- Daily - CERT.at

Tageszusammenfassung - 11.05.2018
by Daily end-of-shift report 11 May '18

11 May '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-05-2018 18:00 − Freitag 11-05-2018 18:00 Handler: Stefan Lenzhofer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-09) ∗∗∗ --------------------------------------------- A prenotification Security Advisory (APSB18-09) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Monday, May 14, 2018. We will continue to provide updates on the upcoming release via the Security Advisory as well as the Adobe … Continue [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1553 ∗∗∗ Researchers Come Up With a Way to Launch Rowhammer Attacks via Network Packets ∗∗∗ --------------------------------------------- Five academics from the Vrije University in Amsterdam and one from the University of Cyprus have discovered a way for launching Rowhammer attacks via network packets and network cards. --------------------------------------------- https://www.bleepingcomputer.com/news/security/researchers-come-up-with-a-w… ∗∗∗ Lücke in Windows, Linux, macOS: Entwickler missverstehen Intel-Dokumentation ∗∗∗ --------------------------------------------- Weil ihre Entwickler die Dokumentation einer CPU-Funktion missverstanden haben, sind nun fast alle Betriebssysteme anfällig für Manipulationen des Kernel-Speichers. Updates für die Lücke wurden bereits verteilt. --------------------------------------------- https://www.heise.de/security/meldung/Luecke-in-Windows-Linux-macOS-Entwick… ∗∗∗ ATM attacks: How hackers are going for gold ∗∗∗ --------------------------------------------- Imagine winning the lottery and having an ATM spit huge amounts of cash at you. That's exactly what some cyber criminals are after. They're targeting ATMs and launching "jackpotting" attacks, forcing them to dispense bills like a winning slot machine. --------------------------------------------- https://www.helpnetsecurity.com/2018/05/11/atm-attacks/ ∗∗∗ Sicherheitslücke bei "Signal"-App für Mac ∗∗∗ --------------------------------------------- Nachrichten, die verschwinden sollen, leben in der Benachrichtigungsleiste weiter --------------------------------------------- http://derstandard.at/2000079519326 ∗∗∗ One year later: EternalBlue exploit more popular now than during WannaCryptor outbreak ∗∗∗ --------------------------------------------- The infamous outbreak may no longer be causing mayhem worldwide but the threat that enabled it is still very much alive and posing a major threat to unpatched and unprotected systems --------------------------------------------- https://www.welivesecurity.com/2018/05/10/one-year-later-eternalblue-exploi… ∗∗∗ LG patches RCE bug in smartphone keyboards ∗∗∗ --------------------------------------------- LG on Monday released a security update fixing a high-severity remote code execution vulnerability found in the default keyboards of all its mainstream smartphone models. --------------------------------------------- https://www.scmagazineuk.com/news/lg-patches-rce-bug-in-smartphone-keyboard… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (freetype2, libraw, and powerdns), CentOS (389-ds-base and kernel), Debian (php5, prosody, and wavpack), Fedora (ckeditor, fftw, flac, knot-resolver, patch, perl, and perl-Dancer2), Mageia (cups, flac, graphicsmagick, libcdio, libid3tag, and nextcloud), openSUSE (apache2), Oracle (389-ds-base and kernel), Red Hat (389-ds-base and flash-plugin), Scientific Linux (389-ds-base), Slackware (firefox and wget), SUSE (xen), and Ubuntu (wget). --------------------------------------------- https://lwn.net/Articles/754145/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libmupdf, mupdf, mupdf-gl, and mupdf-tools), Debian (firebird2.5, firefox-esr, and wget), Fedora (ckeditor, drupal7, firefox, kubernetes, papi, perl-Dancer2, and quassel), openSUSE (cairo, firefox, ImageMagick, libapr1, nodejs6, php7, and tiff), Red Hat (qemu-kvm-rhev), Slackware (mariadb), SUSE (xen), and Ubuntu (openjdk-8). --------------------------------------------- https://lwn.net/Articles/754257/ ∗∗∗ Oracle Java SE vulnerability CVE-2018-2783 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44923228 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.05.2018
by Daily end-of-shift report 09 May '18

09 May '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-05-2018 18:00 − Mittwoch 09-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ "Hide and Seek" Becomes First IoT Botnet Capable of Surviving Device Reboots ∗∗∗ --------------------------------------------- Security researchers have discovered the first IoT botnet malware strain that can survive device reboots and remain on infected devices after the initial compromise. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hide-and-seek-becomes-first-… ∗∗∗ PoC Developed for CoinHive Mining In Excel Using Custom JavaScript Functions ∗∗∗ --------------------------------------------- Within days of Microsoft announcing that they are introducing custom JavaScript equations in Excel, a security researcher has developed a way to use this method to load the CoinHive in-browser JavaScript miner within Excel. --------------------------------------------- https://www.bleepingcomputer.com/news/security/poc-developed-for-coinhive-m… ∗∗∗ Call for speakers One Conference ∗∗∗ --------------------------------------------- The international One Conference 2018 will take place on October 2 & 3 in The Hague. Overall theme of this edition is "Merging Worlds – Securing the connected future". --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/call-for-speakers-one-confe… ∗∗∗ Nice Phishing Sample Delivering Trickbot, (Wed, May 9th) ∗∗∗ --------------------------------------------- Users have to deal with phishing for a very long time. Today, most of them remain dumb messages quickly redacted with a simple attached file and a message like "Click on me, its urgent!". Yesterday, I put my hands on a very nice sample that deserve to be dissected to demonstrate that phishing campaigns remain an excellent way to infect a computer! --------------------------------------------- https://isc.sans.edu/diary/rss/23641 ∗∗∗ Massive localstorage[.]tk Drupal Infection ∗∗∗ --------------------------------------------- After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this one: [...] --------------------------------------------- https://blog.sucuri.net/2018/05/massive-localstorage-tk-drupal-infection.ht… ∗∗∗ Its 2018, and a webpage can still pwn your Windows PC – and apps can escape Hyper-V ∗∗∗ --------------------------------------------- Scores of bugs, from Edge and Office to kernel code to Adobe Flash, need fixing ASAP Patch Tuesday Microsoft and Adobe have patched a bunch of security bugs in their products that can be exploited by hackers to commandeer vulnerable computers, siphon peoples personal information, and so on. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/05/09/microsoft_w… ∗∗∗ Introducing Orchestrator decryption tool ∗∗∗ --------------------------------------------- Researched and written by Donny Maasland and Rindert Kramer Introduction During penetration tests we sometimes encounter servers running software that use sensitive information as part of the underlying process, such as Microsoft’s System Center Orchestrator. According to Microsoft, Orchestrator is a workflow management solution for data centers and can be used to automate the creation, [...] --------------------------------------------- https://blog.fox-it.com/2018/05/09/introducing-orchestrator-decryption-tool/ ∗∗∗ Netzwerkfähige Medizinprodukte besser schützen ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/sicherheits… ∗∗∗ Gandcrab Ransomware Walks its Way onto Compromised Sites ∗∗∗ --------------------------------------------- This blog post authored by Nick Biasini with contributions from Nick Lister and Christopher Marczewski.Despite the recent decline in the prevalence of ransomware in the threat landscape, Cisco Talos has been monitoring the now widely distributed ransomware called Gandcrab. Gandcrab uses both traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft. --------------------------------------------- https://blog.talosintelligence.com/2018/05/gandcrab-compromised-sites.html ∗∗∗ Google CTF 2018 is here ∗∗∗ --------------------------------------------- https://security.googleblog.com/2018/05/google-ctf-2018-is-here.html ∗∗∗ Gefälschte Mobilis GmbH-Bestellung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte Bestellung der Mobilis GmbH. In dem geschäftlichen Schreiben fordern sie von Unternehmen, dass diese den Dateianhang für weiterführende Informationen zum Einkauf öffnen. In Wahrheit verbirgt er Schadsoftware. Aus diesem Grund ist es wichtig, dass Empfänger/in die vermeintliche Bestellung nicht öffnen und die Nachricht in ihren Spam-Ordner verschieben. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-mobilis-gmbh-bestellung-… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2018-8897 ∗∗∗ --------------------------------------------- Aktuell gehen Medienberichte über einen Bug im Umgang von Betriebssystemen mit Intel und AMD CPUs umher, dazu hatten wir die ersten Rückfragen bezüglich der Kritikalität. Wir sehen das nicht tragisch: der Bug ist nach momentanem Wissensstand weder remote noch via JavaScript etc. ausnutzbar, und daher "nur" eine klassische Privilege Escalation. --------------------------------------------- http://www.cert.at/services/blog/20180509142228-2199.html ∗∗∗ Silex Technology SX-500/SD-320AN or GE Healthcare MobileLink ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper authentication and OS command injection vulnerabilities in Silex Technology SX-500, SD-320AN, and GE Healthcare MobileLink devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01 ∗∗∗ Siemens Medium Voltage SINAMICS Products ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation vulnerabilities in Siemens SINAMICS modular drive systems. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-01 ∗∗∗ Siemens Siveillance VMS ∗∗∗ --------------------------------------------- This advisory includes mitigations for a deserialization of untrusted data vulnerability in the Siemens Siveillance Video Management Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-02 ∗∗∗ Siemens Siveillance VMS Video Mobile App ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper certificate validation vulnerability in the Siemens Siveillance VMS mobile app. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-03 ∗∗∗ May 2018 Office Update Release ∗∗∗ --------------------------------------------- The May 2018 Public Update releases for Office are now available! This month, there are 30 security updates and 22 non-security updates. All of the security and non-security updates are listed in KB article 4133083. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/05/08… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel), Gentoo (rsync), openSUSE (Chromium), Oracle (kernel), Red Hat (kernel and kernel-rt), Scientific Linux (kernel), SUSE (kernel and php7), and Ubuntu (dpdk, libraw, linux, linux-lts-trusty, linux-snapdragon, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/754021/ ∗∗∗ Security Update Summary ∗∗∗ --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance/summary ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180509-… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Huawei iBMC Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180509-… ∗∗∗ [R1] OpenSSL Stand-alone Patch Available for SecurityCenter versions 5.0 or Later ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-04 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2811 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01294982 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2796 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K71021401 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2798 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24593421 Next End-of-Day report: 2018-05-11 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.05.2018
by Daily end-of-shift report 08 May '18

08 May '18

===================== = End-of-Day report = ===================== Timeframe: Montag 07-05-2018 18:00 − Dienstag 08-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Office 365 Zero-Day Used in Real-World Phishing Campaigns ∗∗∗ --------------------------------------------- A new email attack known as baseStriker allows miscreants to send malicious emails that bypass security systems on Office 365 accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/office-365-zero-day-used-in-… ∗∗∗ Don’t Share Email with Scripts and Macros ∗∗∗ --------------------------------------------- Sharing documents scripts and macros over email is a habit you want to break, says Broderick Aquilino, Senior Researcher at F-Secure. "Both scripts and macros are commonly used attack vectors," he told us. "Users practicing this increase their risk because it becomes harder for them to distinguish something malicious from what they are receiving day [...] --------------------------------------------- https://safeandsavvy.f-secure.com/2018/05/08/dont-share-email-with-scripts-… ∗∗∗ How to Protect Your Web Applications From XXE Attacks ∗∗∗ --------------------------------------------- XML External Entities (XXE) Attacks are now the 4th greatest risk to web applications as per OWAPS Top 10. --------------------------------------------- https://www.htbridge.com/blog/how-to-protect-your-web-applications-from-xxe… ∗∗∗ Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users ∗∗∗ --------------------------------------------- We discovered a malware family called Maikspy - a multi-platform spyware that can steal users' private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of the adult film actress and spyware, has been around since 2016. Multiple Twitter handles were found promoting the Maikspy-carrying adult games and sharing the malicious domain via short links. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/maikspy-spyware… ∗∗∗ Drupal-Lücken: Lenovo versäumt Webseiten-Update und fängt sich Krypto-Miner ein ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher warnt, dass Angreifer gegenwärtig ungepatchte Drupal-Webseiten attackieren, um dort einen Kryptogeld-Miner zu platzieren. Sicherheitsupdates sind schon länger verfügbar. --------------------------------------------- https://www.heise.de/-4044683 ∗∗∗ Mobile Menace Monday: re-emergence of a fake Android AV ∗∗∗ --------------------------------------------- Way back in early 2013, a new antivirus (AV) company emerged into the mobile security software industry that had everyone perplexed. It seemed like a fake Android AV, but received certification by a reputable AV testing organization! Now, five years later, its back. Heres why you shouldnt trust it. --------------------------------------------- https://blog.malwarebytes.com/malwarebytes-news/2018/05/mobile-menace-monda… ∗∗∗ 8 Tips to Harden Your Joomla Installation ∗∗∗ --------------------------------------------- Joomla arrived on the scene in 2005 as a fork of the Mambo content management system (CMS). Downloaded over 91 million times, it has since eclipsed Mambo to become a ubiquitous platform for websites of all sizes. According to last year's Hacked Website Report from Sucuri, which used insights from over 36,000 compromised sites, Joomla [...] --------------------------------------------- https://www.tripwire.com/state-of-security/featured/8-tips-harden-joomla-in… ∗∗∗ Hacking train passenger Wi-Fi ∗∗∗ --------------------------------------------- After speaking about Wi-Fi security at a rail industry conference last week, it struck me that very insecure passenger networks are making their way on to trains. So, here's a quick check list for making sure your pax Wi-Fi network is secure. Similar checks could be applied to your guest network in your office, Wi-Fi [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/hacking-train-passenger-wi-fi/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Creative Cloud Desktop Application (APSB18-12), Adobe Flash Player (APSB18-16), and Adobe Connect (APSB18-18). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1557 ∗∗∗ iPrint Appliance 2.1 Patch 7 ∗∗∗ --------------------------------------------- Abstract: iPrint Appliance 2.1 Patch 7 is a cumulative patch including fixes from all the previous 2.1 patches and hot fixes. Document ID: 5377430Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:iPrint-2.1.0.87.HP.zip (950.24 MB)Products:iPrint Appliance 2.1Superceded Patches:iPrint Appliance 2.1 --------------------------------------------- https://download.novell.com/Download?buildid=uKzGH3eCxf0~ ∗∗∗ SAP Security Patch Day - May 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape. --------------------------------------------- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ ∗∗∗ Android Security Bulletin - May 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-05-05 or later address all of these issues. To learn how to check a devices security patch level, see Check & update your Android version. --------------------------------------------- https://source.android.com/security/bulletin/2018-05-01 ∗∗∗ USN-3639-1: LibRaw vulnerabilities ∗∗∗ --------------------------------------------- libraw vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 18.04 LTSUbuntu 17.10Ubuntu 16.04 LTSSummarySeveral security issues were fixed in LibRaw.Software Descriptionlibraw - raw image decoder libraryDetailsIt was discovered that LibRaw incorrectly handled certain files.An attacker could possibly use this to execute arbitrary code.(CVE-2018-10528)It was discovered that LibRaw incorrectly handled certain files.An attacker could possibly use this to [...] --------------------------------------------- https://usn.ubuntu.com/3639-1/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (wget), SUSE (patch), and Ubuntu (qpdf). --------------------------------------------- https://lwn.net/Articles/753882/ ∗∗∗ WebKitGTK+ Security Advisory WSA-2018-0004 ∗∗∗ --------------------------------------------- Date Reported: May 07, 2018 Advisory ID: WSA-2018-0004 CVE identifiers: CVE-2018-4121, CVE-2018-4200,CVE-2018-4204. Several vulnerabilities were discovered in WebKitGTK+. CVE-2018-4121 Versions affected: WebKitGTK+ before 2.20.0. Credit to Natalie Silvanovich of Google Project Zero. Impact: Processing maliciously crafted web content may lead toarbitrary code execution. Description: Multiple memory corruptionissues were addressed with improved memory handling. --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0004.html ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011364 ∗∗∗ Linux kernel vulnerability CVE-2017-8824 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15526101 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.05.2018
by Daily end-of-shift report 07 May '18

