0, libtiff, mgetty, php-smarty, rust, tcpflow, and vlc), openSUSE (Chromium, icinga, and libssh), and SUSE (clamav, fuse, GraphicsMagick, haproxy, libssh, thunderbird, tomcat, udisks2, and Xerces-c). --------------------------------------------- https://lwn.net/Articles/769163/ ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2018 – Includes Oracle Jul 2018 CPU affects IBM Tivoli Composite Application Manager for Transactions ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735807 ∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU binutils affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733785 ∗∗∗ BIG-IP-reflected XSS vulnerability in an undisclosed Configuration utility page CVE-2018-15315 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41704442 ∗∗∗ PEPPERL+FUCHS ecom Mobile devices prone to Android privilege elevation vulnerability ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2018-016 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.10.2018
by Daily end-of-shift report 19 Oct '18

19 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 18-10-2018 18:00 − Freitag 19-10-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SSH Key Management Overview & 6 Best Practices ∗∗∗ --------------------------------------------- Secure Socket Shell (SSH), also called Secure Shell, is a special network protocol leveraging .. --------------------------------------------- https://www.beyondtrust.com/blog/ssh-key-management-overview-6-best-practic… ∗∗∗ How we discovered a Ukranian cybercrime hotspot ∗∗∗ --------------------------------------------- Our researchers wanted to take a closer look at the GandCrab ransomware. Then they found an entire cybercrime network, operating from Ukraine. --------------------------------------------- https://www.gdatasoftware.com/blog/2018/10/31187-ukranian-cybercrime-hotspo… ∗∗∗ The Underground Job Market ∗∗∗ --------------------------------------------- "Leave your ego at the door every morning, and just do some truly great work. Few things will make you feel better than a job brilliantly done." Robin S. Sharma The last time we visited the .. --------------------------------------------- https://trustwave.com/Resources/SpiderLabs-Blog/The-Underground-Job-Market/ ∗∗∗ Hack.lu 2018 Wrap-Up Day #3 ∗∗∗ --------------------------------------------- Here we go with the last wrap-up of the 2018 edition! The first presentation was about worms: “Worms that turn: nematodes and neotodes” by Matt Wixey. The first slide contained the mention: “for educational purposes only”. What could we .. --------------------------------------------- https://blog.rootshell.be/2018/10/18/hack-lu-2018-wrap-up-day-3/ ∗∗∗ Jetzt patchen! Kritische Lücken in Drupal gefährden ganze Websites ∗∗∗ --------------------------------------------- Aufgrund von mehreren Schwachstellen sollten Web-Admins zügig ihre Drupal-Installation auf den aktuellen Stand bringen. --------------------------------------------- http://heise.de/-4196243 ∗∗∗ Sicherheitslücke in jQuery-File-Upload Plug-in macht unzählige Server verwundbar ∗∗∗ --------------------------------------------- Es ist ein wichtiges Sicherheitsupdate für das jQuery-File-Upload-Plug-in erschienen. Eine globale Installation ist jedoch utopisch. --------------------------------------------- http://heise.de/-4196771 ∗∗∗ Encrypted SNI Comes to Firefox Nightly ∗∗∗ --------------------------------------------- TL;DR: Firefox Nightly now supports encrypting the TLS Server Name Indication (SNI) extension, which helps prevent attackers on your network from learning your browsing history. You can enable encrypted SNI today and .. --------------------------------------------- https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4323 drupal7 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4323 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.10.2018
by Daily end-of-shift report 18 Oct '18

18 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 17-10-2018 18:00 − Donnerstag 18-10-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hack.lu 2018 Wrap-Up Day #2 ∗∗∗ --------------------------------------------- The second day started early with an eye-opener talk: “IPC – the broken dream of inherent security” by Thanh Bui. IPC or “Inter-Process Communications” are everywhere. You can compare them as a network connection between a .. --------------------------------------------- https://blog.rootshell.be/2018/10/17/hack-lu-2018-wrap-up-day-2/ ∗∗∗ Sicherheitslücken-Cocktail bringt D-Link-Router zu Fall ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher kombiniert drei Sicherheitslücken und erlangt die volle Kontrolle über D-Link-Router. Patches gibt es noch nicht. --------------------------------------------- http://heise.de/-4195134 ∗∗∗ Distrust of the Symantec PKI: Immediate action needed by site operators ∗∗∗ --------------------------------------------- Chrome 70 has now been released to the Stable Channel, and users will start to see full screen interstitials on sites which still use certificates issues by the Legacy Symantec .. --------------------------------------------- https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.… ∗∗∗ VestaCP compromised in a new supply-chain attack ∗∗∗ --------------------------------------------- Customers see their admin credentials stolen and their servers infected with .. --------------------------------------------- https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-dist… ===================== = Vulnerabilities = ===================== ∗∗∗ TYPO3-PSA-2018-001: By-passing Protection of PharStreamWrapper Interceptor ∗∗∗ --------------------------------------------- It has been discovered that the protection against insecure deserialization can be by-passed in PharStreamWrapper component. --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2018-001/ ∗∗∗ Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2018-006 ∗∗∗ Drupal Core - 3rd-party libraries -SA-CORE-2018-005 ∗∗∗ --------------------------------------------- https://www.drupal.org/SA-CORE-2018-005 ∗∗∗ HTML Mail - Critical - Remote Code Execution - SA-CONTRIB-2018-069 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-069 ∗∗∗ Mime Mail - Critical - Remote Code Execution - SA-CONTRIB-2018-068 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-068 ∗∗∗ Cisco Wireless LAN Controller Software Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.10.2018
by Daily end-of-shift report 17 Oct '18