07 May '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-05-2018 18:00 − Montag 07-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Drupal Sites Fall Victims to Cryptojacking Campaigns ∗∗∗ --------------------------------------------- After the publication of two severe security flaws in the Drupal CMS, cybercrime groups have turned their sights on this web technology in the hopes of finding new ground to plant malware on servers and make money through illegal cryptocurrency mining. --------------------------------------------- https://www.bleepingcomputer.com/news/security/drupal-sites-fall-victims-to… ∗∗∗ SynAck Ransomware Uses Process Doppelgänging Technique ∗∗∗ --------------------------------------------- A new and improved version of the SynAck ransomware has been spotted online these past days, and security researchers are reporting that the ransomware now uses the Process Doppelgänging technique. --------------------------------------------- https://www.bleepingcomputer.com/news/security/synack-ransomware-uses-proce… ∗∗∗ How to Protect Yourself From GDPR-Related Phishing Scams ∗∗∗ --------------------------------------------- Fourteen emails. That’s the amount of GDPR policy notification emails I’ve received in the past few weeks. The EU’s General Data Protection Regulation (GDPR) compliance deadline is May 25, requiring companies around the world to notify their contacts about data privacy changes under this new rule. --------------------------------------------- http://resources.infosecinstitute.com/protect-gdpr-phishing-scams/ ∗∗∗ Lenovo Patches Arbitrary Code Execution Flaw ∗∗∗ --------------------------------------------- Lenovo warns of a high-severity bug impacting its System x line of servers, along with a medium-severity buffer-overflow vulnerability affecting its popular ThinkPad line. --------------------------------------------- https://threatpost.com/lenovo-patches-arbitrary-code-execution-flaw/131725/ ∗∗∗ Umsetzung NIS-Richtlinie abgeschlossen - neue Pflichten für Anbieter digitaler Dienste ∗∗∗ --------------------------------------------- Im Zuge der Umsetzung der EU-Richtlinie zur Netzwerk- und Informationssicherheit (NIS-Richtlinie) müssen Anbieter von Suchmaschinen, Cloud-Computing-Diensten und Online-Marktplätzen mit Sitz in Deutschland ab 10. Mai 2018 IT-Sicherheitsvorfälle mit erheblichen Auswirkungen auf den betriebenen Dienst an das Bundesamt für Sicherheit in der Informationstechnik (BSI) melden. Gleichzeitig gelten dann europaweit einheitliche Mindestanforderungen [...] --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/NIS-Richtli… ∗∗∗ MassMiner: Kryptogeld-Miner hat es auf Web-Server abgesehen ∗∗∗ --------------------------------------------- Unbekannte Angreifer attackieren Sicherheitsforschern zufolge derzeit gezielt Server mit verwundbaren Versionen von Apache Struts, Oracle WebLogic und Windows SMB. Sicherheitspatches sind schon länger verfügbar. --------------------------------------------- https://heise.de/-4043366 ∗∗∗ Spectre-NG: Intel verschiebt die ersten Patches – koordinierte Veröffentlichung aufgeschoben ∗∗∗ --------------------------------------------- Eigentlich war für Montag die Veröffentlichung der ersten Spectre-NG-Patches geplant. Doch Intel hat um Aufschub gebeten und diesen auch erhalten. Neue, exklusive Informationen zeigen, wie es mit Spectre-NG jetzt weiter gehensoll. --------------------------------------------- https://www.heise.de/-4043790 ∗∗∗ Windows Defender Exploit Guard – Attack Surface Reduction Rules aktivieren ∗∗∗ --------------------------------------------- Mit Windows 10 v1709 hat Microsoft der Defender-Plattform zusätzliche, interessante Features spendiert, die nun mit Win10-Release 1803 um weitere Möglichkeiten ergänzt wurden. So lassen sich zum Beispiel folgende Regeln aktivieren, welche das Risiko einer Malware-Infektion in einigen Szenarien deutlich reduzieren können: [...] --------------------------------------------- https://hitco.at/blog/windows-defender-exploit-guard-attack-surface-reducti… ===================== = Vulnerabilities = ===================== ∗∗∗ Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch") ∗∗∗ --------------------------------------------- Some platforms with integrated GPUs, such as smartphones, may allow both side-channel and rowhammer attacks via WebGL, which may allow a remote attacker to compromise the browser on an affected platform. An attack technique that leverages these vulnerabilities is called "GLitch." --------------------------------------------- https://www.kb.cert.org/vuls/id/283803 ∗∗∗ Vulnerability Spotlight: MySQL Multi-Master Manager Remote Command Injection Vulnerability ∗∗∗ --------------------------------------------- Today, Talos is releasing details of a new vulnerability within MySQL Multi-Master Manager. This is used to perform monitoring, failover and management of MySQL master-master replication configurations. By using MySQL MMM (Multi-Master Replication Manager for MySQL) it ensures that only one node is writeable at a time. Using MySQL MMM an end user can also choose to move their Virtual IP addresses to different servers depending on their replication [...] --------------------------------------------- https://blog.talosintelligence.com/2018/05/vulnerability-spotlight-mysql-mm… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libdatetime-timezone-perl, libmad, lucene-solr, tzdata, and wordpress), Fedora (drupal7, scummvm, scummvm-tools, and zsh), Mageia (boost, ghostscript, gsoap, java-1.8.0-openjdk, links, and php), openSUSE (pam_kwallet), and Slackware (python). --------------------------------------------- https://lwn.net/Articles/753687/ ∗∗∗ Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT208804 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016092 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM InfoSphere Identity Insight. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015944 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016039 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect IBM Virtualization Engine TS7700 (CVE-2016-7427, CVE-2016-7428, CVE-2016-9310, CVE-2016-9311) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011857 ∗∗∗ RSA Authentication Manager Bugs Let Remote Users Inject HTTP Headers and Remote Authenticated Users Conduct XML External Entity Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040835 ∗∗∗ Side-channel processor vulnerability CVE-2018-9056 (BranchScope) ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35135935 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.05.2018
by Daily end-of-shift report 04 May '18

04 May '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-05-2018 18:00 − Freitag 04-05-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Dateikompression: Bug in 7-Zip 18.01 ermöglicht Codeausführung beim Entpacken ∗∗∗ --------------------------------------------- Ein Bug macht sich uninitialisierten Speicher zunutze, um darüber beliebigen Code beim Entpacken von Dateiarchiven mit 7-Zip auszuführen. Ein Softwareentwickler hat die Lücke entdeckt und zu Demonstrationszwecken ausgenutzt. Statt dem Windows-Taschenrechner könnte darüber auch Schlimmeres ausgeführt werden. --------------------------------------------- https://www.golem.de/news/dateikompression-bug-in-7-zip-18-01-ermoeglicht-c… ∗∗∗ IMHO: Ein Lob für Twitter und Github ∗∗∗ --------------------------------------------- Bei Github wurden Passwörter versehentlich im Klartext gespeichert. Kurze Zeit später meldete Twitter ein ähnliches Problem. Es gibt keinen Hinweis darauf, dass dadurch Nutzer gefährdet wurden. Trotzdem gingen die Firmen damit transparent um - richtig so! --------------------------------------------- https://www.golem.de/news/imho-ein-lob-fuer-twitter-und-github-1805-134232.… ∗∗∗ Rooting a Logitech Harmony Hub: Improving Security in Todays IoT World ∗∗∗ --------------------------------------------- Introduction FireEye’s Mandiant Red Team recently discovered vulnerabilities present on the Logitech Harmony Hub Internet of Things (IoT) device that could potentially be exploited, resulting in root access to the device via SSH. The Harmony Hub is a home control system designed to connect to and control a variety of devices in the user’s .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2018/05/rooting-logitech-harmon… ∗∗∗ ICS-Systeme von Schneider Electric: Angreifer könnten Fabriken übernehmen ∗∗∗ --------------------------------------------- In den Industrie-Kontrollsystemen InduSoft Web Studio und InTouch Machine Edition von Schneider Electric klaffen kritische Sicherheitslücken. Patches sind verfügbar. --------------------------------------------- https://www.heise.de/meldung/ICS-Systeme-von-Schneider-Electric-Angreifer-k… ∗∗∗ Wie Google mit veralteten und unsicheren Android-Apps aufräumen will ∗∗∗ --------------------------------------------- Entwickler sehen sich künftig mit wesentlich härteren Vorschriften konfrontiert – Umstellung bringt Mehrarbeit --------------------------------------------- http://derstandard.at/2000078894766 ∗∗∗ Google rolls out .app domains with built-in HTTPS ∗∗∗ --------------------------------------------- The move is part of the company’s HTTPS-everywhere vision for the internet .. --------------------------------------------- https://www.welivesecurity.com/2018/05/04/google-rolls-app-domain-built-htt… ===================== = Vulnerabilities = ===================== ∗∗∗ Philips Brilliance Computed Tomography (CT) System ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for execution with unnecessary privileges, exposure of resource to wrong sphere, and use of hard-coded credentials vulnerabilities in Philips Brillance CT Scanners. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01 ∗∗∗ Lantech IDS 2102 ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation and stack-based buffer overflow vulnerabilities in the Lantech IDS 2102 Ethernet device server. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01 ∗∗∗ DSA-4191 redmine - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4191 ∗∗∗ DSA-4189 quassel - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4189 ∗∗∗ Security Advisory 2018-01: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2018-01-security-update-for-ot… ∗∗∗ Use of hardcoded credentials for communication between Meru access points and FortiWLC ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-274 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.05.2018
by Daily end-of-shift report 03 May '18

03 May '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-05-2018 18:00 − Donnerstag 03-05-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Notfall-Hotline für von Cybercrime betroffene Unternehmen in Wien ∗∗∗ --------------------------------------------- Anzeigen wegen Cybercrime-Delikten sind im Vorjahr in Österreich um rund 28 Prozent gestiegen. ... Die WK Wien startete deshalb eine Notfall-Hotline für betroffene Unternehmen. --------------------------------------------- http://derstandard.at/2000079106868 ∗∗∗ Threat Roundup for April 20-27 ∗∗∗ --------------------------------------------- Today, Talos is publishing a glimpse into the most prevalent threats weve observed between April 20 and 27. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics, indicators of compromise... --------------------------------------------- http://blog.talosintelligence.com/2018/04 /threat-round-up-0420-0427.html ∗∗∗ Betrug mit gefälschter Microsoft-Warnung ∗∗∗ --------------------------------------------- Mit einer gefälschten Microsoft-Warnung fordern Kriminelle von Konsument/innen, dass sie telefonisch Kontakt mit einem Support-Center aufnehmen. Es teilt ihnen mit, dass ihr Computer mit Schadsoftware befallen sei. Aus diesem Grund sollen sie ein Programm herunterladen und für die Hilfestellung bezahlen. Kommen die Konsument/innen den Aufforderungen nach, verlieren sie Geld und infizieren ihr Endgerät mit Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news /betrug-mit-gefaelschter-microsoft-warnung/ ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: * WebEx Advanced Recording Format Remote Code Execution Vulnerability cisco-sa-20180502-war * Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability cisco-sa-20180502-prime-upload * Secure Access Control System Remote Code Execution Vulnerability cisco-sa-20180502-acs1 * Wireless LAN Controller 802.11 Management Frame Denial-of-Service Vulnerability cisco-sa-20180502-wlc-mfdos * Wireless LAN Controller IP Fragment Reassembly Denial-of-Service Vulnerability cisco-sa-20180502-wlc-ip * Meeting Server Remote Code Execution Vulnerability cisco-sa-20180502-cms-cx * Aironet 1810, 1830, and 1850 Series Access Points Point-to-Point Tunneling Protocol Denial-of-Service Vulnerability cisco-sa-20180502-ap-ptp * Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability cisco-sa-20180502-aironet-ssh --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/05/02 /Cisco-Releases-Security-Updates ∗∗∗ Weitere Spectre-Lücken im Anflug ∗∗∗ --------------------------------------------- Ganze acht neue Sicherheitslücken in Intel-CPUs haben mehrere Forscher-Teams dem Hersteller bereits gemeldet, die aktuell noch geheimgehalten werden. ... Die konkrete Gefahr für Privatleute und Firmen-PCs ist hingegen eher gering, weil es dort in aller Regel andere, einfacher auszunutzende Schwachstellen gibt. Trotzdem sollte man sie ernst nehmen und die anstehenden Spectre-NG-Updates nach deren Erscheinen zügig einspielen. --------------------------------------------- https://heise.de/-4039134 ∗∗∗ Kritische Sicherheitslücke in Oracle Access Manager - Updates verfügbar ∗∗∗ --------------------------------------------- Kritische Sicherheitslücke in Oracle Access Manager - Updates verfügbar 3. Mai 2018 Beschreibung Das IT-Security Consulting Unternehmen SEC-Consult hat eine kritische Sicherheitslücke in der verbreiteten Software Oracle Access Manager (OAM) entdeckt, die in vielen Umgebungen für Single-Sign-On und andere Login-Szenarios verwendet wird. CVE-Nummer: CVE-2018-2879 Auswirkungen Angreifer können sich durch Ausnutzen der Lücke mit beliebigen Accounts (auch --------------------------------------------- http://www.cert.at/warnings/all/20180503.html ∗∗∗ Docker für Windows: Microsoft patcht Go-Bibliothek hcsshim ∗∗∗ --------------------------------------------- Wer Docker zur Containervirtualisierung unter Windows nutzt oder selbst Go-Programme entwickelt, sollte dringend die Aktualität des "Windows Host Compute Service Shim" (hcsshim)-Packages auf seinem System überprüfen. --------------------------------------------- https://heise.de/-4040139 ∗∗∗ SSA-546832 (Last Update: 2018-05-03): Vulnerabilities in Medium Voltage SINAMICS Products ∗∗∗ --------------------------------------------- The latest updates for medium voltage SINAMICS products fix two security vulnerabilities that could allow an attacker to cause a Denial-of-Service condition either via specially crafted PROFINET DCP broadcast packets or by sending specially crafted packets to port 161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf ∗∗∗ SSA-468514 (Last Update: 2018-05-03): Improper Certificate Validation Vulnerability in Siveillance VMS Video Mobile App for Android and iOS ∗∗∗ --------------------------------------------- The latest update for the Siveillance VMS Video mobile app for Android and iOS fixes a security vulnerability that could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. Precondition for this scenario is that an attacker is able to intercept the communication channel between the affected app and a server, and is also able to generate a certificate that results for the validation algorithm in --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-468514.pdf ∗∗∗ SSA-457058 (Last Update: 2018-05-03): .NET Security Vulnerability in Siveillance VMS ∗∗∗ --------------------------------------------- Siemens has released software updates for Siveillance VMS which fix a security vulnerability with the .NET Remoting deserialization that could allow elevation of privileges and/or causing a Denial-of-Service, if affected ports are exposed. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf ∗∗∗ HPESBHF03841 rev.1 - Certain HPE Servers with AMD-based Processors, Multiple Vulnerabilities (Fallout/Masterkey) ∗∗∗ --------------------------------------------- Several HPE servers that use AMD processors are vulnerable to security defects (Fallout/Masterkey) which allow local unauthorized elevation of privilege, unauthorized modification of information, unauthorized disclosure of information, and Denial of Service. --------------------------------------------- https://support.hpe.com/hpsc/doc/public /display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, java-1.8.0-openjdk, librelp, patch, and python-paramiko), Debian (kernel and quassel), Gentoo (chromium, hesiod, and python), openSUSE (corosync, dovecot22, libraw, patch, and squid), Oracle (java-1.7.0-openjdk), Red Hat (go-toolset-7 and go-toolset-7-golang, java-1.7.0-openjdk, and rh-php70-php), and SUSE (corosync and patch). --------------------------------------------- https://lwn.net/Articles/753457/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK IBM Rational Software Architect and Rational Software Architect for WebSphere Software. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015990 ∗∗∗ IBM Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2017-1743) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013601 ∗∗∗ IBM Security Bulletin: Jnuary 2017 OpenSSL Vulnerabilities affect Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012311 ∗∗∗ IBM Security Bulletin: ISC DHCP vulnerability affects TS4500 Tape Library (CVE-2018-5732) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012247 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.05.2018
by Daily end-of-shift report 02 May '18

02 May '18

===================== = End-of-Day report = ===================== Timeframe: Montag 30-04-2018 18:00 − Mittwoch 02-05-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Millionen Autos von Volkswagen und Audi können gehackt werden ∗∗∗ --------------------------------------------- Zwei Sicherheitsforscher haben eine Sicherheitslücke entdeckt, die zahlreiche populäre Fahrzeuge betrifft. --------------------------------------------- https://futurezone.at/digital-life/millionen-autos-von-volkswagen-und-audi-… ∗∗∗ Security baseline for Windows 10 “April 2018 Update” (v1803) – FINAL ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 “April 2018 Update,” also known as version 1803, “Redstone 4,” or RS4. Download the .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2018/04/30/security-baseline-f… ∗∗∗ 7-Zip: From Uninitialized Memory to Remote Code Execution ∗∗∗ --------------------------------------------- After my previous post on the 7-Zip bugs CVE-2017-17969 and CVE-2018-5996, I continued to spend time on analyzing antivirus software. As it happens, I found a new bug that (as the last two bugs) .. --------------------------------------------- https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-e… ∗∗∗ Jetzt absichern! Oracle WebLogic Server im Visier von Angreifern ∗∗∗ --------------------------------------------- Sicherheitsforscher beobachten vermehrt Scans nach verwundbaren WebLogic Servern. Updates stehen bereit – Angreifer sollen den Schutz jedoch umgehen können. --------------------------------------------- https://www.heise.de/meldung/Jetzt-absichern-Oracle-WebLogic-Server-im-Visi… ∗∗∗ Windows 10 1803 ohne Microcode-Updates gegen Spectre V2 ∗∗∗ --------------------------------------------- Die Installation des Windows 10 April 2018 Update verdrängt Microcode-Updates für Intel-Prozessoren aus dem Update KB4090007, die vor der Sicherheitslücke Spectre V2 schützen - man braucht also wieder BIOS-Updates. --------------------------------------------- https://www.heise.de/meldung/Windows-10-1803-ohne-Microcode-Updates-gegen-S… ∗∗∗ Spammer missbrauchen ungefilterte Redirects in Google Maps ∗∗∗ --------------------------------------------- Kriminelle nutzen Googles Online-Kartendienst Maps, um Opfer mittels offener Redirects auf gefährliche Irrwege zu führen. Das Unternehmen weiß um das Problem, scheint aber bislang keinen Handlungsbedarf zu sehen. --------------------------------------------- https://www.heise.de/meldung/Spammer-missbrauchen-ungefilterte-Redirects-in… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (cups-filters, ghostscript, glusterfs, PackageKit, qpdf, and xen), Mageia (anki, libofx, ming, sox, webkit2, and xdg-user-dirs), Oracle (corosync, java-1.7.0-openjdk, and pcs), Red Hat (java-1.7.0-openjdk), Scientific Linux (corosync, firefox, gcc, glibc, golang, java-1.7.0-openjdk, java-1.8.0-openjdk, .. --------------------------------------------- https://lwn.net/Articles/753257/ ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: CA20180501-01: Security Notice for CA Spectrum ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541977 ∗∗∗ Vuln: PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104020 ∗∗∗ Security Advisory - Two Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL component shipped with IBM Rational ClearCase (CVE-2018-1000005, CVE-2018-1000007) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014495 ∗∗∗ IBM Security Bulletin: API Connect is affected by an information leakage vulnerability (CVE-2018-1468) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015968 ∗∗∗ IBM SECURITY BULLETIN: Multiple vulnerabilities in IBM Java Runtime affect IBM QRadar SIEM. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015825 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.04.2018
by Daily end-of-shift report 30 Apr '18

30 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 27-04-2018 18:00 − Montag 30-04-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Issue with BitLocker/DMA setting in Windows 10 “Fall Creators Update” (v1709) ∗∗∗ --------------------------------------------- Update, 27 April 2018: The problem described in this post has been fixed in the April 2018 quality update. Customers that deployed Microsoft’s security baseline for Windows 10 v1709 might have experienced device and component failures. The .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2018/01/18/issue-with-bitlocke… ∗∗∗ FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation ∗∗∗ --------------------------------------------- Our Cyber Safety Solutions team identified a malicious Chrome extension we named FacexWorm, which uses a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and .. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targe… ∗∗∗ Please don’t buy this: smart toys ∗∗∗ --------------------------------------------- Smart toys attempt to offer what a lot of us imagined as kids—a toy that we can not only play with, but one that plays back. Many models offer voice recognition, facial expressions, hundreds of words and phrases, reaction to touch and impact, and even the ability to learn and retain new information. These .. --------------------------------------------- https://blog.malwarebytes.com/security-world/2018/04/please-dont-buy-smart-… ∗∗∗ Bundesheer-Hacker nahmen an Nato-Übung teil ∗∗∗ --------------------------------------------- In Tallinn wurde geprobt, wie Cyberangriffe abgewehrt werden können --------------------------------------------- http://derstandard.at/2000078919316 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4181 roundcube - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4181 ∗∗∗ DSA-4182 chromium-browser - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4182 ∗∗∗ DSA-4186 gunicorn - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4186 ∗∗∗ DSA-4185 openjdk-8 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4185 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.04.2018
by Daily end-of-shift report 27 Apr '18

27 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 26-04-2018 18:00 − Freitag 27-04-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ PyRoMine Uses NSA Exploit for Monero Mining and Backdoors ∗∗∗ --------------------------------------------- Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks. --------------------------------------------- http://threatpost.com/pyromine-uses-nsa-exploit-for-monero-mining-and-backd… ∗∗∗ Analysis of a Malicious Blackhat SEO Script ∗∗∗ --------------------------------------------- An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+ websites and identified that 44% of all website infection cases were misused for SEO spam campaigns. Once a website has been compromised, attackers often use it to distribute malware, host phishing .. --------------------------------------------- https://blog.sucuri.net/2018/04/analysis-of-a-malicious-blackhat-seo-script… ∗∗∗ GravityRAT malware takes your systems temperature ∗∗∗ --------------------------------------------- The GravityRAT malware, discovered by Cisco Talos researchers, gives some interesting insight .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/04/gravityrat-malware-takes-you… ∗∗∗ Phishing für Anspruchsvolle: [A]pache-Kit klont beliebte Online-Shops ∗∗∗ --------------------------------------------- Mitarbeiter des Sicherheitssoftware-Herstellers Check Point haben ein brasilianisches Phishing-Kit unter die Lupe genommen, das zum Abgreifen von Adress- und Kreditkartendaten voll funktionsfähige Marken-Shops imitiert. --------------------------------------------- https://www.heise.de/meldung/Phishing-fuer-Anspruchsvolle-A-pache-Kit-klont… ∗∗∗ Achtung vor Datendiebstahl auf Kleinanzeigenportalen! ∗∗∗ --------------------------------------------- Kleinanzeigenportale bieten eine hervorragende Möglichkeit Altes zu Geld zu machen oder das ein oder andere Schnäppchen abzustauben. Die Marktplätze erfreuen sich daher großer Beliebtheit, doch .. --------------------------------------------- http://www.watchlist-internet.at/index.php?id=71&tx_news_pi1[news]=3065&tx_… ===================== = Vulnerabilities = ===================== ∗∗∗ Delta Electronics PMSoft ∗∗∗ --------------------------------------------- This advisory includes mitigations for multiple stack-based overflow vulnerabilities in Delta Electronics PMSoft, a software development tool. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-116-01 ∗∗∗ WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" contains a cross-site scripting vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN08386386/ ∗∗∗ WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- The WordPress plugin "WP Google Map Plugin" contains a cross-site scripting vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN01040170/ ∗∗∗ WordPress plugin "Events Manager" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- The WordPress plugin "Events Manager" contains a cross-site scripting vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN85531148/ ∗∗∗ Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.04.2018
by Daily end-of-shift report 26 Apr '18

26 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-04-2018 18:00 − Donnerstag 26-04-2018 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Core-i-Prozessoren: Microsoft liefert Spectre-Schutz für Haswell und Broadwell ∗∗∗ --------------------------------------------- Microsoft erweitert die Auslieferung von Spectre-Updates auf Prozessoren der Haswell- und Broadwell-Serien. Das Update ist optional und muss manuell heruntergeladen werden. Viele Nutzer werden von ihren Mainboardherstellern keine Updates mehr bekommen. --------------------------------------------- https://www.golem.de/news/core-i-prozessoren-microsoft-liefert-spectre-schu… ∗∗∗ DDoS attacks in Q1 2018 ∗∗∗ --------------------------------------------- In Q1 2018, we observed a significant increase in both the total number and duration of DDoS attacks against Q4 2017. The new Linux-based botnets Darkai (a Mirai clone) and AESDDoS are largely responsible for this hike. --------------------------------------------- http://securelist.com/ddos-report-in-q1-2018/85373/ ∗∗∗ Mac-Malware will sich per Konfigurationsprofil einnisten ∗∗∗ --------------------------------------------- Eine neue Variante des Schädlings “Crossrider” manipuliert die Einstellungen, um auch eine manuelle Entfernung der Adware durch den Nutzer zu überdauern, warnt eine Sicherheitsfirma. --------------------------------------------- https://heise.de/-4034258 ∗∗∗ Server-Verwaltung: Erpressungstrojaner hat es auf HPE iLo abgesehen ∗∗∗ --------------------------------------------- Aufgrund von Attacken sollten Server-Admins, die auf die Management-Software Integrated Lights-out 4 (iLO 4) von HPE setzen, prüfen, ob ihre Geräte auf dem aktuellen Stand sind und ob der Fernzugriff aktiviert ist. --------------------------------------------- https://heise.de/-4035630 ∗∗∗ "Mılka" statt "Milka": Neue Fake-Gewinnspiele auf Whatsapp im Umlauf ∗∗∗ --------------------------------------------- Betrügerische Nachrichten enthalten täuschend echt wirkende Links --------------------------------------------- http://derstandard.at/2000078631245 ∗∗∗ Achtung vor Datendiebstahl auf Kleinanzeigenportalen! ∗∗∗ --------------------------------------------- Die Marktplätze erfreuen sich daher großer Beliebtheit, doch bei der Nutzung dieser Plattformen ist auch Vorsicht geboten. Kriminelle betreiben hier nämlich systematischen Daten- und Identitätsdiebstahl. Nutzer und Nutzerinnen müssen daher gut darüber nachdenken, welche Daten sie über das Internet an unbekannte Personen preisgeben und sollten keine Fotos diverser Ausweisdokumente versenden. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-datendiebstahl-auf-klein… ===================== = Vulnerabilities = ===================== ∗∗∗ Hyperoptics ZTE-made 1Gbps routers had hyper-hardcoded hyper-root hyper-password ∗∗∗ --------------------------------------------- Firmware updates pushed out to up to 400,000 subscribers A security vulnerability has been found in Brit broadband biz Hyperoptics home routers that exposes tens of thousands of its subscribers to hackers.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/04/26/hyperoptics… ∗∗∗ JSON API - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2018-021 ∗∗∗ --------------------------------------------- This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't provide CSRF protection when processing authenticated traffic using cookie-based authentication. This vulnerability is mitigated by the fact that an attacker must be allowed to create or modify entities of a certain type, and a very specific and uncommon CORS configuration that allows all other pre-checks to be skipped. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-021 ∗∗∗ Media - Critical - Remote Code Execution - SA-CONTRIB-2018-020 ∗∗∗ --------------------------------------------- The Media module provides an extensible framework for managing files and multimedia assets, regardless of whether they are hosted on your own site or a third party site. The module contained a vulnerability similar to SA-CORE-2018-004, leading to a possible remote code execution (RCE) attack. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-020 ∗∗∗ PHP: Mehrere Schwachstellen ermöglichen u.a. Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe. Eine dieser Schwachstellen ermöglicht dem Angreifer einen kompletten Denial-of-Service-Zustand zu bewirken. Eine weitere Schwachstelle ermöglicht dem Angreifer einen Cross-Site-Scripting (XSS)-Angriff. Die offiziellen Releases zur Behebung der Schwachstellen sind PHP 7.2.5, 7.1.17, 7.0.30 und vermutlich 5.6.36 (noch nicht verfügbar). Nähere Informationen zu den genannten Schwachstellen und weiteren Bugs finden sich in den zugehörigen ChangeLogs. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-0789/ ∗∗∗ Kritische Sicherheitslücke in Drupal - aktiv ausgenützt - Updates verfügbar ∗∗∗ --------------------------------------------- In der verbreiteten CMS-Software Drupal ist eine kritische Sicherheitslücke entdeckt worden. Durch Ausnutzung dieses Fehlers kann auf betroffenen Systemen beliebiger Code (mit den Rechten des Webserver-Users) ausgeführt werden. CVE-Nummer: CVE-2018-7602 --------------------------------------------- http://www.cert.at/warnings/all/20180426.html ∗∗∗ IE Zero-Day “double kill” And Its First In-The-Wild Attack Found By 360 ∗∗∗ --------------------------------------------- Recently, 360 Security Center discovered an attack that used IE 0-day vulnerability. After analysis, we found that it is the first APT(Advanced Persistent Threat) campaign that forms its attack with an Office document embedding a newly discovered Internet Explorer 0-day exploit. As soon as anyone opens the malicious document, they get infected and give away control of their computers. --------------------------------------------- https://blog.360totalsecurity.com/en/ie-zero-day-double-kill-first-wild-att… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7, gcc-4.9-backport, ghostscript, and openslp-dfsg), Fedora (anki, composer, perl, and perl-Module-CoreList), Red Hat (kernel and rh-mysql56-mysql), and SUSE (kernel, kvm, and zsh). --------------------------------------------- https://lwn.net/Articles/752860/ ∗∗∗ IBM Security Bulletin: IBM Campaign Contains Client-side Vulnerability (CVE-2017-1116) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015569 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022561 ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-1471, CVE-2018-1473, CVE-2018-1479, CVE-2018-1475) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015754 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affect eDiscovery Analyzer ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014443 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015258 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect eDiscovery Analyzer ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012865 ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by OpenSSH vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011165 ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM WebSphere Application Server affects Rational Reporting for Development Intelligence (CVE-2017-1681) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015667 ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM WebSphere Application Server affects Rational Insight (CVE-2017-1681) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015668 ∗∗∗ IBM Security Bulletin: Open Source XStream Vulnerabilities Impact on IBM Campaign (CVE-2017-7957) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015573 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.04.2018
by Daily end-of-shift report 25 Apr '18

25 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-04-2018 18:00 − Mittwoch 25-04-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ MikroTik Patches Zero-Day Flaw Under Attack in Record Time ∗∗∗ --------------------------------------------- MikroTik has released firmware patches for RouterOS, the operating system that ships with some of its routers. The patches fix a zero-day vulnerability exploited in the wild. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mikrotik-patches-zero-day-fl… ∗∗∗ Austria Cyber Security Challenge 2018 ∗∗∗ --------------------------------------------- Austria Cyber Security Challenge 201825. April 2018Auch heuer wieder gibt es eine Cyber Security Challenge. Wir von CERT.at halten das für eine gute Geschichte und daher auch von uns der Aufruf an Jung und (heuer neu!) Alt, hier mitzumachen.Es folgt der Meldung der Veranstalter:Die Besten Nachwuchs-Hacker Österreichs - und jene die es .. --------------------------------------------- http://www.cert.at/services/blog/20180425145422-2192.html ∗∗∗ BGP leaks and cryptocurrencies ∗∗∗ --------------------------------------------- Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak. --------------------------------------------- https://blog.cloudflare.com/bgp-leaks-and-crypto-currencies/ ∗∗∗ Ving Card: Sicherheitslücke in Millionen Hoteltüren gefunden ∗∗∗ --------------------------------------------- Sicherheitsforschern ist es gelungen, einen Generalschlüssel zu erstellen, mit dem alle Türen eines Hotels geöffnet werden können. Weltweit sollen über eine Million Türen betroffen sein, ein Patch steht beriet. --------------------------------------------- https://www.golem.de/news/ving-card-sicherheitsluecke-in-millionen-hoteltue… ∗∗∗ Separate ransomware attacks hit Ukraine and Canada ∗∗∗ --------------------------------------------- Two widely separated ransomware attacks against the Ukrainian energy ministry and the provincial government of Canadas Prince Edward Island (PEI) have knocked each agencies primary website offline. --------------------------------------------- https://www.scmagazine.com/separate-ransomware-attacks-hit-ukraine-and-cana… ∗∗∗ Steps to Keep Your Site Clean: Updates ∗∗∗ --------------------------------------------- This is the second post of a series about Steps to Keep Your Site Clean. In the first post, we talked about Access Points; here we are going to offer more insight on Updates. Updates Repeatedly we see websites being infected or reinfected when important security updates are not taken seriously. Most software updates are created due to a security breach .. --------------------------------------------- https://blog.sucuri.net/2018/04/steps-to-keep-your-site-clean-updates.html ∗∗∗ Sicherheits- und Bugfix-Updates für iPhone, iPad und Mac ∗∗∗ --------------------------------------------- Apple hat am Dienstagabend iOS 11.3.1 und das Security Update 2018-001 für macOS High Sierra 10.13.4 veröffentlicht, die teils kritische Fehler beheben. Einen neuen Build von Safari 11.1 gibts obendrein. --------------------------------------------- https://www.heise.de/meldung/Sicherheits-und-Bugfix-Updates-fuer-iPhone-iPa… ∗∗∗ Angriffe auf Drupal-Webseiten: Erneut äußerst wichtige Sicherheitsupdates im Anflug ∗∗∗ --------------------------------------------- Admins von Drupal-Webseiten müssen erneut Hand anlegen: Die Entwickler haben Updates angekündigt, um eine kritische Sicherheitslücke zu schließen. --------------------------------------------- https://www.heise.de/meldung/Angriffe-auf-Drupal-Webseiten-Erneut-aeusserst… ∗∗∗ Europol: Weltweit größter Marktplatz für DDoS-Attacken vom Netz genommen ∗∗∗ --------------------------------------------- Europäischen Strafverfolgern ist es in einer koordinierten Aktion gelungen, die Drahtzieher des angeblich größten Onlinemarkts für DDoS-Attacken festzunehmen. Der Marktplatz selbst wurde vom Netz genommen. Infrastruktur fand sich auch in Deutschland. --------------------------------------------- https://www.heise.de/meldung/Europol-Weltweit-groesster-Marktplatz-fuer-DDo… ∗∗∗ Vier von fünf heimischen Online-Shops von Betrug betroffen ∗∗∗ --------------------------------------------- Identitätsdiebstahl und Zahlungsunfähigkeit als häufigste Betrugsform in Österreich --------------------------------------------- http://derstandard.at/2000078615586 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4179 linux-tools - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4179 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.04.2018
by Daily end-of-shift report 24 Apr '18