17 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 16-10-2018 18:00 − Mittwoch 17-10-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Injecting Code into Windows Protected Processes using COM - Part 1 ∗∗∗ --------------------------------------------- Posted by James Forshaw, Google Project ZeroAt Recon Montreal 2018 I presented "Unknown Known DLLs and other Code Integrity Trust Violations" with Alex Ionescu. We described the implementation of Microsoft Windows' Code Integrity mechanisms and how Microsoft implemented Protected Processes (PP). As part of that I demonstrated various ways of bypassing Protected Process Light (PPL), some requiring administrator privileges, others not. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/10/injecting-code-into-windows-… ∗∗∗ Multiple D-Link Routers Open to Complete Takeover with Simple Attack ∗∗∗ --------------------------------------------- The vendor only plans to patch two of the eight impacted devices, according to a researcher. --------------------------------------------- https://threatpost.com/multiple-d-link-routers-open-to-complete-takeover-wi… ∗∗∗ Party like its 1987... SVGA code bug haunts VMwares house, lets guests flee to host OS ∗∗∗ --------------------------------------------- Malicious code in VMs can leap over ESXi, Workstation, Fusion hypervisor security Get busy, VMware admins and users: the virtualisation virtuoso has patched a programming blunder in ESXi, Workstation Pro and Player, and Fusion and Fusion Pro products that can be exploited by malicious code to jump from guest OS to host machine. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/10/17/vmware_svga… ∗∗∗ Warnung vor gefälschtem A1-Update ∗∗∗ --------------------------------------------- Konsument/innen erhalten eine angebliche Nachricht von A1, in der es heißt, dass der Mobilfunkanbieter ein Update für sie bereit stellt. Kund/innen sollen es installieren, damit sie weiterhin das Mobilfunknetz des Anbieters nutzen können. Kommen sie der Aufforderung nach, installieren sie Schadsoftware auf ihrem Smartphone. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-gefaelschtem-a1-update/ ∗∗∗ IT-Sicherheit - 100.000 Geräte: "Netter" Hacker entfernt ungefragt Sicherheitslücken ∗∗∗ --------------------------------------------- Seit April sind verheerende Sicherheitslücken bei Routern der Marke Mikrotik bekannt - vom Hersteller gibt es kein Update --------------------------------------------- https://derstandard.at/2000089517357/Netter-Hacker-entfernt-ungefragt-Siche… ∗∗∗ Persistent Credential Theft with Authorization Plugins ∗∗∗ --------------------------------------------- Credential theft is often one of the first tactics leveraged by attackers once they’ve escalated privileges on a victim’s machine. Credential theft on OSX has become more difficult with the introduction of System Integrity Protection (SIP). Attackers can no longer use methods such as extracting the master keys from the securityd process and decrypting the victim’s login keychain. An example of this can be seen here. --------------------------------------------- https://posts.specterops.io/persistent-credential-theft-with-authorization-… ===================== = Vulnerabilities = ===================== ∗∗∗ Omron CX-Supervisor ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper restriction of operations within the bounds of a memory buffer, out-of-bounds read, use-after-free, and incorrect type conversion or cast vulnerabilities in Omrons CX-Supervisor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01 ∗∗∗ Authentication bypass in server code in libssh ∗∗∗ --------------------------------------------- There is a vulnerability within the server code which can enable a client to bypass the authentication process and set the internal state machine maintained by the library to authenticated, enabling the (otherwise prohibited) creation of channels. --------------------------------------------- https://www.libssh.org/security/advisories/CVE-2018-10933.txt ∗∗∗ VMSA-2018-0026 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0026.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (tomcat), Debian (asterisk, graphicsmagick, and libpdfbox-java), openSUSE (apache2 and git), Oracle (tomcat), Red Hat (kernel and Satellite 6.4), Slackware (libssh), SUSE (binutils, ImageMagick, and libssh), and Ubuntu (clamav, libssh, moin, and paramiko). --------------------------------------------- https://lwn.net/Articles/768617/ ∗∗∗ Synology-SA-18:55 DSM ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to obtain sensitive information via a susceptible version of Synology Diskstation Manager (DSM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_55 ∗∗∗ Oracle Critical Patch Update Advisory - October 2018 ∗∗∗ --------------------------------------------- https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html ∗∗∗ Solaris Third Party Bulletin - October 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/bulletinoct2018-5139632.h… ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181017-… ∗∗∗ HPESBHF03891 rev.1 - HPE UIoT, Remote Unauthorized Access ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.10.2018
by Daily end-of-shift report 16 Oct '18

16 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Montag 15-10-2018 18:00 − Dienstag 16-10-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ pEp-Foundation hat Sicherheitslücke in Enigmail/pEp geschlossen ∗∗∗ --------------------------------------------- Die pEp-Foundation hat eine Sicherheitslücke gestopft: Das Add-on Enigmail unter Windows hatte vorgeblich verschlüsselte Mails im Klartext verschickt. --------------------------------------------- http://heise.de/-4191426 ∗∗∗ Android 9 Pie: Google knüpft Backup-Verschlüsselung an gerätespezifische Passcodes ∗∗∗ --------------------------------------------- Der Zugriff auf Anwendungsdaten in Androids Cloud-Backups erfordert künftig einen Entschlüsselungskey, den selbst Google nicht kennt. --------------------------------------------- http://heise.de/-4191017 ∗∗∗ Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox ∗∗∗ --------------------------------------------- Cisco Talos has discovered a new malware campaign that drops the sophisticated information-stealing trojan called "Agent Tesla," and other malware such as the Loki information stealer. Initially, Talos telemetry systems detected a .. --------------------------------------------- https://blog.talosintelligence.com/2018/10/old-dog-new-tricks-analysing-new… ∗∗∗ Phishers are after something unusual in ploy targeting book publishers ∗∗∗ --------------------------------------------- In a new twist on the theme, the scammers have their sights set on book manuscripts, among other .. --------------------------------------------- http://feedproxy.google.com/~r/eset/blog/~3/lABhPeu59as/ ∗∗∗ Fake-Shop-Alarm auf macbooks-billiger.de ∗∗∗ --------------------------------------------- Auf macbooks-billiger.de werden Apple-Produkte, wie MacBooks, iPhones, Apple Watches und iPads zu konkurrenzlos günstigen Preisen angeboten. Wie das geht, fragen Sie? Die Antwort lautet „Betrug!“. Sie .. --------------------------------------------- https://www.watchlist-internet.at/index.php?id=71&tx_news_pi1[news]=3169&tx… ∗∗∗ Removing Old Versions of TLS ∗∗∗ --------------------------------------------- In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1. On the Internet, 20 years is an eternity. TLS 1.0 will be 20 years old in January 2019. In that time, TLS has protected .. --------------------------------------------- https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/ ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4319 spice - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4319 ∗∗∗ DSA-4318 moin - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4318 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.10.2018
by Daily end-of-shift report 15 Oct '18