24 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Montag 23-04-2018 18:00 − Dienstag 24-04-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mobilfunk: Was 5G im Bereich Security bringt ∗∗∗ --------------------------------------------- In 5G-Netzwerken werden Sim-Karten für einige Anwendungsbereiche optional, das Roaming wird für Netzbetreiber nachvollziehbarer und sicherer. Außerdem verschwinden die alten Signalisierungsprotokolle. Golem.de hat mit einem Experten über Sicherheitsmaßnahmen im kommenden 5G-Netzwerk gesprochen. --------------------------------------------- https://www.golem.de/news/mobilfunk-was-5g-im-bereich-security-bringt-1804-… ∗∗∗ Atlanta Spent $2.6M to Recover From $52,000 Ransomware Scare ∗∗∗ --------------------------------------------- Whether to pay ransomware is a complicated—and costly—calculation. --------------------------------------------- https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare ∗∗∗ Veröffentlichter Boot-Exploit knackt alle Nintendo-Switch-Konsolen ∗∗∗ --------------------------------------------- Mehrere Hacker-Gruppen zeigen, wie sie in Nintendos Switch einsteigen und beispielsweise Linux mit offensichtlich vollem Hardwarezugriff auf der Spielkonsole laufen lassen. --------------------------------------------- https://www.heise.de/meldung/Veroeffentlichter-Boot-Exploit-knackt-alle-Nin… ∗∗∗ Fake-Support per Telefon: Microsoft meldet Zunahme von Betrugsfällen ∗∗∗ --------------------------------------------- Offenbar ist es ein lohnendes Geschäft, sich als angeblicher Windows-Support-Mitarbeiter Remote-Zugriff auf fremde Rechner zu verschaffen: Jüngst veröffentlichte Zahlen dokumentieren eine starke Zunahme von "Tech Support Scam" im Jahr 2017. --------------------------------------------- https://www.heise.de/meldung/Fake-Support-per-Telefon-Microsoft-meldet-Zuna… ∗∗∗ Cryptomining Campaign Returns Coal and Not Diamond ∗∗∗ --------------------------------------------- Executive summarySoon after a launch of a new cryptocurrency, Bitvote, in January, Talos discovered a new mining campaign affecting systems in India, Indonesia, Vietnam and several other countries that were tied to Bitvote. Apart from the fact that the attackers have chosen to target the new bitcoin fork in order to gain the early adoption advantage, this .. --------------------------------------------- http://feedproxy.google.com/~r/feedburner/Talos/~3/5RBkUbicJr4/cryptomining… ∗∗∗ Sednit update: Analysis of Zebrocy ∗∗∗ --------------------------------------------- Zebrocy heavily used by the Sednit group over last two years The post Sednit update: Analysis of Zebrocy appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy ∗∗∗ Angebliche Sicherheits-App der Erste Bank und Sparkasse ist schädlich! ∗∗∗ --------------------------------------------- Betrüger fälschen eine Erste Bank und Sparkasse-Nachricht und versenden diese massenhaft. In der Nachricht wird behauptet, dass das Bankkonto des/der Empfänger/in eingeschränkt werden musste und zur weiteren Nutzung die Installation einer Sicherheits-App nötig sei. Doch Vorsicht: es handelt sich bei der E-Mail um Phishing und .. --------------------------------------------- https://www.watchlist-internet.at/news/angebliche-sicherheits-app-der-erste… ∗∗∗ Drupal 7 and 8 core critical release on April 25th, 2018 PSA-2018-003 ∗∗∗ --------------------------------------------- There will be a security release of Drupal 7.x, 8.4.x, and 8.5.x on April 25th, 2018 between 16:00 - 18:00 UTC. This PSA is to notify that the Drupal core release is outside of the regular schedule of security releases. For all security updates, the Drupal Security Team urges you to reserve time for core updates at that time because there is some risk .. --------------------------------------------- https://www.drupal.org/psa-2018-003 ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Adaptive Security Appliance Flow Creation Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100 percent utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect handling of an internal software .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Wireless LAN Controller Default Simple Network Management Protocol Community Strings ∗∗∗ --------------------------------------------- With new installations of Cisco Wireless LAN Controller Software, the installation scripts create default communities for Simple Network Management Protocol (SNMP) Version 2 (SNMPv2) and a default username for SNMP Version 3 (SNMPv3), both allowing for read and write access. As documented in the Cisco Wireless LAN Controller Configuration Best Practices .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Reflected Cross-Site Scripting in Zyxel Zywall ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/reflected-cross-site-scripti… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.04.2018
by Daily end-of-shift report 23 Apr '18

23 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 20-04-2018 18:00 − Montag 23-04-2018 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Datenleck bei Sicherheitskonferenz ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in der App zur RSA Sicherheitskonferenz ermöglichte es, die Namen von Konferenzteilnehmern auszulesen. --------------------------------------------- https://futurezone.at/digital-life/datenleck-bei-sicherheitskonferenz/40002… ∗∗∗ UMCI: Project Zero veröffentlicht Windows-10-Sicherheitslücke ∗∗∗ --------------------------------------------- Wieder einmal haben sich Google und Microsoft über die Veröffentlichung einer Sicherheitslücke gestritten. Der Fehler in .Net ermöglicht es einem Angreifer, trotz enger Beschränkungen Code unter Windows 10 S oder auf UMCI-Systemen auszuführen. (Project Zero, Google) --------------------------------------------- https://www.golem.de/news/umci-project-zero-veroeffentlicht-windows-10-sich… ∗∗∗ Chinese web giant finds Windows zero-day, stays shtum on specifics ∗∗∗ --------------------------------------------- Quihoo 360 plays the responsible disclosure game Chinese company Quihoo 360 says its found a Windows zero-day in the wild, but because its notified Microsoft, its not telling anyone else how it works. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/04/23/quihoo_360_… ∗∗∗ Monero-Mining RETADUP Worm Goes Polymorphic, Gets an AutoHotKey Variant ∗∗∗ --------------------------------------------- We came across a new version of a cryptocurrency-mining RETADUP worm (detected by Trend Micro as WORM_RETADUP.G) through feedback from our managed detection and response-related monitoring. This new variant is coded in AutoHotKey, an open-source scripting language used in Windows for creating hotkeys (i.e., keyboard shortcuts, macros, software automation). AutoHotKey is relatively similar to the script automation utility AutoIt, from which RETADUP’s earlier variants were based on and used [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/3PgT2t0-HwE/ ∗∗∗ Loading Kernel Shellcode ∗∗∗ --------------------------------------------- In the wake of recent hacking tool dumps, the FLARE team saw a spike in malware samples detonating kernel shellcode. Although most samples can be analyzed statically, the FLARE team sometimes debugs these samples to confirm specific functionality. Debugging can be an efficient way to get around packing or obfuscation and quickly identify the structures, system routines, and processes that a kernel shellcode sample is accessing. This post begins a series centered on kernel software analysis, and [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2018/04/loading-kernel-shellcod… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gunicorn, libreoffice, libsdl2-image, ruby1.8, and ruby1.9.1), Fedora (java-1.8.0-openjdk, jgraphx, memcached, nghttp2, perl, perl-Module-CoreList, and roundcubemail), Gentoo (clamav, librelp, mbedtls, quagga, tenshi, and unadf), Mageia (freeplane, libcdio, libtiff, thunderbird, and zsh), openSUSE (cfitsio, chromium, mbedtls, and nextcloud), and Red Hat (chromium-browser, kernel, and rh-perl524-perl). --------------------------------------------- https://lwn.net/Articles/752544/ ∗∗∗ FortiClient insecure VPN credential storage and encryption ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-214 ∗∗∗ IBM Security Bulletin: IBM Content Manager Enterprise Edition Resource Manager is affected by a Remote Code Execution Cross-site Scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/support/docview.wss?uid=swg22014917 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affect IBM Cloud Application Performance Management Private 8.1.4. and IBM Cloud Application Performance Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015278 ∗∗∗ Multiple Stored XSS Vulnerabilities in WSO2 Carbon and WSO2 Dashboard Server ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-stored-xss-vulnerab… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.04.2018
by Daily end-of-shift report 20 Apr '18

20 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 19-04-2018 18:00 − Freitag 20-04-2018 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Patschn am Patscherkofel ∗∗∗ --------------------------------------------- Nachdem einige Medien über einen Vorfall berichten, bei dem auch wir involviert waren, will ich hier ein paar Fakten klarstellen: Wir bekommen immer wieder von Researchern - und da ist die "Internetwache" nur einer unter vielen - Hinweise zu konkreten Sicherheitsproblemen im österreichischen Internet. Unsere Rolle hier ist, diese Meldungen (auf Wunsch anonymisiert) an die Betroffenen weiterzuleiten und dort für die entsprechende [...] --------------------------------------------- http://www.cert.at/services/blog/20180420131015-2180.html ∗∗∗ Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training ∗∗∗ --------------------------------------------- Booz Allen survey shows most organizations' answer to the security skills shortage may be unsustainable. --------------------------------------------- https://www.darkreading.com/careers-and-people/firms-more-likely-to-tempt-s… ∗∗∗ First Public Demo of Data Breach via IoT Hack Comes to RSAC ∗∗∗ --------------------------------------------- At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools. --------------------------------------------- https://www.darkreading.com/vulnerabilities---threats/first-public-demo-of-… ∗∗∗ Doctor Web: a Trojan on Google Play subscribes users to paid services ∗∗∗ --------------------------------------------- April 16, 2018 Doctor Web virus analysts have detected a Trojan Android.Click.245.origin on Google Play. When ordered by cybercriminals, it loads websites where users are tricked into subscribing to paid content services. In some cases the subscription is executed automatically when users click on a fake "download program" button. Cybercriminals distributed Android.Click.245.origin on behalf of developer Roman Zencov and disguised the Trojan as popular applications. --------------------------------------------- https://news.drweb.com/show/?i=12540&lng=en&c=9 ∗∗∗ Introducing Windows Defender System Guard runtime attestation ∗∗∗ --------------------------------------------- At Microsoft, we want users to be in control of their devices, including knowing the security health of these devices. If important security features should fail, users should be aware. Windows Defender System Guard runtime attestation, a new Windows platform security technology, fills this need. In Windows 10 Fall Creators Update, we reorganized all system [...] --------------------------------------------- https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-win… ∗∗∗ NCSC publishes factsheet on considerations and preconditions for the deployment of TLS interception ∗∗∗ --------------------------------------------- TLS interception makes encrypted connections within the network of an organisation accessible for inspection. The use of this technical measure should be carefully considered in the light of additional risks and should meet a number of important preconditions. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/ncsc-publishes-factsheet-on… ∗∗∗ Botnet Muhstik is Actively Exploiting Drupal CVE-2018-7600 in a Worm Style ∗∗∗ --------------------------------------------- On March 28, 2018, drupal released a patch for CVE-2018-7600. Drupal is an open-source content management system written in PHP, quite popular in many sites to provide web service. This vulnerability exists in multiple drupal versions, which may be exploited by an attacker to take full control of the target. --------------------------------------------- http://blog.netlab.360.com/botnet-muhstik-is-actively-exploiting-drupal-cve… ∗∗∗ XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing ∗∗∗ --------------------------------------------- We have been detecting a new wave of network attacks since early March, which, for now, are targeting Japan, Korea, China, Taiwan, and Hong Kong. The attacks use Domain Name System (DNS) cache poisoning/DNS spoofing, possibly through infringement techniques such as brute-force or dictionary attacks, to distribute and install malicious Android apps. Trend Micro detects these as ANDROIDOS_XLOADER.HRX. These malware pose as legitimate Facebook or Chrome applications. They are distributed from [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/a9ANfAHCd0c/ ∗∗∗ iPhone-Unlock-Tool GrayKey: Apple streicht Gegenmittel aus iOS 11.3 ∗∗∗ --------------------------------------------- iOS 11.3 sollte es eigentlich schwerer machen, iPhone-Daten über eine Kabelverbindung auszulesen. Die wichtige Sicherheitsfunktion fehlt jedoch in der finalen Fassung, sodass sich Entsperr-Tools wie GrayKey offenbar weiter ungehindert einsetzen lassen. --------------------------------------------- https://www.heise.de/-4027793 ∗∗∗ Android: Google Safe Browsing schützt nun auch WebView in Apps ∗∗∗ --------------------------------------------- Google Safe Browsing schützt Chrome-Nutzer vor schädlichen Webseiten, Malware und Phishing-Attacken. Künftig ist der Schutzmechanismus auch in Android-WebView standardmäßig aktiv. --------------------------------------------- https://www.heise.de/-4028504 ∗∗∗ When BEC scammers specialize ∗∗∗ --------------------------------------------- A group of BEC scammers has been focusing its efforts on the global maritime shipping industry, compromising emails accounts and attempting to trick targets into delivering considerable sums to bank accounts set up by the group. Secureworks researchers have been tracking the group's activities for quite a while and have been warning the targets. They estimate that between June 2017 and January 2018, the scammers attempted to steal a minimum of $3.9 million U.S. dollars [...] --------------------------------------------- https://www.helpnetsecurity.com/2018/04/20/bec-scammers-specialize/ ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIMATIC WinCC OA Operator IOS App ∗∗∗ --------------------------------------------- This advisory includes mitigations for a file and directory information exposure vulnerability identified in the Siemens WinCC OA iOS App. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-109-01 ∗∗∗ Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Login screen of the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ VMSA-2018-0010 ∗∗∗ --------------------------------------------- Horizon DaaS update addresses a broken authentication issue --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0010.html ∗∗∗ Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader ∗∗∗ --------------------------------------------- Talos is disclosing five vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular free program for viewing, creating, and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely used browser plugin available. Update to the current version of Foxit PDF Reader. --------------------------------------------- https://blog.talosintelligence.com/2018/04/multiple-vulns-foxit-pdf-reader.… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libreoffice and mysql-5.5), Fedora (corosync), Oracle (java-1.8.0-openjdk), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk), and Ubuntu (openssl). --------------------------------------------- https://lwn.net/Articles/752405/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.04.2018
by Daily end-of-shift report 19 Apr '18

19 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 18-04-2018 18:00 − Donnerstag 19-04-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Data Firm Left Profiles of 48 Million Users on a Publicly Accessible AWS Server ∗∗∗ --------------------------------------------- LocalBlox, a company that scrapes data from public web profiles, has left the details of over 48 million users on a publicly accessible Amazon Web Services (AWS) S3 bucket, according to an UpGuard security researcher who discovered the data on February 28, this year. --------------------------------------------- https://www.bleepingcomputer.com/news/security/data-firm-left-profiles-of-4… ∗∗∗ Relieve Stress Paint Tool: Mal-Malware kopiert Facebook-Zugangsdaten ∗∗∗ --------------------------------------------- Eine Malware tarnt sich mit gefälschten Unicode-Domains und sucht gezielt nach Facebook-Zugangsdaten. Nutzern wird hingegen ein Anti-Stress-Malprogramm versprochen. (Malware, Virus) --------------------------------------------- https://www.golem.de/news/relieve-stress-paint-tool-mal-malware-kopiert-fac… ∗∗∗ Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege ∗∗∗ --------------------------------------------- Previously I presented a technique to exploit arbitrary directory creation vulnerabilities on Windows to give you read access to any file on the system. In the upcoming Spring Creators Update (RS4) the abuse of mount points to link to files as I exploited in the previous blog post has been remediated. This is an example of a long term security benefit from detailing how vulnerabilities might be exploited, giving a developer an incentive to find ways of [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-… ∗∗∗ Trustjacking exploit abuses iTunes feature to spy on iOS devices ∗∗∗ --------------------------------------------- Researchers presenting at RSA 2018 on Wednesday disclosed how attackers can gain persistent remote control over iOS devices by abusing a weakness in iTunes Wi-Fi sync, a feature that allows users to sync up iTunes content and data between Apple devices. --------------------------------------------- https://www.scmagazine.com/trustjacking-exploit-abuses-itunes-feature-to-sp… ∗∗∗ From Baidu to Google's Open Redirects ∗∗∗ --------------------------------------------- Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam pages. It didn't last long. Soon after the publication of that article, the bad actors changed the links to use compromised third-party sites and a couple of day later they began using Google's goo.gl URL shortening service. This is a snippet from their decoded script: The Redirect Chain If you check Google's own information about that [...] --------------------------------------------- https://blog.sucuri.net/2018/04/from-baidu-to-googles-open-redirects.html ∗∗∗ Surprise! Wireless brain implants are not secure, and can be hijacked to kill you or steal thoughts ∗∗∗ --------------------------------------------- Science-fiction horror trope now a reality in 2018 Scientists in Belgium have tested the security of a wireless brain implant called a neurostimulator – and found that its unprotected signals can be hacked with off-the-shelf equipment. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/04/18/boffins_bre… ∗∗∗ New paper: Powering the distribution of Tesla stealer with PowerShell and VBA macros ∗∗∗ --------------------------------------------- Since their return four years ago, Office macros have been one of the most common ways to spread malware. Today, we publish a research paper which looks in detail at a campaign in which VBA macros are used to execute PowerShell code, which in turn downloads the Tesla information-stealing trojan. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/04/new-paper-powering-distribut… ∗∗∗ Microsoft veröffentlicht "Windows Defender" als Chrome-Erweiterung ∗∗∗ --------------------------------------------- Microsoft hat seinen Echtzeitschutz als Chrome-Erweiterung veröffentlicht: Die "Windows Defender Browser Protection" verspricht "besseren Schutz" vor betrügerischen Phishing-Seiten und Malware. --------------------------------------------- https://heise.de/-4027458 ∗∗∗ Sicherheitsupdates: Flash-Datei kann Ciscos WebEx Client kompromittieren ∗∗∗ --------------------------------------------- Cisco hat zahlreiches Patches veröffentlicht und schließt mitunter kritische Sicherheitslücken. Zudem geben sie Tipps, wie Admins Netzwerke absichern sollten. --------------------------------------------- https://www.heise.de/-4027370 ∗∗∗ Gefälschte UPC-Phishingmail im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte UPC-Nachricht. Darin erklären sie, dass das E-Mailkonto von Kund/innen gesperrt worden sei. Damit diese es weiterhin nützen können, sollen sie eine externe Website aufrufen und ihre persönlichen Zugangsdaten bekannt geben. Konsument/innen, die der Aufforderung nachkommen, übermitteln ihr UPC-Passwort an Datendiebe. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-upc-phishingmail-im-umla… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2018-003 ∗∗∗ --------------------------------------------- Project: Drupal coreDate: 2018-April-18Security risk: Moderately critical 12∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses). --------------------------------------------- https://www.drupal.org/sa-core-2018-003 ∗∗∗ Display Suite - Critical - Cross site scripting (XSS) - SA-CONTRIB-2018-019 ∗∗∗ --------------------------------------------- Project: Display SuiteVersion: 7.x-2.147.x-1.9Date: 2018-April-18Security risk: Critical 17∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross site scripting (XSS)Description: Display Suite allows you to take full control over how your content is displayed using a drag and drop interface. The module doesnt sufficiently validate view modes provided dynamically via URLs leading to a reflected cross site scripting (XSS) attack. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-019 ∗∗∗ PMASA-2018-2 ∗∗∗ --------------------------------------------- CSRF vulnerability allowing arbitrary SQL executionAffected VersionsVersion 4.8.0 is affectedCVE ID(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188, uCVE-2018-10188) --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2018-2/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (opencv and wireshark), Fedora (corosync and pcs), Oracle (firefox, kernel, libvncserver, and libvorbis), Slackware (gd), SUSE (kernel), and Ubuntu (apache2). --------------------------------------------- https://lwn.net/Articles/752324/ ∗∗∗ Cisco WebEx Connect IM Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Clients Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Shell Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Industrial Ethernet Switches Device Manager Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco ASA Software, FTD Software, and AnyConnect Secure Mobility Client SAML Authentication Session Fixation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Unix ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015077 ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by an Apache HTTP Server vulnerability (CVE-2014-0226) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015233 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server for IBM Cloud January 2018 CPU ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015289 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects Liberty for Java for IBM Cloud January 2018 CPU ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015290 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027494 ∗∗∗ IBM Security Bulletin: OpenSSL Vulnerability affects IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Unix (CVE-2017-3737) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013612 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect the GSKit component of IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015424 ∗∗∗ IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a memory leak in pubsub (CVE-2017-1786) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013023 ∗∗∗ IBM Security Bulletin: Vulnerability affects Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console and Watson Content Analytics ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011118 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015635 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Impact IBM Predictive Insights ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015539 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.04.2018
by Daily end-of-shift report 18 Apr '18