15 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 12-10-2018 18:00 − Montag 15-10-2018 18:00 Handler: Alexander Riepl Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ l+f: Krypto-Miner hegt und pflegt Flash ∗∗∗ --------------------------------------------- Ein Trojaner tut erst Gutes und dann Böses. --------------------------------------------- http://heise.de/-4190878 ∗∗∗ Patching, Re-Patching and Meta-Patching the Jet Database Engine RCE (CVE-2018-8423) ∗∗∗ --------------------------------------------- Flawed Patches Will Always Happen, But We Can Change How They Get Fixed by Mitja Kolsek, the 0patch TeamTL;DR: Microsoft patched CVE-2018-8423 eighteen days after we had micropatched it. Their official patch turned out to be incomplete so we re-micropatched it.This is a story about a Windows vulnerability that was reported to Microsoft, published as "0day" before the official patch was available, micropatched by us one day later, subsequently patched by Microsoft, found to be [...] --------------------------------------------- https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html ∗∗∗ Datendiebstahl mit gefälschter WhatsApp-Rechnung ∗∗∗ --------------------------------------------- Datendiebe versenden eine gefälschte WhatsApp-Rechnung per E-Mail. Darin behaupten sie in betrügerischer Absicht, dass Konsument/innen für den Messenger bezahlen müssen. Dazu sollen sie auf einer Website ihre Kreditkartendaten und ihren TAN-Code bekannt geben. Das führt zur Übermittlung der Informationen an Kriminelle. Dadurch verlieren Opfer ihr Geld und ihre Identität an Datendiebe. --------------------------------------------- https://www.watchlist-internet.at/news/datendiebstahl-mit-gefaelschter-what… ∗∗∗ IT-Security - "PHP-Zeitbombe": 62 Prozent aller Internetseiten sind bald unsicher ∗∗∗ --------------------------------------------- Mit Ende des Jahres endet der Support für PHP 5.6, das immer noch vielfach genutzt wird --------------------------------------------- https://derstandard.at/2000089376436/PHP-Zeitbombe-62-Prozent-aller-Interne… ===================== = Vulnerabilities = ===================== ∗∗∗ MS-ISAC Releases Advisory on PHP Vulnerabilities ∗∗∗ --------------------------------------------- The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review MS-ISAC Advisory 2018-113 and the PHP Downloads page and apply the necessary updates. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/10/12/MS-ISAC-Releases-A… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (wireshark-cli), Debian (imagemagick, otrs2, tomcat7, and wireshark), Fedora (ca-certificates, dislocker, dolphin-emu, kernel-headers, kernel-tools, libgit2, mbedtls, mingw-openjpeg2, nekovm, openjpeg2, patch, strongswan, and thunderbird), Mageia (firefox, git, nextcloud, and texlive), Oracle (kernel and openssl), Scientific Linux (spamassassin), SUSE (libtirpc), and Ubuntu (requests). --------------------------------------------- https://lwn.net/Articles/768406/ ∗∗∗ Security Advisory - Arbitrary Memory Read Write Vulnerability in Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170306-… ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2018-11763 in the IBM i HTTP Server affects IBM i. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10735045 ∗∗∗ IBM Security Bulletin: Potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console (CVE-2018-1777) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10730631 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.10.2018
by Daily end-of-shift report 12 Oct '18

12 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 11-10-2018 18:00 − Freitag 12-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Jetzt patchen! Proof-of-Concept-Code für Windows-Lücke veröffentlicht ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher zeigt, wie er mit einem vergleichsweise simplen Skript aus dem Browser Edge heraus eine andere Anwendung startet. --------------------------------------------- http://heise.de/-4189565 ∗∗∗ Adaptable, All-in-One Android Trojan Shows the Future of Malware ∗∗∗ --------------------------------------------- GPlayed may be the new face of malware -- flexible and adaptable, with a Swiss Army knife-like toolbox that can be used to target pretty much anyone. --------------------------------------------- https://threatpost.com/adaptable-all-in-one-android-trojan-shows-the-future… ∗∗∗ New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors ∗∗∗ --------------------------------------------- Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot. --------------------------------------------- https://threatpost.com/new-drupalgeddon-attacks-enlist-shellbot-to-open-bac… ∗∗∗ Google Adds Control-Flow Integrity to Beef up Android Kernel Security ∗∗∗ --------------------------------------------- Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities. --------------------------------------------- https://thehackernews.com/2018/10/android-linux-kernel-cfi.html ∗∗∗ AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide ∗∗∗ --------------------------------------------- This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States. In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/AA18-284A ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (net-snmp), Fedora (php-horde-nag), openSUSE (git, java-1_8_0-openjdk, libxml2, mgetty, moinmoin-wiki, postgresql10, and soundtouch), Oracle (spamassassin), Red Hat (spamassassin), SUSE (apache2, axis, kernel, libX11 and libxcb, and texlive), and Ubuntu (clamav, git, and texlive-bin). --------------------------------------------- https://lwn.net/Articles/768244/ ∗∗∗ NUUO NVRmini2 and NVRsolo ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow and leftover debug code vulnerabilities in NUUOs NVRmini2 and NVRsolo network video recorders. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-284-01 ∗∗∗ NUUO CMS ∗∗∗ --------------------------------------------- This advisory includes mitigations for use of insufficiently random values, use of obsolete function, incorrect permission assignment for critical resource, and use of hard-coded credentials vulnerabilities in a NUUOs CMS software management platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02-NUUO-CMS ∗∗∗ Delta Industrial Automation TPEditor ∗∗∗ --------------------------------------------- This advisory includes mitigations for out-of-bounds write and stack-based buffer overflow vulnerabilities in the Delta Industrial Automation TPEditor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-284-03 ∗∗∗ Critical Patch Update - October 2018 - Pre-Release Announcement ∗∗∗ --------------------------------------------- https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in glibc (CVE-2018-11236) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10734721 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10734739 ∗∗∗ IBM Security Bulletin: Vulnerabilities in procps affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733895 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in procps ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10734741 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in OpenSLP (CVE-2017-17833) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10734657 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Path Traversal (CVE-2018-1744) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733353 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libjpeg ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10734731 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to a XML External Entity Injection (XXE) attack (CVE-2018-1747) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733429 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733909 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in ICU ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10734727 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.10.2018
by Daily end-of-shift report 11 Oct '18

11 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 10-10-2018 18:00 − Donnerstag 11-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ 5 Endpoint Threats Impacting Security ∗∗∗ --------------------------------------------- Introduction Endpoint threats pose serious security risks to many organizations. Companies are reporting attacks ranging from ransomware to phishing attacks. These attacks lead to the loss of customer data, resulting in massive damage to the company’s reputation, finances and structure. --------------------------------------------- https://resources.infosecinstitute.com/5-endpoint-threats-impacting-securit… ∗∗∗ ICS Tactical Security Trends: Analysis of the Most Frequent SecurityRisks Observed in the Field ∗∗∗ --------------------------------------------- Introduction FireEye iSIGHT Intelligence compiled extensive data from dozens of ICS security health assessment engagements (ICS Healthcheck) performed by Mandiant, FireEyes consulting team, to identify the most pervasive and highest priority security risks in industrial facilities. The information was acquired from hands-on assessments carried out over the last few years across a broad range of industries [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2018/10/ics-tactical-security-t… ∗∗∗ DNS-Schlüsselwechsel: Wie man DNS-Ausfälle erkennt, was dagegen hilft ∗∗∗ --------------------------------------------- Am 11.10. wechselt die ICANN den DNS-Vertrauensanker. Dabei kann es zu Ausfällen von Internet-Diensten kommen. Wir fassen zusammen, was dagegen hilft. --------------------------------------------- https://heise.de/-4187064 ∗∗∗ Sicherheitsupdates: Junipers Junos OS offen für Fernzugriff ohne Passwort ∗∗∗ --------------------------------------------- In Junos OS klaffen zum Teil kritische Sicherheitslücken. Aktualisierte Versionen des Betriebssystems schließen die Schwachstellen. --------------------------------------------- http://heise.de/-4188397 ∗∗∗ Nicht bei saturn-media.net einkaufen ∗∗∗ --------------------------------------------- Saturn-media.net lockt mit günstigen Technikangeboten und versucht durch den Domain eine Verbindung zu den seriösen Anbietern Media Markt und Saturn herzustellen. Saturn-media.net hat jedoch nichts mit den genannten Anbietern zu tun, es handelt sich um einen Fakeshop. Sie erhalten keine Ware und verlieren ihr Geld! --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bei-saturn-medianet-einkaufen/ ===================== = Vulnerabilities = ===================== ∗∗∗ Juniper Networks Releases Security Updates ∗∗∗ --------------------------------------------- Original release date: October 10, 2018 Juniper Networks has released security updates to address vulnerabilities affecting multiple Junos OS versions. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review the Juniper Security Advisories website and apply the necessary updates and workarounds. This product is provided subject to this Notification and this Privacy & Use policy. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/10/10/Juniper-Networks-R… ∗∗∗ NVP field - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-066 ∗∗∗ --------------------------------------------- Project: NVP fieldDate: 2018-October-10Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: NVP field module allows you to create a field type of name/value pairs, with customtitles and easily editable rendering with customizable HTML/text surrounding the pairs.The module doesnt sufficiently handle sanitization of its field formatters output. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-066 ∗∗∗ Search API Solr Search - Moderately critical - Access bypass - SA-CONTRIB-2018-065 ∗∗∗ --------------------------------------------- Project: Search API Solr SearchVersion: 7.x-1.13Date: 2018-October-10Security risk: Moderately critical 10∕25 AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Access bypassDescription: This module provides support for creating searches using the Apache Solr search engine and the Search API Drupal module.The module doesnt sufficiently take the searched fulltext fields into account when creating a search excerpt. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-065 ∗∗∗ Lightbox2 - Critical - Cross Site Scripting - SA-CONTRIB-2018-064 ∗∗∗ --------------------------------------------- Project: Lightbox2Version: 7.x-2.x-devDate: 2018-October-10Security risk: Critical 18∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: The Lightbox2 module enables you to overlay images on the current page.The module did not sanitize some inputs when used in combination with a custom view leading to potential Cross Site Scripting (XSS).Solution: Install the latest version [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2018-064 ∗∗∗ Teltonika RUT9XX Unauthenticated OS Command Injection ∗∗∗ --------------------------------------------- Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges. --------------------------------------------- https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319… ∗∗∗ Teltonika RUT9XX Reflected Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. --------------------------------------------- https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410… ∗∗∗ Teltonika RUT9XX Missing Access Control to UART Root Terminal ∗∗∗ --------------------------------------------- Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges. --------------------------------------------- https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dnsruby, gnulib, and jekyll), Fedora (calamares, fawkes, git, kernel-headers, librime, and pdns), openSUSE (ImageMagick), Oracle (kernel), Scientific Linux (glusterfs, kernel, and nss), Slackware (git), SUSE (ImageMagick), and Ubuntu (tomcat7, tomcat8). --------------------------------------------- https://lwn.net/Articles/768145/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10728795 ∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801q ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731217 ∗∗∗ IBM Security Bulletin: Potential bypass security vulnerability in Expression Language library used by WebSphere Application Server (CVE-2014-7810) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729557 ∗∗∗ IBM Security Bulletin: Potential traversal vulnerability in IBM WebSphere Application Server Admin Console (CVE-2018-1770) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729521 ∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager component FileNet Deployment Manager security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/support/docview.wss?uid=ibm10732755 ∗∗∗ IBM Security Bulletin: Remote code execution vulnerability (CVE-2018-1260) affects IBM Spectrum Symphony 7.2.0.2 and 7.2.1 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10731859 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerabilities affect Rational Publishing Engine ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10734697 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.10.2018