18 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 17-04-2018 18:00 − Mittwoch 18-04-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Android: Google integriert sichere DNS-Abfrage in Android P ∗∗∗ --------------------------------------------- In der kommenden Android-Version mit dem Anfangsbuchstaben P führt Google DNS over TLS ein. Damit würden DNS-Abfragen über einen sicheren Kanal erfolgen. Nutzer können in den Einstellungen auch einen eigenen Hostnamen eingeben oder die Funktion abstellen. --------------------------------------------- https://www.golem.de/news/android-google-integriert-sichere-dns-abfrage-in-… ∗∗∗ Leaking ads ∗∗∗ --------------------------------------------- We found that because of third-party SDKs many popular apps are exposing user data to the internet, with advertising SDKs usually to blame. They collect user data so they can show relehttps://www.heise.de/security/meldung/Critical-Patch-Update-Oracle-will-mit-254-Updates-die-Sicherheit-steigern-4026726.htmlvant ads, but often fail to protect that data when sending it to their servers. --------------------------------------------- http://securelist.com/leaking-ads/85239/ ∗∗∗ Malicious Activities with Google Tag Manager ∗∗∗ --------------------------------------------- If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say "yes" or even "absolutely". But when malicious behavior ensues, everything should be double-checked and suspected, even assets that come from "trusted sources" like Google, Facebook, and Youtube. In the past, we saw how adsense was abused with a malvertising campaign. Even more recently, we saw how attackers injected malware that called [...] --------------------------------------------- https://blog.sucuri.net/2018/04/malicious-activities-google-tag-manager.html ∗∗∗ Critical Patch Update: Oracle will mit 254 Updates die Sicherheit steigern ∗∗∗ --------------------------------------------- Oracle hangelt sich durch sein Software-Portfolio und schließt zum Teil äußerst kritische Sicherheitslücken. Admins sollten jetzt handeln. --------------------------------------------- https://heise.de/-4026726 ∗∗∗ Chrome 66 warnt vor Webseiten mit Symantec-Zertifikaten ∗∗∗ --------------------------------------------- Die aktuelle Version des Webbrowser Chrome vertraut ab sofort einigen TLS-Zertifikaten von Symantec nicht mehr. Das ist ein weiterer Schritt von Google gegen die Zertifizierungsstelle. --------------------------------------------- https://www.heise.de/-4026854 ∗∗∗ Erpressungstrojaner XiaoBa verwandelt sich in Krypto-Miner ∗∗∗ --------------------------------------------- Die Malware-Autoren des Verschlüsselungstrojaners XiaoBa schwenken um und wollen statt der Erpressung von Lösegeld nun Kryptogeld auf infizierten Computern schürfen. Doch dabei läuft noch nicht alles rund. --------------------------------------------- https://www.heise.de/-4026455 ∗∗∗ Cryptominers displace ransomware as the number one threat ∗∗∗ --------------------------------------------- During the first three months of 2018, cryptominers surged to the top of detected malware incidents, displacing ransomware as the number one threat, Comodo's Global Malware Report Q1 2018 has found. Another surprising finding: Altcoin Monero became the leading target for cryptominers' malware, replacing Bitcoin. The surge of cryptominers For years, Comodo Cybersecurity has tracked the rise of cryptominer attacks, malware that hijacks users' computers to mine cryptocurrencies --------------------------------------------- https://www.helpnetsecurity.com/2018/04/18/q1-2018-malware-trends/ ∗∗∗ PBot: a Python-based adware ∗∗∗ --------------------------------------------- Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot: a Python-based adware. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/04/pbot-python-based-adw… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (freeplane and jruby), Fedora (kernel and python-bleach), Gentoo (evince, gdk-pixbuf, and ncurses), openSUSE (kernel), Oracle (gcc, glibc, kernel, krb5, ntp, openssh, openssl, policycoreutils, qemu-kvm, and xdg-user-dirs), Red Hat (corosync, glusterfs, kernel, and kernel-rt), SUSE (openssl), and Ubuntu (openssl and perl). --------------------------------------------- https://lwn.net/Articles/752183/ ∗∗∗ Abbott Laboratories Defibrillator ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper authentication and improper restriction of power consumption vulnerabilities identified in Abbott Laboratories defibrillators. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-107-01 ∗∗∗ Schneider Electric Triconex Tricon ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper restriction of operations within the bounds of a memory buffer vulnerabilities in Schneider Electrics Triconex Tricon safety instrumented system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02 ∗∗∗ Rockwell Automation Stratix Services Router ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation, improper restriction of operations, and use of externally-controlled format string vulnerabilities in the Rockwell Automation Stratix 5900 router. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03 ∗∗∗ Rockwell Automation Stratix and ArmorStratix Switches ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper improper input validation, resource management, memory buffer and externally-controlled format string vulnerabilities in Rockwell Automations Allen-Bradley Stratix and ArmorStratix Switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04 ∗∗∗ Rockwell Automation Stratix Industrial Managed Ethernet Switch ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper imput validation, resource managment, 7PK, memory buffer and externally-controlled format string vulnerabilities in Rockwell Automations Stratix Industrial Managed Switch. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05 ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Inputhub Driver of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180418-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.04.2018
by Daily end-of-shift report 17 Apr '18

17 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Montag 16-04-2018 18:00 − Dienstag 17-04-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Cisco Best Practices to Harden Devices Against Cyber Attacks Targeting Network Infrastructure ∗∗∗ --------------------------------------------- Cisco is aware of the recent joint technical alert from US-CERT (TA18-106A) that details known issues which require customers take steps to protect their networks against cyber-attacks. Providing transparency and guidance to help customers best protect their network is a top priority. Cisco security teams have been actively informing customers about the .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Wichtige Sicherheitsupdates für VMware vRealize Automation ∗∗∗ --------------------------------------------- Aktualisierte Versionen von vRealize Automation schließen mehrere Sicherheitslücken. Davon gilt keine als kritisch. --------------------------------------------- https://www.heise.de/meldung/Wichtige-Sicherheitsupdates-fuer-VMware-vReali… ∗∗∗ Kreditkartenklau, DDoS-Angriffe: Facebook löscht 117 Cybercrime-Gruppen ∗∗∗ --------------------------------------------- Von Forscher gemeldet – Waren teils seit vielen Jahren aktiv, größter Auftritt hatte 47.000 Mitglieder --------------------------------------------- http://derstandard.at/2000078122065 ===================== = Vulnerabilities = ===================== ∗∗∗ 2018-04-17: Vulnerability in Relion® 630 series version 1.3 and earlier - MMS Path Traversal ∗∗∗ --------------------------------------------- 2018-04-17: Vulnerability in Relion® 630 series version 1.3 and earlier - MMS Path Traversal --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=1MRS758878&LanguageC… ∗∗∗ 2018-04-17: Vulnerability in Relion® 630 series version 1.3 and earlier - Weak Database Encryption ∗∗∗ --------------------------------------------- 2018-04-17: Vulnerability in Relion® 630 series version 1.3 and earlier - Weak Database Encryption --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=1MRS758877&LanguageC… ∗∗∗ SSA-845879 (Last Update: 2018-04-17): Firmware Downgrade Vulnerability in EN100 Ethernet Communication Module for SIPROTEC 4, SIPROTEC Compact and Reyrolle ∗∗∗ --------------------------------------------- The EN100 Ethernet communication module, which is an optional extension for SIPROTEC 4, SIPROTEC Compact and Reyrolle devices, allows an unauthenticated upload of firmware updates to the communication module in affected versions.Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf ∗∗∗ SSA-203306 (Last Update: 2018-04-17): Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families ∗∗∗ --------------------------------------------- SIPROTEC 4 and SIPROTEC Compact devices could allow access authorization passwords to be reconstructed or overwritten via engineering mechanisms that involve DIGSI 4 and EN100 Ethernet communication modules.Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf ∗∗∗ IBM Security Bulletin: IBM i is affected by DHCP vulnerabilities CVE-2018-5732 and CVE-2018-5733. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022543 ∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by Drupal vulnerability (CVE-2018-7600) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015105 ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from PHP. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015535 ∗∗∗ IBM Security Bulletin: Security vulnerability affects IBM® Rational® Team Concert ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015454 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.04.2018
by Daily end-of-shift report 16 Apr '18

16 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-04-2018 18:00 − Montag 16-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ CVE-2018-7600: Kritische Drupal-Lücke wird ausgenutzt ∗∗∗ --------------------------------------------- Wer seine Drupal-Installation noch nicht gepatcht hat, soll dies spätestens jetzt nachholen. Nach der Veröffentlichung weiterer Details und einem auf Twitter zirkulierenden Exploit-Code wurden erste Angriffe beobachtet. (Drupal, CMS) --------------------------------------------- https://www.golem.de/news/cve-2018-7600-kritische-drupal-luecke-wird-ausgen… ∗∗∗ The March/April 2018 issue of our SWITCH Security Report is available! ∗∗∗ --------------------------------------------- The topics covered in this report are: - The dark side of the Data Force: Facebook, Cambridge Analytica, and the pressing question of who is using whose data for what - News from the world of state trojans: Microsoft’s analysis of FinFisher - Russian APT28 hackers’ month-long infiltration of the computer network of Germany’s federal government - Bitcoin bounty or close encounter: bizarre side-effects of cryptomining The Security Report is available in both English and German. --------------------------------------------- https://securityblog.switch.ch/2018/04/16/switch-security-report-201802/ ===================== = Vulnerabilities = ===================== ∗∗∗ Symantec Advanced Secure Gateway (ASG), ProxySG: Mehrere Schwachstellen ermöglichen u.a. Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Zwei Schwachstellen in Symantec Advanced Secure Gateway (ASG) und ProxySG ermöglichen einem einfach authentifizierten Angreifer im benachbarten Netzwerk die Durchführung von Cross-Site-Scripting (XSS)-Angriffen und das Umgehen von Sicherheitsvorkehrungen. Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann eine weitere Schwachstelle zu Denial-of-Service (DoS)-Angriffen ausnutzen. Diese Schwachstellen können nur über die Management-Konsole von ASG und ProxySG ausgenutzt werden. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-0705/ ∗∗∗ Schwachstelle in Intels SPI-Flash: Erste Firmware-Updates veröffentlicht ∗∗∗ --------------------------------------------- Ein Sicherheitsproblem in Intel-Chipsätzen ermöglicht lokalen Angreifern Firmware-Manipulationen bis hin zum Denial-of-Service. Als erster Hersteller stellt nun Lenovo BIOS/UEFI-Updates bereit. --------------------------------------------- https://heise.de/-4024853 ∗∗∗ Micro Focus Universal Configuration Management Database Lets Local Users Gain Elevated Privileges ∗∗∗ --------------------------------------------- A vulnerability was reported in Micro Focus Universal Configuration Management Database (UCMDB). A local user can obtain elevated privileges on the target system. A local user can exploit an installation file access control flaw to gain elevated privileges on the target system. --------------------------------------------- http://www.securitytracker.com/id/1040680 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-openssl and zsh), Debian (patch, perl, ruby-loofah, squirrelmail, tiff, and tiff3), Fedora (gnupg2), Gentoo (go), Mageia (firefox, flash-player-plugin, nxagent, puppet, python-paramiko, samba, and thunderbird), Red Hat (flash-plugin), Scientific Linux (python-paramiko), and Ubuntu (patch, perl, and ruby). --------------------------------------------- https://lwn.net/Articles/751947/ ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015421 ∗∗∗ OpenSSL vulnerability CVE-2018-0739 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K08044291 ∗∗∗ Apache Tomcat vulnerability CVE-2018-1305 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32051722 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.04.2018
by Daily end-of-shift report 13 Apr '18

13 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 12-04-2018 18:00 − Freitag 13-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Exploitation of Drupalgeddon2 Flaw Starts After Publication of PoC Code ∗∗∗ --------------------------------------------- The exploitation of a very dangerous Drupal vulnerability has started after the publication of proof-of-concept (PoC) code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/exploitation-of-drupalgeddon… ∗∗∗ "Early Bird" Code Injection Technique Helps Malware Stay Undetected ∗∗∗ --------------------------------------------- Security researchers have discovered at least three malware strains using a new code injection technique that allowed them to avoid antivirus detection. --------------------------------------------- https://www.bleepingcomputer.com/news/security/early-bird-code-injection-te… ∗∗∗ Office Macros ∗∗∗ --------------------------------------------- Eine kleine Bemerkung aus aktuellem Anlass: Ich hab gestern mal wieder meinen üblichen Vortrag zum Thema "Bedrohungslage" gehalten, und dabei auch - wie immer - erwähnt, dass Office-Macros gefährlich sind und eingeschränkt werden müssen. Im Publikum war klar zu erkennen, dass einige das bei sich nicht machen können. Verständlich, weil in so manchen Firmen wichtige Geschäftsprozesse als Excel-Macros implementiert [...] --------------------------------------------- http://www.cert.at/services/blog/20180413094624-2176.html ∗∗∗ Thousands of WP, Joomla and SquareSpace sites serving malicious updates ∗∗∗ --------------------------------------------- Thousands of compromised WordPress, Joomla and SquareSpace-based sites are actively pushing malware disguised as Firefox, Chrome and Flash Player updates onto visitors. This campaign has been going on since at least December 2017 and has been gaining steam. The malicious actors are injecting JavaScript that triggers the download requests into the content management systems' JavaScript files or directly into the sites' homepage. --------------------------------------------- https://www.helpnetsecurity.com/2018/04/13/wp-joomla-squarespace-malicious-… ∗∗∗ Android-Hersteller belügen Nutzer bei Sicherheits-Updates ∗∗∗ --------------------------------------------- Bis auf Google liefert niemand wirklich alle Patches aus – Samsung patzt manchmal, OnePlus, LG und Co. regelmäßig --------------------------------------------- http://derstandard.at/2000077842490 ∗∗∗ Introducing Snallygaster - a Tool to Scan for Secrets on Web Servers ∗∗∗ --------------------------------------------- https://blog.hboeck.de/archives/892-Introducing-Snallygaster-a-Tool-to-Scan… ===================== = Vulnerabilities = ===================== ∗∗∗ Yokogawa CENTUM and Exaopc ∗∗∗ --------------------------------------------- This advisory includes mitigations for a permissions, privileges, and access controls vulnerability in the Yokogawa CENTUM series and Exaopc products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-102-01 ∗∗∗ Oracle Critical Patch Update Pre-Release Announcement - April 2018 ∗∗∗ --------------------------------------------- This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for April 2018, which will be released on Tuesday, April 17, 2018. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html ∗∗∗ VMSA-2018-0009 ∗∗∗ --------------------------------------------- vRealize Automation updates address multiple security issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0009.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (apache), openSUSE (libvirt, openssl, policycoreutils, and zziplib), Oracle (firefox and python-paramiko), and Red Hat (python-paramiko). --------------------------------------------- https://lwn.net/Articles/751780/ ∗∗∗ Bugtraq: [security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541942 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014440 ∗∗∗ IBM Security Bulletin: IBM MQ clients connecting to an MQ queue manager can cause a SIGSEGV in the amqrmppa channel process terminating it. (CVE-2018-1371) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012983 ∗∗∗ IBM Security Bulletin: Open Source OpenSSL Vulnerabilities which is used by IBM PureApplication Systems/Service (CVE-2017-3736 CVE-2017-3738) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014945 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015346 ∗∗∗ IBM Security Bulletin: Content Collector for Email affected by privilege escalation vulnerability in WebSphere Application Server ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22015034 ∗∗∗ IBM Security Bulletin: Content Collector for Email affected by information disclosure vulnerability in Websphere Application Server ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22015032 ∗∗∗ BIG-IP TMM vulnerability CVE-2018-5510 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K77671456 ∗∗∗ BIG-IP IPsec tunnel endpoint vulnerability CVE-2017-6156 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K05263202 ∗∗∗ BIG-IP PEM vulnerability CVE-2018-5508 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10329515 ∗∗∗ BIG-IP SOCKS proxy vulnerability CVE-2017-6148 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55225440 ∗∗∗ vCMP Cavium Nitrox SSL hardware accelerator vulnerability CVE-2018-5507 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52521791 ∗∗∗ Apache vulnerability CVE-2018-5506 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65355492 ∗∗∗ TMUI vulnerability CVE-2018-5511 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30500703 ∗∗∗ BIG-IP TMM vulnerability CVE-2017-6158 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19361245 ∗∗∗ TMM vulnerability CVE-2017-6155 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10930474 ∗∗∗ IP Intelligence Feed List vulnerability CVE-2017-6143 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11464209 ∗∗∗ cURL and libcurl vulnerability CVE-2018-1000120 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K22052524 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.04.2018
by Daily end-of-shift report 12 Apr '18

12 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 11-04-2018 18:00 − Donnerstag 12-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Android Penetration Tools Walkthrough Series Dex2Jar, JD-GUI, and Baksmali ∗∗∗ --------------------------------------------- In this article, we will be focusing on the Android penetration testing tools such as Dex2Jar, JD-GUI, and Baksmali to work with reverse engineering Android APK files. --------------------------------------------- http://resources.infosecinstitute.com/android-penetration-tools-walkthrough… ∗∗∗ APT Trends report Q1 2018 ∗∗∗ --------------------------------------------- In the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on the relevant activities that we observed during Q1 2018. --------------------------------------------- http://securelist.com/apt-trends-report-q1-2018/85280/ ∗∗∗ New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection ∗∗∗ --------------------------------------------- Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools. --------------------------------------------- http://threatpost.com/new-early-bird-code-injection-technique-helps-apt33-e… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities ∗∗∗ --------------------------------------------- Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layers SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. It is used by video playback software, emulators, and popular games including Valves award winning catalog ... --------------------------------------------- http://blog.talosintelligence.com/2018/04/simple-direct-media-layer-vulnera… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (poppler), Fedora (koji and libofx), Gentoo (adobe-flash), Oracle (kernel), Red Hat (qemu-kvm-rhev and sensu), and Scientific Linux (firefox). --------------------------------------------- https://lwn.net/Articles/751668/ ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013955 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in the Apache Portal Runtime (CVE-2017-12613) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014874 ∗∗∗ IBM Security Bulletin: Security vulnerability has been identified in IBM Spectrum Scale which is used by IBM PureApplication Systems/Service (CVE-2017-1654) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015239 ∗∗∗ IBM Security Bulletin: IBM Cloud Manager is affected by a OpenSSL vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027142 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015344 ∗∗∗ IBM Security Bulletin: IBM Web Experience Factory is Affected by Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014914 ∗∗∗ JSA10844 - 2018-04 Security Bulletin: Junos OS: Kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10844&actp=RSS ∗∗∗ JSA10845 - 2018-04 Security Bulletin: SRX Series: Denial of service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10845&actp=RSS ∗∗∗ JSA10846 - 2018-04 Security Bulletin: SRX Series: A crafted packet may lead to information disclosure and firewall rule bypass during compilation of IDP policies. (CVE-2018-0018) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10846&actp=RSS ∗∗∗ JSA10847 - 2018-04 Security Bulletin: Junos: Denial of service vulnerability in SNMP MIB-II subagent daemon (mib2d) (CVE-2018-0019) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10847&actp=RSS ∗∗∗ JSA10848 - 2018-04 Security Bulletin: Junos OS: rpd daemon cores due to malformed BGP UPDATE packet (CVE-2018-0020) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10848&actp=RSS ∗∗∗ JSA10850 - 2018-04 Security Bulletin: NorthStar: Return Of Bleichenbachers Oracle Threat (ROBOT) RSA SSL attack (CVE-2017-1000385) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10850&actp=RSS ∗∗∗ JSA10851 - 2018-04 Security Bulletin: OpenSSL Security Advisory [07 Dec 2017] ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10851&actp=RSS ∗∗∗ JSA10852 - 2018-04 Security Bulletin: Junos OS: Multiple vulnerabilities in stunnel ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10852&actp=RSS ∗∗∗ JSA10853 - 2018-04 Security Bulletin: NSM Appliance: Multiple vulnerabilities resolved in CentOS 6.5-based 2012.2R12 release ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10853&actp=RSS ∗∗∗ Apache HTTPD vulnerability CVE-2018-1301 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K78131906 ∗∗∗ OpenSSH vulnerability CVE-2016-10708 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32485746 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.04.2018
by Daily end-of-shift report 11 Apr '18

11 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 10-04-2018 18:00 − Mittwoch 11-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Android Penetration Tools Walkthrough Series: Apktool ∗∗∗ --------------------------------------------- In this article, we will look at the step by step procedure to setup utility called “Apktool” and its usage in android application penetration testing. Introduction Apktool is a utility that can be used for reverse engineering Android applications resources (APK). --------------------------------------------- http://resources.infosecinstitute.com/android-penetration-tools-walkthrough… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Microsoft kümmert sich um mehr als 60 Lücken in Windows & Co. ∗∗∗ --------------------------------------------- Über Windows Update stehen Sicherheitsptaches bereit. Unter anderem schließen diese eine Lücke, über die Angreifer ein Wireless Keyboard in einen Keylogger verwandeln könnten. --------------------------------------------- https://heise.de/-4016580 ∗∗∗ Sicherheitsforscher: Intel-Modem macht neue iPhones für Schadcode anfällig ∗∗∗ --------------------------------------------- Eine Schwachstelle in Baseband-Prozessoren von Intel erlaubt versierten Angreifern das Einschleusen von Schadcode über das Mobilfunknetz. Betroffen sind laut Sicherheitsforschern neue iPhones bis hin zum iPhone X – iOS 11.3 schließt die Lücke. --------------------------------------------- https://heise.de/-4015828 ∗∗∗ AMD-Prozessoren bekommen Windows-10-Update gegen Spectre-V2-Lücke ∗∗∗ --------------------------------------------- Eine Kombination aus einem Windows-Update mit BIOS-Updates für Mainboards soll Windows-10-Rechner mit AMD-Prozessoren ab der 2011 vorgestellten Bulldozer-Generation schützen. --------------------------------------------- https://heise.de/-4016546 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pcs), Fedora (drupal7), openSUSE (git and mercurial), Red Hat (firefox and qemu-kvm-rhev), SUSE (libvirt and xen), and Ubuntu (patch). --------------------------------------------- https://lwn.net/Articles/751548/ ∗∗∗ Security Advisory - Multiple Vulnerabilities of PEM Module in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ Security Advisory - Invalid Memory Access Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180411-… ∗∗∗ Security Advisory - Information Leak Vulnerability in the NFC Module of Some Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180411-… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Service Quality Manager is affected by an Open Source Apache Commons FileUpload vulnerability (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015184 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect WebSphere MQ 5.3 and MQ 8 for HPE NonStop Server (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014367 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by an OpenLDAP vulnerability (CVE-2017-9287) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014873 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by glibc vulnerabilities (CVE-2015-8779, CVE-2015-8776) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014870 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Service Quality Manager is affected by an Open Source Apache POI vulnerability (CVE-2017-12626) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015185 ∗∗∗ IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012660 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by vulnerabilities in the wget package (CVE-2017-13090, CVE-2017-13089) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013885 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013851 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.04.2018
by Daily end-of-shift report 10 Apr '18

10 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Montag 09-04-2018 18:00 − Dienstag 10-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part II ∗∗∗ --------------------------------------------- In the previous article "Advanced Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part I," we discussed the advanced threat and common strategies that security professionals practice during targeted attacks in a windows infrastructure, using legitimate binaries. We also learned about the techniques to identify Spawned Processes with the help of the windows [...] --------------------------------------------- http://resources.infosecinstitute.com/advance-persistent-threat-lateral-mov… ∗∗∗ Entwickler warnt vor iOS-Angriffen über Kontakt-Berechtigungen ∗∗∗ --------------------------------------------- Apple unterscheidet aktuell nicht zwischen dem Schreiben und Lesen von Kontakten, wenn Nutzer Apps die Zugriffserlaubnis erteilen. Ein Entwickler schildert nun ein mögliches Szenario zum Abgreifen von Passwörtern. --------------------------------------------- https://heise.de/-4014136 ∗∗∗ Jetzt patchen! Angriffe auf Flash Player leichtgemacht ∗∗∗ --------------------------------------------- Derzeit sind vermehrt Exploits im Umlauf, die es auf eine Lücke in Adobes Flash Player abgesehen haben. Ein Sicherheitspatch erschien bereits im Februar. --------------------------------------------- https://www.heise.de/-4014258 ∗∗∗ BSI stellt Entwicklern Prüf-Tool für digitale Zertifikatsketten zur Verfügung ∗∗∗ --------------------------------------------- Software-Anwendungen wie Browser oder E-Mail-Clients und Hardware-Komponenten wie VPN-Gateways, die auf Grund von Programmierfehlern ungültige Zertifikatsketten akzeptieren, stellen ein Sicherheitsrisiko für die authentisierte und vertrauliche Kommunikation über das Internet dar. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) stellt nun ein Prüf-Tool bereit, das Entwickler bei der korrekten Implementierung dieser Zertifikatspfadvalidierung unterstützt. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/pruef_tool_… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-08), Adobe Experience Manager (APSB18-10), Adobe InDesign CC (APSB18-11), Digital Editions (APSB18-13) and the Adobe PhoneGap Push plugin (APSB18-15). Adobe recommends users update their product installations to the latest versions using [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1542 ∗∗∗ Signal Bypass Screen locker ∗∗∗ --------------------------------------------- Signal for iOS, version 2.23.1.1 and prior, is vulnerable to screen lock bypass. The vulnerability, triggered by some click sequence, allows anyone to bypass password and TouchID authentication protections that iOS users can set on their device in order to increase application security and confidentiality. --------------------------------------------- http://nint.en.do/Signal-Bypass-Screen-locker.php ∗∗∗ SAP Security Patch Day - April 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. --------------------------------------------- https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/ ∗∗∗ Update: Sicherheitslücken (teils kritisch) in Cisco IOS, Cisco IOS XE und Cisco IOS XR Software - Detaillierte Sicherheitshinweise für das Cisco IOS und IOS XE Smart Install Feature verfügbar ∗∗∗ --------------------------------------------- [...] Cisco hat ein Security Advisory mit Informationen zu CVE-2018-0171 und weiteren - teils schon älteren - Sicherheitslücken im Smart Install Feature von Cisco IOS und Cisco IOS XE veröffentlicht. Cisco empfiehlt die Umsetzung der im Advisory angeführten Maßnahmen zur Absicherung betroffener Systeme. --------------------------------------------- http://www.cert.at/warnings/all/20180329-2.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libvorbis and thunderbird), Debian (pjproject), Fedora (compat-openssl10, java-1.8.0-openjdk-aarch32, libid3tag, python-pip, python3, and python3-docs), Gentoo (ZendFramework), Oracle (thunderbird), Red Hat (ansible, gcc, glibc, golang, kernel, kernel-alt, kernel-rt, krb5, kubernetes, libvncserver, libvorbis, ntp, openssh, openssl, pcs, policycoreutils, qemu-kvm, and xdg-user-dirs), SUSE (openssl and openssl1), and Ubuntu (python-crypto, [...] --------------------------------------------- https://lwn.net/Articles/751454/ ∗∗∗ IBM Security Bulletin: eDiscovery Manager is affected by GSKit and GSKit-Crypto vulnerabilities ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014742 ∗∗∗ IBM Security Bulletin: IBM Communications Server for Data Center Deployment, IBM Communications Server for AIX, IBM Communications Server for Linux, and IBM Communications Server for Linux on System z are affected by a vulnerability. gskit ssl ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013978 ∗∗∗ IBM Security Bulletin: IBM Communications Server for Windows is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015200 ∗∗∗ NTP vulnerability CVE-2018-7185 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04912972 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.04.2018
by Daily end-of-shift report 09 Apr '18

09 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 06-04-2018 18:00 − Montag 09-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ ARP Spoofing in 2018: are you protected?, (Mon, Apr 9th) ∗∗∗ --------------------------------------------- This week I was reminded how efficient ARP (Address Resolution Protocol) spoofing attacks might be. A single Android device equipped with offensive tools was enough to fool any device on a network and capture sensitive data. But wait, we are talking about a threat as old as ARP specification from 1982. There arent vulnerable networks to this nowadays, right? Wrong. --------------------------------------------- https://isc.sans.edu/diary/rss/23533 ∗∗∗ Hacked Website Trend Report – 2017 ∗∗∗ --------------------------------------------- We are proud to be releasing our latest Hacked Website Trend Report for 2017. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented stems from the analysis of 34,371 infected websites summarizing the latest trends by bad actors. --------------------------------------------- https://blog.sucuri.net/2018/04/hacked-website-trend-report-2017.html ∗∗∗ The dots do matter: how to scam a Gmail user ∗∗∗ --------------------------------------------- I recently received an email from Netflix which nearly caused caused me to add my card details to someone else’s Netflix account. Here I show that this is a new kind of phishing scam which is enabled by an obscure feature of Gmail called “the dots don’t matter”. I then argue that the dots do matter, and that this Gmail feature is in fact a misfeature. --------------------------------------------- https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-… ∗∗∗ Event Log Auditing, Demystified ∗∗∗ --------------------------------------------- the topic of reviewing event logs has received a fair amount grunts, groans, and questions such as “You honestly expect us to review all of that data?!” or “We have so many systems! Where would we even begin?” or “We already have enough on our plate to worry about!”. Fortunately, the times have changed, and log aggregation has matured over a relatively short amount of time. Its existence alone however is not the complete answer to log auditing woes. --------------------------------------------- https://medium.com/@jeremy.trinka/event-log-auditing-demystified-75b55879f0… ∗∗∗ How to prevent bypassing AppLocker using Alternate Data Streams ∗∗∗ --------------------------------------------- I usually write my blog-posts in german. This one is in english, because Sami Laiho asked me to do a short write-up, to make this problem available to a broader audience. Who is affected and what’s the problem? If you are using AppLocker Application-Whitelisting using Path-Rules with Exceptions you are probably affected. --------------------------------------------- https://hitco.at/blog/howto-prevent-bypassing-applocker-using-alternate-dat… ∗∗∗ Nicht bestellen bei salewaz.top! ∗∗∗ --------------------------------------------- Auf der Website salewaz.top findet man Kleidung und Sportausrüstung der bekannten Marke Salewa. Die Preise der Angebote sind um vieles niedriger als üblich für Salewa-Produkte, weshalb ein Kauf auf den ersten Blick attraktiv erscheint. KonsumentInnen sollten in diesem Shop auf keinen Fall bestellen, denn es handelt sich um betrügerische Anbieter und es wird trotz Bezahlung keine Ware verschickt. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bestellen-bei-salewaztop/ ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure ∗∗∗ --------------------------------------------- Data in the CyberArk Password Vault may be accessed through a proprietary network protocol. While answering to a client's logon request, the vault discloses around 50 bytes of its memory to the client. --------------------------------------------- http://www.securityfocus.com/archive/1/541931 ∗∗∗ Bugtraq: [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution ∗∗∗ --------------------------------------------- The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. --------------------------------------------- http://www.securityfocus.com/archive/1/541932 ∗∗∗ Authentication Bypass Vulnerability Found in Auth0 Identity Platform ∗∗∗ --------------------------------------------- A critical authentication bypass vulnerability has been discovered in one of the biggest identity-as-a-service platform Auth0 that could have allowed a malicious attacker to access any portal or application, which are using Auth0 service for authentication. Auth0 offers token-based authentication solutions for a number of platforms including the ability to integrate social media ... --------------------------------------------- https://thehackernews.com/2018/04/auth0-authentication-bypass.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (openssl and zziplib), Debian (ldap-account-manager, ming, python-crypto, sam2p, sdl-image1.2, and squirrelmail), Fedora (bchunk, koji, libidn, librelp, nodejs, and php), Gentoo (curl, dhcp, libvirt, mailx, poppler, qemu, and spice-vdagent), Mageia (389-ds-base, aubio, cfitsio, libvncserver, nmap, and ntp), openSUSE (GraphicsMagick, ImageMagick, spice-gtk, and wireshark), Oracle (kubernetes), Slackware (patch), and SUSE (apache2 and openssl). --------------------------------------------- https://lwn.net/Articles/751346/ ∗∗∗ The BIG-IP DNS/GTM system may be exposed to DNS hijacking when the BIG-IP system host name belongs to a public domain name that the BIG-IP owner does not control ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32518458 ∗∗∗ Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Notice - Statement on the Media Disclosure of the Security Vulnerabilities in the Intel CPU Architecture Design ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180104-01-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Samba affect IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022524 ∗∗∗ IBM Security Bulletin: Vulnerability in sendmail impacts AIX (CVE-2014-3956) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027341 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.04.2018
by Daily end-of-shift report 06 Apr '18