by Daily end-of-shift report 10 Oct '18

10 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 09-10-2018 18:00 − Mittwoch 10-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Zero-day exploit (CVE-2018-8453) used in targeted attacks ∗∗∗ --------------------------------------------- Yesterday, Microsoft published their security bulletin, which patches CVE-2018-8453, among others. It is a vulnerability in win32k.sys discovered by Kaspersky Lab in August. Microsoft confirmed the vulnerability and designated it CVE-2018-8453. --------------------------------------------- https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/ ∗∗∗ Patchday: Zero-Day-Fix für Windows, kritische Exchange-Lücke ∗∗∗ --------------------------------------------- Im Oktober behebt Microsoft knapp 50 Sicherheitsprobleme. Darunter kritische Lücken in Windows-Komponenten und im Exchange Mail-Server. --------------------------------------------- http://heise.de/-4186268 ∗∗∗ Kritische Sicherheitslücke gefährdet Milliarden WhatsApp-Nutzer ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in WhatsApp ermöglicht es, ein Smartphone mit einem einzigen Video-Call zu kapern. Potentiell betroffen sind Milliarden WhatsApp-Nutzer. --------------------------------------------- http://heise.de/-4186365 ∗∗∗ Patchday: Adobe stopft kritische Lücke in Digital Editions ∗∗∗ --------------------------------------------- Ein Sicherheitsupdate für Flash, das keins ist, und die Abwesenheit von Reader-Patches sorgen bei Adobe für einen eher untypischen Patchday. --------------------------------------------- http://heise.de/-4186327 ∗∗∗ IIS attacks surge from 2,000 to 1.7 million over last quarter ∗∗∗ --------------------------------------------- IIS, Drupal, and Oracle WebLogic web technologies experienced increased attacks in Q2 2018. According to a new threat report from eSentire, IIS attacks showed a massive increase, from 2,000 to 1.7 million, since last quarter. --------------------------------------------- https://www.helpnetsecurity.com/2018/10/10/iis-attacks-surge/ ∗∗∗ Magecart hacks Shopper Approved to simultaneously hit many e-commerce sites ∗∗∗ --------------------------------------------- The cybercriminal groups under the Magecart umbrella strike again and again, and one of them has apparently specialized in compromising third parties to more easily get in as many online shops as possible. The latest target of Magecart Group 5, as it has been dubbed by RiskIQ researcher Yonathan Klijnsma, is Shopper Approved, an organization that provides rating seals for online stores. --------------------------------------------- https://www.helpnetsecurity.com/2018/10/10/magecart-hacks-shopper-approved/ ∗∗∗ Kleinanzeigenbetrug mit Western Union Überweisungen ∗∗∗ --------------------------------------------- Vorsicht beim Kleinanzeigenverkauf! BetrügerInnen, die sich als KaufinteressentInnen ausgeben, behaupten, ihren Opfern überhöhte Geldbeträge überwiesen zu haben, die nur durch eine Western Union Transaktion an ein Speditionsunternehmen freigeschalten werden können. Führen Sie diese Transaktion nicht durch, denn Ihr Geld wäre verloren und die freizuschaltende Überweisung gibt es nicht! --------------------------------------------- https://www.watchlist-internet.at/news/kleinanzeigenbetrug-mit-western-unio… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Digital Editions (APSB18-27), Adobe Experience Manager (APSB18-36), Adobe Framemaker (APSB18-37) and Adobe Technical Communications Suite (APSB18-38). Adobe recommends users update their product installations to the latest versions using the instructions referenced [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1633 ∗∗∗ jQuery-File-Upload < = v9.22.0 unauthenticated arbitrary file upload vulnerability ∗∗∗ --------------------------------------------- Topic: jQuery-File-Upload < = v9.22.0 unauthenticated arbitrary file upload vulnerability Risk: Medium Text:Title: jQuery-File-Upload < = v9.22.0 unauthenticated arbitrary file upload vulnerability Author: Larry W. Cashdollar [...] --------------------------------------------- https://cxsecurity.com/issue/WLB-2018100094 ∗∗∗ GE iFix ∗∗∗ --------------------------------------------- This advisory includes mitigations for an unsafe ActiveX control marked safe for scripting vulnerability in a Gigasoft component affecting GE’s iFix HMI products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01 ∗∗∗ Fuji Electric Energy Savings Estimator ∗∗∗ --------------------------------------------- This advisory includes mitigations for an uncontrolled search path element (DLL Hijacking) vulnerability in the Fuji Electric Energy Savings Estimator software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-282-07 ∗∗∗ October 2018 Security Update Release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/10/09/october-2018-security-u… ∗∗∗ October 2018 Microsoft Patch Tuesday, (Tue, Oct 9th) ∗∗∗ --------------------------------------------- Microsoft released patches for 48 vulnerabilities today and one advisory regarding a defense in depth update for Office. No Adobe updates are included so far, but Adobe has released updates to PDF Reader / Acrobat about a week ago. --------------------------------------------- https://isc.sans.edu/diary/rss/24186 ∗∗∗ VMSA-2018-0025 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0025.html ∗∗∗ USN-3787-1: Tomcat vulnerability ∗∗∗ --------------------------------------------- tomcat7, tomcat8 vulnerabilityA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 16.04 LTSUbuntu 14.04 LTSSummaryTomcat could be made to redirect to arbitrary locations.Software Descriptiontomcat8 - Servlet and JSP enginetomcat7 - Servlet and JSP engineDetailsIt was discovered that Tomcat incorrectly handled returning redirects to adirectory. A remote attacker could possibly use this issue with a speciallycrafted URL to redirect to arbitrary URIs. --------------------------------------------- https://usn.ubuntu.com/3787-1/ ∗∗∗ October 2018 Office Update Release ∗∗∗ --------------------------------------------- The October 2018 Public Update releases for Office are now available! This month, there are 23 security updates and 17 non-security updates. All of the security and non-security updates are listed in KB article 4464656. A new version of Office 2013 Click-To-Run is available: 15.0.5075.1001 A new version of Office 2010 Click-To-Run is available: 14.0.7214.5000 --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/10/09… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (patch), CentOS (firefox, glusterfs, kernel, and nss), Debian (net-snmp), Oracle (firefox, glusterfs, kernel, and nss), Red Hat (glusterfs, kernel, and nss), Scientific Linux (firefox), SUSE (kernel), and Ubuntu (webkit2gtk). --------------------------------------------- https://lwn.net/Articles/768041/ ∗∗∗ BSRT 2018-004 Information Disclosure Vulnerability in Management Console Impacts UEM ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory - Improper Authentication Vulnerability on Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181010-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server in IBM Cloud July 2018 CPU ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10734161 ∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager affected by Apache PDFBox security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/support/docview.wss?uid=ibm10716315 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10734167 ∗∗∗ IBM Security Bulletin: Server Automation is affected by the following GSKit vulnerabilities (CVE-2018-1447, CVE-2018-1427, CVE-2018-1428) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718773 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.10.2018