06 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 05-04-2018 18:00 − Freitag 06-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Remote Execution Flaw Threatens Apps Built Using Spring Framework — Patch Now ∗∗∗ --------------------------------------------- Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it. Spring Framework is a popular, lightweight and an open source framework for developing Java-based enterprise applications. In an [...] --------------------------------------------- https://thehackernews.com/2018/04/spring-framework-hacking.html ∗∗∗ Sicherheitsforscher finden 1,5 Milliarden sensible Daten ∗∗∗ --------------------------------------------- Forscher des IT-Sicherheitsanbieters Digital Shadows haben eigenen Angaben zufolge weltweit rund 1,5 Milliarden Datensätze in falsch konfigurierten und daher frei zugänglichen Online-Speichern gefunden. Darunter befinden sich sensible Informationen wie medizinische Daten, Gehaltsabrechnungen oder Patente. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/news_forscher_fin… ∗∗∗ From PNG tEXt to Persistent XSS ∗∗∗ --------------------------------------------- I was on job for a client and was playing around with various endpoints they have for uploading files. They're really strict on several things and will only accept files with a .PNG extension. In one place, however, you were able to upload files with a .html extension ... score. Well, not really. You're allowed to upload [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/from-png-text-to-persistent-x… ∗∗∗ Warnung vor sportspoort.de ∗∗∗ --------------------------------------------- Der Online-Shop sportspoort.de verkauft günstige Adidas-Schuhe. Es handelt sich um gefälschte Markenware. Konsument/innen können sie ausschließlich über eine unsichere Verbindung mit ihrer Kreditkarte bezahlen. Die Watchlist Internet rät von einem Einkauf auf sportspoort.de ab, denn der Anbieter ist kriminell. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-sportspoortde/ ===================== = Vulnerabilities = ===================== ∗∗∗ Rockwell Automation MicroLogix ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper authentication vulnerability in the Rockwell MicroLogix Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-01 ∗∗∗ Moxa MXview ∗∗∗ --------------------------------------------- This advisory includes mitigations for an information exposure vulnerability in the Moxa MXview network management software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-02 ∗∗∗ LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper check or handling of exceptional conditions vulnerability in LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (sharutils), Fedora (firefox, httpd, and mod_http2), openSUSE (docker-distribution, graphite2, libidn, and postgresql94), Oracle (libvorbis and thunderbird), Red Hat (libvorbis, python-paramiko, and thunderbird), Scientific Linux (libvorbis and thunderbird), SUSE (apache2), and Ubuntu (firefox, linux-lts-xenial, linux-aws, and ruby1.9.1, ruby2.0, ruby2.3). --------------------------------------------- https://lwn.net/Articles/751146/ ∗∗∗ [local] Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44410/ ∗∗∗ [local] Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44411/ ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1483) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22015317 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos TM1 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015269 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Insight ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015268 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache commons-fileupload affects IBM Algo One Algo Risk Application (ARA) CVE-2016-1000031 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015340 ∗∗∗ Intel SPI Flash Unsafe Opcodes Lets Local Users Cause Denial of Service Conditions ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040626 ∗∗∗ [R1] SecurityCenter 5.6.2.1 Fixes One Third-party Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-03 ∗∗∗ The BIG-IP ASM CSRF token may fail to renew when the original web server renews its session ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K70517410 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.04.2018
by Daily end-of-shift report 05 Apr '18

05 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 04-04-2018 18:00 − Donnerstag 05-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Intel Tells Users to Uninstall Remote Keyboard App Over Unpatched Security Bugs ∗∗∗ --------------------------------------------- Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether. --------------------------------------------- https://www.bleepingcomputer.com/news/security/intel-tells-users-to-uninsta… ∗∗∗ Natus Neuroworks: Sicherheitslücken in Gehirnscan-Software entdeckt ∗∗∗ --------------------------------------------- Der Scan der Hirnaktivitäten ist nicht gefährdet, das Krankenhaus aber schon: Sicherheitsexperten haben Schwachstellen in der Software von EEG-Geräten gefunden, die es ermöglichen, Code auf dem Gerät auszuführen und sich Zugriff auf das Krankenhausnetz zu verschaffen. (Security, Cisco) --------------------------------------------- https://www.golem.de/news/natus-neuroworks-sicherheitsluecken-in-gehirnscan… ∗∗∗ Apples Dateisystem: APFS-Probleme bleiben bestehen ∗∗∗ --------------------------------------------- Nach dem letzten Problem rund um die Klartextspeicherung von Passwörtern zu verschlüsselten APFS-Datenträgern stellt sich nach weiteren Untersuchungen heraus, dass die Passwörter mit 10.13.4 weiter lesbar sind. Die Passwörter verbleiben auch nach dem Patch in den Logs. (APFS, Apple) --------------------------------------------- https://www.golem.de/news/apples-dateisystem-apfs-probleme-bleiben-bestehen… ∗∗∗ Understanding Code Signing Abuse in Malware Campaigns ∗∗∗ --------------------------------------------- Using a machine learning system, we analyzed 3 million software downloads, involving hundreds of thousands of internet-connected machines, and provide insights in this three-part blog series. In the first part of this series, we took a closer look at unpopular software downloads and the risks they pose to organizations. We also briefly mentioned the problem regarding code signing abuse, which we will elaborate on in this post. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/understanding-c… ∗∗∗ Critical Infrastructure at Risk: Advanced Actors Target Smart Install Client ∗∗∗ --------------------------------------------- Cisco has recently become aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol. Some of these attacks are believed to be associated with nation-state actors, such as those described in U.S. CERTs recent alert. --------------------------------------------- http://blog.talosintelligence.com/2018/04/critical-infrastructure-at-risk.h… ∗∗∗ Keine 358.80 Euro an toxflix.de und ähnliche Streaming-Plattformen zahlen! ∗∗∗ --------------------------------------------- Die CINE STAR LTD ist laut Impressum verantwortlich für Streaming-Webseiten wie toxflix.de, roxflix.de oder laflix.de. Auf den Seiten werden Filme zum Streamen angeboten, vorab ist aber eine Registrierung durch die InteressentInnen notwendig. Die Anmeldung führt nach Ablauf einer 5-Tagesfrist zum Abschluss einer Premium-Mitgliedschaft und Forderungen in der Höhe von 358,80 Euro im Jahr. Der Betrag muss nicht bezahlt werden, denn ein gültiger Vertrag kommt nie zustande! --------------------------------------------- https://www.watchlist-internet.at/news/keine-35880-euro-an-toxflixde-und-ae… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (drupal), Debian (openjdk-7), Fedora (exempi, gd, and tomcat), SUSE (python-paramiko), and Ubuntu (kernel, libvncserver, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-lts-trusty, and linux-raspi2). --------------------------------------------- https://lwn.net/Articles/751026/ ∗∗∗ Vuln: Atlassian Bamboo CVE-2018-5224 Remote Security Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/103653 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013308 ∗∗∗ IBM Security Bulletin: A vulnerability in Open Source Bind affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014266 ∗∗∗ IBM Security Bulletin: Potential spoofing attack in Liberty for Java for IBM Cloud (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015292 ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM HTTP Server used by IBM WebSphere Application Server which is shipped with IBM PureApplication System (CVE-2017-12618) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011238 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Java SE affect IBM Spectrum Protect™ Plus ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014937 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK that affect IBM PureApplication System ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015284 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational Synergy ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015161 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and Client Management Service (CVE-2017-10295, CVE-2017-10355, CVE-2017-10356) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013492 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2017-10295, CVE-2017-10355) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013493 ∗∗∗ IBM Security Bulletin: Potential Privilege Escalation and Information disclosure affect IBM WebSphere Application Server in IBM Cloud (CVE-2017-1731, CVE-2017-1741) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014721 ∗∗∗ IBM Security Bulletin: IBM Distributed Marketing Could Allow an Authenticated but Unauthorized User with Special Access to Change Security Policies (CVE-2017-1109) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015044 ∗∗∗ IBM Security Bulletin: IBM SPSS Statistics is affected by multiple GSKit vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015252 ∗∗∗ IBM Security Bulletin: XML External Entity Injection (XXE) Vulnerability Impacts IBM Campaign (CVE-2015-0254) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015263 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for ACH Services, Financial Transaction Manager for Check Services, and Financial Transaction Manager for Corporate Payment Services for ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014821 ∗∗∗ IBM Security Bulletin: Denial of Service in Apache CXF used by Liberty for Java for IBM Cloud (CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015296 ∗∗∗ IBM Security Bulletin: Information Disclosure in IBM HTTP Server and Denial of Service in Apache CXF used by IBM WebSphere Application Server for IBM Cloud (CVE-2017-12613, CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015297 ∗∗∗ FreeBSD IPsec AH Option Header Infinite Loop Lets Remote Users Cause the Target System to Crash ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040628 ∗∗∗ HPE integrated Lights Out (iLO) TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040630 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.04.2018
by Daily end-of-shift report 04 Apr '18

04 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 03-04-2018 18:00 − Mittwoch 04-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Intel Admits It Wont Be Possible to Fix Spectre (V2) Flaw in Some Processors ∗∗∗ --------------------------------------------- As speculated by the researcher who disclosed Meltdown and Spectre flaws in Intel processors, some of the Intel processors will not receive patches for the Spectre (variant 2) side-channel analysis attack In a recent microcode revision guidance (PDF), Intel admits that it would not be possible to address the Spectre design flaw in its specific old CPUs, because it requires changes to the --------------------------------------------- https://thehackernews.com/2018/04/intel-spectre-vulnerability.html ∗∗∗ Pocket cryptofarms - Investigating mobile apps for hidden mining ∗∗∗ --------------------------------------------- We've noticed that attackers no longer limit themselves to servers, desktops, and laptops. They are increasingly drawn to mobile devices, mainly Android. We decided to take a closer look to see which mobile apps stealthily mine digital coins on user devices and how widespread they are. --------------------------------------------- https://securelist.com/pocket-cryptofarms/85137/ ∗∗∗ BSI warnt vor Sicherheitslücken in iTunes für Windows ∗∗∗ --------------------------------------------- Apples Medienverwaltung enthält mehrere kritische Fehler – nicht nur in der enthaltenen Browser-Engine WebKit. Sicherheits-Bugs stecken auch in der iCloud-Unterstützung für Windows. --------------------------------------------- https://heise.de/-4010622 ∗∗∗ Nvidia patcht mehrere Lücken in GPU-Treibern ∗∗∗ --------------------------------------------- Lücken in mehreren Nvidia-Grafikkartentreibern können unter anderem für die Code-Ausführung aus der Ferne missbraucht werden. Gepatchte Versionen stehen zum Download bereit. --------------------------------------------- https://www.heise.de/-4010707 ∗∗∗ LockCrypt ransomware: weakness in code can lead to recovery ∗∗∗ --------------------------------------------- A lesser-known variant called LockCrypt ransomware has been creeping around under the radar since June 2017. We take a look inside its code and expose its flaws. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/04/lockcrypt-ransomware/ ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft Malware Protection Engine: Sicherheitsupdate behebt kritische Schwachstelle ∗∗∗ --------------------------------------------- Am 03.04.18 hat Microsoft ein Update zur Behebung des kritischen Fehlers CVE-2018-0986 in der hauseigenen Antiviren-Software (Microsoft Malware Protection Engine) benutzt in zum Beispiel Windows Defender, Microsoft Security Essentials, Microsoft Intune Endpoint, Microsoft Forefront Endpoint 2010 sowie in Exchange Server 2013 und 2016 unter den Systemen Windows 7 bis Windows 10 beziehungsweise [...] --------------------------------------------- http://www.cert.at/services/blog/20180404151337-2161.html ∗∗∗ Siemens Building Technologies Products ∗∗∗ --------------------------------------------- This advisory includes mitigations for a series of vulnerabilities in Siemens Building Technologies Products, including stack-based buffer overflows, security features, improper restriction of operations within the bounds of a memory buffer, NULL pointer deference, XML entity expansion, heap-based buffer overflow, and improper access control. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01 ∗∗∗ USN-3618-1: LibVNCServer vulnerability ∗∗∗ --------------------------------------------- LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic. [...] It was discovered that LibVNCServer incorrectly handled certain packetlengths. A remote attacker able to connect to a LibVNCServer could possiblyuse this issue [...] --------------------------------------------- https://usn.ubuntu.com/3618-1/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apache2, ldap-account-manager, and openjdk-7), Fedora (libuv and nodejs), Gentoo (glibc and libxslt), Mageia (acpica-tools, openssl, and php), SUSE (clamav, coreutils, and libvirt), and Ubuntu (kernel, libraw, linux-hwe, linux-gcp, linux-oem, and python-crypto). --------------------------------------------- https://lwn.net/Articles/750902/ ∗∗∗ IBM Security Bulletin: This Power Hardware Management Console (HMC) update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 (known as Spectre and Meltdown). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022442 ∗∗∗ Cacti Input Validation Flaw in get_current_page() Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040620 ∗∗∗ WordPress 4.9.5 Security and Maintenance Release ∗∗∗ --------------------------------------------- https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.04.2018
by Daily end-of-shift report 03 Apr '18

03 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-03-2018 18:00 − Dienstag 03-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Java Deserialization Attack Against Windows, (Tue, Apr 3rd) ∗∗∗ --------------------------------------------- Recently we talked a lot about attacks exploiting Java deserialization vulnerabilties in systems like Apache SOLR and WebLogic. Most of these attacks targeted Linux/Unix systems. But recently, I am seeing more attacks that target windows. For example: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/23513 ∗∗∗ Sicherheitslücke in Apple Mail erlaubte Mitlesen verschlüsselter Nachrichten ∗∗∗ --------------------------------------------- Mit macOS 10.13.4 behebt der Mac-Hersteller einen Bug, über den Angreifer im lokalen Netz an Inhalte von mit S/MIME gesicherter Post gelangen konnten. Ob frühere Betriebssysteme weiterhin betroffen sind, bleibt unklar. --------------------------------------------- https://heise.de/-4009761 ∗∗∗ Fake-Profile sammeln auf Facebook Telefonnummern ∗∗∗ --------------------------------------------- Kriminelle erstellen auf Facebook Fake-Profile und geben sich so als Freund oder Freundin möglicher Opfer aus. Anschließend versuchen sie an die Telefonnummer der Betroffenen zu kommen, um Einkäufe über deren Mobilfunkrechnung tätigen zu können. Wer in die Falle tappt, verliert sein Geld. --------------------------------------------- https://www.watchlist-internet.at/news/fake-profile-sammeln-auf-facebook-te… ∗∗∗ iPhone X-Gewinnspiel kostet 89 Euro im Monat ∗∗∗ --------------------------------------------- Für die Teilnahme an einem iPhone X-Gewinnspiel auf braingamemasters.com sollen Konsumenten monatlich 89 Euro bezahlen. Der Betrag wird für eine Mitgliedschaft für das Spiel Trainyourbrainskils in Rechnung gestellt. Konsumenten müssen den Betrag nicht bezahlen, denn dafür gibt es keinen Rechtsgrund. --------------------------------------------- https://www.watchlist-internet.at/news/iphone-x-gewinnspiel-kostet-89-euro-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability ∗∗∗ --------------------------------------------- This vulnerability is discovered by Patrick DeSantis and Dave McDaniel of Cisco TalosToday, Talos is disclosing TALOS-2017-0507 (CVE-2017-14459), a vulnerability that has been identified in Moxa AWK-3131A industrial wireless access point. --------------------------------------------- http://blog.talosintelligence.com/2018/04/vulnerability-spotlight-moxa-awk-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot, irssi, libevt, libvncserver, mercurial, mosquitto, openssl, python-django, remctl, rubygems, and zsh), Fedora (acpica-tools, dovecot, firefox, ImageMagick, mariadb, mosquitto, openssl, python-paramiko, rubygem-rmagick, and thunderbird), Mageia (flash-player-plugin and squirrelmail), Slackware (php), and Ubuntu (dovecot). --------------------------------------------- https://lwn.net/Articles/750759/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (beep and jruby), Fedora (libvncserver), and Ubuntu (openjdk-7 and openjdk-8). --------------------------------------------- https://lwn.net/Articles/750829/ ∗∗∗ 21 IBM Security Advisories 2018-04-03 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ [webapps] osCommerce 2.3.4.1 - Remote Code Execution ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44374/?rss ∗∗∗ Security Advisory - Multiple Buffer Overflow Vulnerabilities in Bastet of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-… ∗∗∗ Security Advisory - MITM Vulnerability in Huawei Themes App in Some Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170908-… ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180106-… ∗∗∗ Android Security Bulletin - April 2018 ∗∗∗ --------------------------------------------- https://source.android.com/security/bulletin/2018-04-01.html ∗∗∗ Linux kernel vulnerability CVE-2017-17448 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01043241 ∗∗∗ Apache Commons FileUpload vulnerability CVE-2016-1000031 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K25206238 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.03.2018
by Daily end-of-shift report 30 Mar '18

30 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 29-03-2018 18:00 − Freitag 30-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ 10 Steps to Avoid Insecure Deserialization ∗∗∗ --------------------------------------------- You might think that your applications are secure and safe from prying eyes, but hackers are using ever more sophisticated methods to capture your user data over the Internet. We will explore some of the most common insecure deserialization methods that have been uncovered recently, and look at 10 steps that can be implemented [...] --------------------------------------------- http://resources.infosecinstitute.com/10-steps-avoid-insecure-deserializati… ∗∗∗ How to Identify and Mitigate XXE Vulnerabilities ∗∗∗ --------------------------------------------- Security vulnerabilities that are created through the serialization of sensitive data are well known, yet some developers are still falling into this trap. We will look at some basic web application safeguards that you can employ to keep your applications hardened against this growing threat. To help understand this growing problem, we will turn [...] --------------------------------------------- http://resources.infosecinstitute.com/identify-mitigate-xxe-vulnerabilities/ ∗∗∗ ENISA publishes the first comprehensive study on cyber Threat Intelligence Platforms ∗∗∗ --------------------------------------------- ENISA has released the first comprehensive study on cyber Threat Intelligence Platforms (TIPs) focused on the needs of consumers, users, developers, vendors and the security research community. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-publishes-first-study-on-… ===================== = Vulnerabilities = ===================== ∗∗∗ Philips iSite/IntelliSpace PACS Vulnerabilities ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for vulnerabilities identified in the Philips Philips iSite and IntelliSpace PACS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-088-01 ∗∗∗ WAGO 750 Series ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper resource shutdown or release vulnerability in the WAGO 750 series PLC. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-088-01 ∗∗∗ Siemens TIM 1531 IRC ∗∗∗ --------------------------------------------- This advisory includes mitigations for an incorrect implementation of authentication algorithm vulnerability in the Siemens TIM 1531 IRC communications modules. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-088-02 ∗∗∗ Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability in the Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-088-03 ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Original release date: March 29, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:iOS 11.3, tvOS 11.3, watchOS 4.3, Xcode 9.3 [...] --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/29/Apple-Releases-Mul… ∗∗∗ Kritische Sicherheitslücke in Microsoft Windows - Patch verfügbar ∗∗∗ --------------------------------------------- Microsoft hat ein Security Advisory sowie ein Sicherheitsupdate dazu ausserhalb des normalen Patch-Zyklus veröffentlicht. Der Bug ermöglicht einem Angreifer durch eine Privilege Escalation beliebigen Code mit Kernel Rechten auszuführen. CVE: CVE-2018-1038 Details: Durch Ausnutzen der Lücke kann ein Angreifer höhere Rechte auf betroffenen Systemen erlangen, und [...] --------------------------------------------- http://www.cert.at/warnings/all/20180330.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (memcached, openssl, openssl1.0, php5, thunderbird, and xerces-c), Fedora (python-notebook, slf4j, and unboundid-ldapsdk), Mageia (kernel, libvirt, mailman, and net-snmp), openSUSE (aubio, cacti, cacti-spine, firefox, krb5, LibVNCServer, links, memcached, and tomcat), Slackware (ruby), SUSE (kernel and python-paramiko), and Ubuntu (intel-microcode). --------------------------------------------- https://lwn.net/Articles/750573/ ∗∗∗ IBM Security Bulletin: IBM Web Experience Factory is Affected by an Apache Poi Vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014912 ∗∗∗ IBM Security Bulletin: IBM Aspera Platform On Demand, IBM Aspera Server On Demand, IBM Aspera Faspex On Demand, IBM Aspera Shares On Demand, IBM Aspera Transfer Cluster Manager is affected by the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012643 ∗∗∗ IBM Security Bulletin: Potential spoofing attack in IBM WebSphere Application Server in IBM Cloud (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014798 ∗∗∗ IBM Security Bulletin: IBM MobileFirst Platform Foundation is vulnerable to cross-site scripting (CVE-2017-1772) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000369 ∗∗∗ IBM Security Bulletin: OpenSource Apache ActiveMQ vulnerabilities identified with IBM Tivoli Integrated Portal (TIP) v2.2 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014179 Next End-of-Day report: 2018-04-03 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.03.2018
by Daily end-of-shift report 29 Mar '18

29 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 28-03-2018 18:00 − Donnerstag 29-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Total Meltdown? ∗∗∗ --------------------------------------------- Did you think Meltdown was bad? Unprivileged applications being able to read kernel memory at speeds possibly as high as megabytes per second was not a good thing. Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse [...] --------------------------------------------- https://blog.frizk.net/2018/03/total-meltdown.html ∗∗∗ Warnung vor Travel Planet Amsterdam ∗∗∗ --------------------------------------------- Urlauber/innen finden auf Travel Planet Amsterdam (travelplanetamsterdam.com) günstige Unterkünfte. Sie sind von fremden Websites kopiert und in Wahrheit nicht bei dem Anbieter buchbar. Die Unterkünfte sollen Reisende vorab bezahlen. Das Geld ist verloren, denn Travel Planet Amsterdam ist ein betrügerischer Anbieter, der keine Leistung erbringt. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-travel-planet-amsterdam/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate: Angreifer könnten Firefox und Tor Browser lahmlegen ∗∗∗ --------------------------------------------- Die Entwickler haben die Lücke in Firefox 59.0.2, Firefox ESR 52.7.3 und Tor Browser 7.5.3 geschlossen. Alle vorigen Ausgaben sind bedroht. Angriffe sollen aus der Ferne ohne Authentifizierung möglich sein. Das von der Schwachstelle ausgehende Risiko gilt als "hoch". --------------------------------------------- https://heise.de/-4007839 ∗∗∗ Citrix XenServer 7.2 Multiple Security Updates ∗∗∗ --------------------------------------------- A number of security issues have been identified within Citrix XenServer 7.2 which could, if exploited, allow a malicious man-in-the-middle (MiTM) attacker on the management network to decrypt management traffic. Collectively, this has been rated as a medium severity vulnerability; the following issues have been remediated: CVE-2016-2107 CVE-2016-2108 --------------------------------------------- https://support.citrix.com/article/CTX233832 ∗∗∗ Sicherheitslücken (teils kritisch) in Cisco IOS, Cisco IOS XE und Cisco IOS XR Software - Patches verfügbar ∗∗∗ --------------------------------------------- Sicherheitslücken (teils kritisch) in Cisco IOS, Cisco IOS XE und Cisco IOS XR Software - Patches verfügbar 29. März 2018 Beschreibung Cisco hat 20 Security Advisories zu teils kritischen Sicherheitslücken in Cisco IOS, Cisco IOS XE und Cisco IOS XR Software veröffentlicht. Drei der Schwachstellen werden mit einem CVSS Base Score von 9.8 als kritisch eingestuft: ... --------------------------------------------- http://www.cert.at/warnings/all/20180329-2.html ∗∗∗ Kritische Sicherheitslücke in Drupal - Updates verfügbar ∗∗∗ --------------------------------------------- Kritische Sicherheitslücke in Drupal - Updates verfügbar 29. März 2018 Beschreibung In der verbreiteten CMS-Software Drupal ist eine kritische Sicherheitslücke entdeckt worden. Durch Ausnutzung dieses Fehlers kann auf betroffenen Systemen beliebiger Code (mit den Rechten des Webserver-Users) ausgeführt werden. CVE-Nummer: CVE-2018-7600 --------------------------------------------- http://www.cert.at/warnings/all/20180329.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7, graphicsmagick, libdatetime-timezone-perl, thunderbird, and tzdata), Fedora (gd, libtiff, mozjs52, and nmap), Gentoo (thunderbird), Red Hat (openstack-tripleo-common, openstack-tripleo-heat-templates and sensu), SUSE (kernel, libvirt, and memcached), and Ubuntu (icu, librelp, openssl, and thunderbird). --------------------------------------------- https://lwn.net/Articles/750432/ ∗∗∗ Bugtraq: CA20180328-01: Security Notice for CA API Developer Portal ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541902 ∗∗∗ IBM Security Bulletin: IBM SPSS Statistics is affected by an Apache Poi vulnerability (CVE-2017-12626) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015075 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000372 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2017-10295, CVE-2017-10345, CVE-2017-10355, CVE-2017-10356) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013651 ∗∗∗ IBM Security Bulletin: IBM MQ Clients can send a specially crafted message that could cause a channel to SIGSEGV. (CVE-2017-1747) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012992 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099794 ∗∗∗ cURL and libcurl vulnerability CVE-2017-2628 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35453761 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.03.2018
by Daily end-of-shift report 28 Mar '18

28 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 27-03-2018 18:00 − Mittwoch 28-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Many VPN Providers Leak Customers IP Address via WebRTC Bug ∗∗∗ --------------------------------------------- Around 20% of todays top VPN solutions are leaking the customers IP address via a WebRTC bug known since January 2015, and which apparently some VPN providers have never heard of. --------------------------------------------- https://www.bleepingcomputer.com/news/security/many-vpn-providers-leak-cust… ∗∗∗ 10 Best Practices for Mobile App Penetration Testing ∗∗∗ --------------------------------------------- Penetration testing is one of the best ways to thoroughly check your defense perimeters for security weaknesses. Pentesting can be used across the entire spectrum of an IT infrastructure, including network, web application and database security. But today [...] --------------------------------------------- http://resources.infosecinstitute.com/10-best-practices-mobile-app-penetrat… ∗∗∗ How to Set Up a Web App Pentesting Lab in 4 Easy Steps ∗∗∗ --------------------------------------------- A pentesting lab can be a small entity used by one security tester, consisting of one or two computers; or it could be a larger set of networked computers behind a closed or secured network, used by a group of security testers. --------------------------------------------- http://resources.infosecinstitute.com/set-web-app-pentesting-lab-4-easy-ste… ∗∗∗ Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the draft release of the security configuration baseline settings for the upcoming Windows 10 version 1803, codenamed "Redstone 4." Please evaluate this proposed baseline and send us your feedback via blog comments below. Download the content here: DRAFT-Windows-10-v1803-RS4 The downloadable attachment to this blog post includes importable GPOs, scripts for applying [...] --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2018/03/27/security-baseline-f… ∗∗∗ Unmasking Monero: stripping the currency’s privacy protection ∗∗∗ --------------------------------------------- The features that make blockchains trustworthy may leave them vulnerable to retrospective action. --------------------------------------------- https://nakedsecurity.sophos.com/2018/03/28/unmasking-monero-stripping-the-… ∗∗∗ TA18-086A: Brute Force Attacks Conducted by Cyber Actors ∗∗∗ --------------------------------------------- [...] According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of brute force attack known as password spraying against organizations in the United States and abroad. On February 2018 [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA18-086A ∗∗∗ Legacy technologies as a threat to EU's telecommunications infrastructure ∗∗∗ --------------------------------------------- EU level assessment of the current sets of protocols used in interconnections in telecommunications (SS7, Diameter). --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/legacy-technologies-as-a-threat… ∗∗∗ Internet Ombudsmann und Watchlist Internet Jahresbericht 2017 ∗∗∗ --------------------------------------------- Der Internet Ombudsmann informiert auf der Watchlist Internet über Internet-Betrug, Fallen und Fakes. Die Watchlist Internet verfolgt das Ziel, Leser/innen dabei zu helfen, dass sie Verbrechensversuche erkennen und keine Opfer von Cybercrime werden. Im vergangenen Jahr 2017 verfügte die Watchlist Internet über 906 redaktionelle Beiträge und verzeichnete 1,45 Millionen Seitenaufrufe. --------------------------------------------- https://www.watchlist-internet.at/news/internet-ombudsmann-und-watchlist-in… ∗∗∗ Betrügerische Mahnungen von Prolex Inkasso ∗∗∗ --------------------------------------------- Konsument/innen erhalten im Auftrag von unseriösen Streaming-Plattformen eine Mahnung von Prolex Inkasso. Darin heißt es, dass Empfänger/innen ihre offenen Rechnungen nicht beglichen haben. Deshalb sollen sie 467,16 Euro an Prolex zahlen. Die Mahnung ist betrügerisch, eine Zahlungspflicht besteht nicht. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-mahnungen-von-prolex-… ===================== = Vulnerabilities = ===================== ∗∗∗ Apples Festplattendienstprogramm "Disk Util.app" von macOS 10.13 High Sierra kann Passwort von verschlüsselten APFS-Dateisystemen offenlegen ∗∗∗ --------------------------------------------- Die Ausnutzung der Schwachstelle ermöglicht es einem lokalen Angreifer mit Administratorrechten und Zugriff auf das System-Log mit Besitz des externen Datenträgers das verschlüsselte APFS-Dateisystem zu entschlüsseln. Alle Nutzer des Festplattenprogramms sollten auf Ihren Systemen die neueste Version installieren, sobald diese zur Verfügung steht. Bis dahin sollten die Nutzer [...] --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/03/warn… ∗∗∗ Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 ∗∗∗ --------------------------------------------- This advisory includes mitigations for several vulnerabilities in the Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 PLCs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01 ∗∗∗ Philips Alice 6 Vulnerabilities ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for improper authentication and missing data encryption vulnerabilities identified in the Philips Alice 6 System product. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (slf4j), Debian (firefox-esr, mupdf, net-snmp, and samba), Fedora (apache-commons-compress, calibre, chromium, glpi, kernel, libvncserver, libvorbis, mozjs52, ntp, slurm, sqlite, and wireshark), openSUSE (librelp), SUSE (librelp, LibVNCServer, and qemu), and Ubuntu (firefox and zsh). --------------------------------------------- https://lwn.net/Articles/750291/ ∗∗∗ Vuln: ImageMagick CVE-2018-8960 Heap Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/103523 ∗∗∗ Security Advisory - Improper Authorization Vulnerability on Huawei Switch Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180328-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM B2B Advanced Communications ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014642 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects IBM DataPower Gateways (CVE-2017-15906) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014534 ∗∗∗ IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1654) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012162 ∗∗∗ RSA Authentication Agent for Web Multiple Flaws Let Remote Users Deny Service and Conduct Cross-Site Scripting Attacks and Let Local Users Obtain Potentially Sensitive Information ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040577 ∗∗∗ [R1] Tenable Appliance 4.7.0 Fixes One Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.03.2018
by Daily end-of-shift report 27 Mar '18

27 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 26-03-2018 18:00 − Dienstag 27-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Academics Discover New CPU Side-Channel Attack Named BranchScope ∗∗∗ --------------------------------------------- A team of academics from four US universities have discovered a new side-channel attack that takes advantage of the speculative execution feature in modern processors to recover data from users CPUs. --------------------------------------------- https://www.bleepingcomputer.com/news/security/academics-discover-new-cpu-s… ∗∗∗ Exploit kit development has gone to sh$t... ever since Adobe Flash was kicked to the curb ∗∗∗ --------------------------------------------- Coinkidink? Nah. Crooks are switching tactics There was a big drop in exploit kit development last year, and experts have equated this to the phasing out of Adobe Flash. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/03/27/exploit_kit… ∗∗∗ E-Mail-Verschlüsselung: Enigmail 2.0 ist da ∗∗∗ --------------------------------------------- Mit der neuen Enigmail-Version 2.0 für den Mail-Client Thunderbird kann man unter anderem neben Text in Mails nun auch die Betreffzeile verschlüsseln. --------------------------------------------- https://heise.de/-4005589 ∗∗∗ The Last Windows XP Security White Paper ∗∗∗ --------------------------------------------- Using the strategies and procedures we present in our paper could help prevent an attacker from taking control of your computer --------------------------------------------- https://www.welivesecurity.com/2018/03/27/last-windows-xp-security-white-pa… ===================== = Vulnerabilities = ===================== ∗∗∗ Mozilla Releases Security Updates for Firefox ∗∗∗ --------------------------------------------- Original release date: March 27, 2018 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 59.0.2 and Firefox ESR 52.7.3 and apply the necessary updates. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/27/Mozilla-Releases-S… ∗∗∗ 2018-02-06 (updated