by Daily end-of-shift report 09 Oct '18

09 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Montag 08-10-2018 18:00 − Dienstag 09-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Millionen Xiongmai-Überwachungskameras durch Cloud-Feature unsicher (XMEye P2P Coud) ∗∗∗ --------------------------------------------- Über 9 Millionen IoT-Geräte des chinesischem OEM-Herstellers "Xiongmai" sind unsicher (selbst jene hinter einer Firewall), weil sie ein unsicheres Cloud-Feature namens "XMEye P2P cloud" standardmäßig aktiv haben. --------------------------------------------- https://www.sec-consult.com/blog/2018/10/millionen-xiongmai-ueberwachungska… ∗∗∗ Sicherheitsupdates: Kritische Lücken in Cisco DNA gefährden ganze Netzwerke ∗∗∗ --------------------------------------------- Cisco stellt Patches für verschiedene Produkte bereit und schließt damit viele Sicherheitslücken. --------------------------------------------- http://heise.de/-4184517 ∗∗∗ Oktober ist Europäischer Monat der Cyber-Sicherheit! ∗∗∗ --------------------------------------------- Auch diesen Oktober nimmt Österreich wieder an der EU-weiten Kampagne European Cyber Security Month (ECSM) teil. Im Fokus steht dabei die Bewusstseinsbildung für Risiken im Netz. --------------------------------------------- https://www.watchlist-internet.at/news/oktober-ist-europaeischer-monat-der-… ===================== = Vulnerabilities = ===================== ∗∗∗ [20181005] - Core - CSRF hardening in com_installer ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 2.5.0 through 3.8.12 Exploit type: CSRF Reported Date: 2018-September-26 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17858 Description Added additional CSRF hardening in com_installer actions in the backend. Affected Installs Joomla! CMS versions 2.5.0 through 3.8.12 Solution Upgrade to version 3.8.13 Contact The JSST at the Joomla! Security Centre. Reported By: Raviraj A. Powar --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/nfI3_UnJIrM/755-20181005-c… ∗∗∗ [20181004] - Core - ACL Violation in com_users for the admin verification ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 1.5.0 through 3.8.12 Exploit type: ACL Violation Reported Date: 2017-December-27 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17855 Description In case that an attacker gets access to the mail account of an user who can approve admin verifications in the registration process he can activate himself. Affected Installs Joomla! CMS versions 1.5.0 through 3.8.12 Solution Upgrade to version 3.8.13 --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/qGhSucxwoZo/754-20181004-c… ∗∗∗ [20181003] - Core - Access level Violation in com_tags ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.1.0 through 3.8.12 Exploit type: ACL Violation Reported Date: 2018-June-20 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17857 Description Inadequate checks on the tags search fields can lead to an access level violation. Affected Installs Joomla! CMS versions 3.1.0 through 3.8.12 Solution Upgrade to version 3.8.13 Contact The JSST at the Joomla! Security Centre. --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/nIIfD6jUDgU/753-20181003-c… ∗∗∗ [20181002] - Core - Inadequate default access level for com_joomlaupdate ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 2.5.4 through 3.8.12 Exploit type: Object Injection Reported Date: 2018-June-21 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17856 Description Joomla’s com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access com_joomlaupdate and trigger a code execution. Affected Installs Joomla! CMS versions 2.5.4 through 3.8.12 --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/MptbHWIJjXM/752-20181002-c… ∗∗∗ [20181001] - Core - Hardening com_contact contact form ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 2.5.0 through 3.8.12 Exploit type: Incorrect Access Control Reported Date: 2018-September-17 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17859 Description Inadequate checks in com_contact could allowed mail submission in disabled forms. Affected Installs Joomla! CMS versions 2.5.0 through 3.8.12 Solution Upgrade to version 3.8.13 Contact The JSST at the Joomla! Security Centre. Reported By: David Jardin (JSST) --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/lkwPYx4JflE/751-20181001-c… ∗∗∗ SAP Security Patch Day - October 2018 ∗∗∗ --------------------------------------------- On 9th of October 2018, SAP Security Patch Day saw the release of 11 Security Notes. Additionally, there were 4 updates to previously released security notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095 ∗∗∗ SSA-347726: Denial-of-Service Vulnerability in SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller ∗∗∗ --------------------------------------------- Versions of SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200 SP Open Controller are affected by a denial-of-service vulnerability. An attacker with network access to the PLC can cause a Denial-of-Service condition on the network stack. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-347726.txt ∗∗∗ SSA-254686: Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- Security researchers published information on vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerabilities. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt ∗∗∗ SSA-464260: TLS ROBOT vulnerability in SCALANCE W1750D ∗∗∗ --------------------------------------------- The latest update for SCALANCE W1750D addresses a vulnerability known as _ROBOT Attack_. The vulnerability could allow an attacker to decrypt TLS traffic. Siemens provides a firmware update and recommends users to update to the new version. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-464260.txt ∗∗∗ SSA-493830: Privilege Escalation in ROX II ∗∗∗ --------------------------------------------- The latest update for ROX II fixes two vulnerabilities. One vulnerability could allow an attacker with a low-privileged user account to execute arbitrary commands. The other vulnerability could allow an attacker with a low-privileged user account to escalate his privileges. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-493830.txt ∗∗∗ SSA-507847: Cross-Site Request Forgery Vulnerability in SIMATIC S7-1200 CPU Family ∗∗∗ --------------------------------------------- The latest firmware update for S7-1200 CPU family version 4 fixes a Cross-Site Request Forgery vulnerability. Siemens recommends to update affected devices as soon as possible. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-507847.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (git), Debian (kernel, samba, and tinc), Fedora (kernel-headers), Oracle (firefox), Red Hat (firefox and qemu-kvm-rhev), Scientific Linux (firefox), SUSE (java-1_8_0-ibm, kubernetes-salt, velum, libxml2, and postgresql10), and Ubuntu (libxkbcommon). --------------------------------------------- https://lwn.net/Articles/767948/ ∗∗∗ iCloud for Windows 7.7 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT209141 ∗∗∗ iOS 12.0.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT209162 ∗∗∗ Zimbra Collaboration Suite: Eine Schwachstelle ermöglicht das Darstellen falscher Informationen ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-2038/ ∗∗∗ IBM Security Bulletin: IBM Netcool/OMNIbus Probe DSL Factory Framework is affected by Apache Camel’s Core vulnerability ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731893 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere application server affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10734305 ∗∗∗ Remote Code Execution via XMeye P2P Cloud in Xiongmai IP Cameras, NVRs and DVRs ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/vulnerabilities-xiongmai-ip-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.10.2018
by Daily end-of-shift report 08 Oct '18

08 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 05-10-2018 18:00 − Montag 08-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Git Project Patches Remote Code Execution Vulnerability in Git ∗∗∗ --------------------------------------------- The Git Project announced yesterday a critical arbitrary code execution vulnerability in the Git command line client, Git Desktop, and Atom that could allow malicious repositories to remotely execute commands on a vulnerable machine. --------------------------------------------- https://www.bleepingcomputer.com/news/security/git-project-patches-remote-c… ∗∗∗ Sony Smart TV Bug Allows Remote Access, Root Privileges ∗∗∗ --------------------------------------------- Software patching becomes a new reality for smart TV owners. --------------------------------------------- https://threatpost.com/sony-smart-tv-bug-allows-remote-access-root-privileg… ∗∗∗ ENISA publishes annual report on trust services security incidents 2017 ∗∗∗ --------------------------------------------- ENISA publishes the first full-year annual report on security incidents with electronic trust services, covering 2017. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-publishes-annual-report-o… ∗∗∗ Sicherheitsupdate: D-Link Central WiFi Manager anfällig für Schadcode ∗∗∗ --------------------------------------------- In der Windows-Version von D-Link Central WiFi Manager klaffen mehrere Sicherheitslücken. Mindestens eine davon gilt als kritisch. Ein Patch schafft Abhilfe. --------------------------------------------- http://heise.de/-4183206 ∗∗∗ macOS: Code-Signing teilweise aushebelbar ∗∗∗ --------------------------------------------- Gatekeeper soll dafür sorgen, dass bekannte Malware auf dem Mac nicht startet. Überprüft wird aber oft nur ein Mal, warnt ein Sicherheitsforscher. --------------------------------------------- http://heise.de/-4182870 ===================== = Vulnerabilities = ===================== ∗∗∗ VU#176301: Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App ∗∗∗ --------------------------------------------- Vulnerability Note VU#176301 Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App Original Release date: 06 Oct 2018 | Last revised: 08 Oct 2018 Overview Auto-Maskin RP remote panels and DCU controls units are used to monitor and control ship engines. The units have several authentication and encryption vulnerabilities which can allow attackers to access the units and control connected engines. Description CWE 798: Use of Hard-Coded Credentials - CVE–2018-5399 [...] --------------------------------------------- http://www.kb.cert.org/vuls/id/176301 ∗∗∗ FLIR Systems FLIR Thermal Traffic Cameras Websocket Device Manipulation ∗∗∗ --------------------------------------------- FLIR thermal traffic cameras suffer from an unauthenticated device manipulation vulnerability utilizing the websocket protocol. The affected FLIR Intelligent Transportation Systems - ITS models use an insecure implementation of websocket communication used for administering the device. Authentication and authorization bypass via referencing a direct object allows an attacker to directly modify running configurations, disclose information or initiate a denial of service (DoS) scenario with [...] --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5490.php ∗∗∗ FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure ∗∗∗ --------------------------------------------- FLIR thermal traffic cameras suffer from an unauthenticated and unauthorized live RTSP video stream access. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5489.php ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (adplug, git, php-horde, php-horde-core, and php-horde-kronolith), Fedora (firefox, liblouis, libmad, mediawiki, opensc, php-horde-horde, php-horde-Horde-Core, php-horde-kronolith, and rust), Gentoo (imagemagick, openssh, and sox), openSUSE (ghostscript, gitolite, java-1_8_0-openjdk, kernel, php5, php7, python, thunderbird, tomcat, and unzip), Red Hat (firefox and rh-haproxy18-haproxy), and SUSE (ImageMagick, java-1_8_0-openjdk, kernel, qpdf, [...] --------------------------------------------- https://lwn.net/Articles/767873/ ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager Misses Authentication for Critical Function (CVE-2018-1745) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733355 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Improper Authentication (CVE-2018-1738) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733309 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by an Information disclosure of stack trace vulnerability (CVE-2018-1553) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733541 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733543 ∗∗∗ IBM Security Bulletin: Vulnerabilities in NTP, OpenSSL and Intel CPU’s affect IBM Netezza Firmware Diagnostics. ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22016330 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.10.2018
by Daily end-of-shift report 05 Oct '18

05 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 04-10-2018 18:00 − Freitag 05-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stefan Lenzhofer ===================== = News = ===================== ∗∗∗ Fallout Exploit Kit Now Installing the Kraken Cryptor Ransomware ∗∗∗ --------------------------------------------- The Fallout Exploit has been distributing the GandCrab Ransomware for the past few weeks, but has now switched its payload to the Kraken Cryptor Ransomware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fallout-exploit-kit-now-inst… ∗∗∗ 365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools ∗∗∗ --------------------------------------------- Posted by Ivan Fratric, Google Project ZeroAround a year ago, we published the results of research about the resilience of modern browsers against DOM fuzzing, a well-known technique for finding browser bugs. Together with the bug statistics we also published Domato, our DOM fuzzing tool that was used to find those bugs.Given that in the previous research, Apple Safari, or more specifically, WebKit (its DOM engine) did noticeably worse than other browsers, we decided to revisit it after a year [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/10/365-days-later-finding-and-e… ∗∗∗ ThreatList: 83% of Routers Contain Vulnerable Code ∗∗∗ --------------------------------------------- Five out of six name brand routers, such as Linksys, NETGEAR and D-Link, contain known open-source vulnerabilities. --------------------------------------------- https://threatpost.com/threatlist-83-of-routers-contain-vulnerable-code/137… ∗∗∗ Domain Name System: Vorsichtsmaßnahmen für den DNS-Schlüsseltausch ∗∗∗ --------------------------------------------- Der kryptografische Hauptschlüssel des DNS wird in einer Woche gewechselt. Für unvorbereitete Provider kann das fatale Folgen haben. --------------------------------------------- http://heise.de/-4179793 ===================== = Vulnerabilities = ===================== ∗∗∗ Carestream Vue RIS ∗∗∗ --------------------------------------------- This advisory includes mitigations for an information exposure through an error message vulnerability in the Carestream Vue RIS, a web-based radiology information system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01 ∗∗∗ Change Healthcare PeerVue Web Server ∗∗∗ --------------------------------------------- This advisory includes mitigations for an information exposure through an error message vulnerability in the Change Healthcare PeerVue Web Server. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-02 ∗∗∗ WECON PI Studio ∗∗∗ --------------------------------------------- This advisory includes information on stack-based buffer overflow, out-of-bounds write, and out-of-bounds read vulnerabilities in WECON’s PI Studio HMI project programmer. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01 ∗∗∗ Security Advisory 2018-06: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- October 05, 2018 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security(a)otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2020-11-16] uid OTRS Security Team GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22The post Security Advisory 2018-06: Security Update for OTRS Framework appeared first on | community.otrs.com. --------------------------------------------- https://community.otrs.com/security-advisory-2018-06-security-update-for-ot… ∗∗∗ VMSA-2018-0024.1 ∗∗∗ --------------------------------------------- VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) update resolves SAML authentication bypass vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0024.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel), Fedora (lcms2, php-tcpdf, and udisks2), openSUSE (ImageMagick, libX11, openssl-1_0_0, openssl-1_1, and otrs), SUSE (kernel, php5, php53, php7, and python), and Ubuntu (apparmor and imagemagick). --------------------------------------------- https://lwn.net/Articles/767689/ ∗∗∗ IBM Security Bulletin: A vulnerability in yum-utils affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10728307 ∗∗∗ IBM Security Bulletin: Vulnerabilities in docker affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10725649 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access ∗∗∗ --------------------------------------------- https://www.ibm.com/support/docview.wss?uid=ibm10733857 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733905 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager generates Application Error (CVE-2018-1753) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733359 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Incorrect Permission Assignment for Critical Resource (CVE-2018-1750) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733311 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Hazardous Input Validation ( CVE-2018-1749) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733303 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Information Exposure (CVE-2018-1743) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733351 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager Uses Hard-coded Credentials (CVE-2018-1742) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733419 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Improper Control of Interaction Frequency (CVE-2018-1741) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733425 ∗∗∗ Security vulnerabilities fixed in Thunderbird 60.2.1 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.10.2018
by Daily end-of-shift report 04 Oct '18

04 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 03-10-2018 18:00 − Donnerstag 04-10-2018 18:00 Handler: Stephan Richter Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Phishing Attacks Distributed Through CloudFlares IPFS Gateway ∗∗∗ --------------------------------------------- Yesterday we reported on a phishing attack that utilizes Azure Blob storage in order to have login forms secured by a Microsoft issued SSL certificate. After reviewing the URLs used by the same attacker, BleepingComputer has discovered that these same bad actors are utilizing the Cloudflare IPFS gateway for the same purpose. --------------------------------------------- https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed… ∗∗∗ Nicht bei conquerconsoles.com, konsolenkammer24.de oder konsolenstation24.com kaufen ∗∗∗ --------------------------------------------- Die Fakeshops conquerconsoles.com, konsolenkammer24.de und konsolenstation24.com vertreiben Spielkonsolen und Spiele zu unschlagbaren Preisen. Die Fakeshops locken mit Angeboten, wo Sie eine PlayStation 4 samt Spiel und Controller kostengünstig erwerben können. Sie können nur im Voraus per Banküberweisung bezahlen, erhalten aber keine Ware! --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bei-conquerconsolescom-konsole… ===================== = Vulnerabilities = ===================== ∗∗∗ Printer, email and PDF versions - Highly critical - Remote Code Execution - SA-CONTRIB-2018-063 ∗∗∗ --------------------------------------------- Project: Printer, email and PDF versionsVersion: 7.x-2.x-devDate: 2018-October-03Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Remote Code ExecutionDescription: This module provides printer-friendly versions of content, including send by e-mail and PDF versions.The module doesnt sufficiently sanitize the arguments passed to the wkhtmltopdf executable, allowing a remote attacker to execute arbitrary shell commands. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-063 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox and python-django), Debian (dnsmasq, firefox-esr, imagemagick, and linux-4.9), Fedora (haproxy), openSUSE (bitcoin, firefox, and texlive), SUSE (openslp), and Ubuntu (apache2). --------------------------------------------- https://lwn.net/Articles/767611/ ∗∗∗ Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions.The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Digital Network Architecture Center Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions.The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ More Cisco Security Advisories ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ Red Hat JBoss Web Server: Eine Schwachstelle ermöglicht das Erlangen von Benutzerrechten ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1992/ ∗∗∗ Apache Tomcat: Eine Schwachstelle ermöglicht das Darstellen falscher Informationen ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-2000/ ∗∗∗ ClamAV: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-2008/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily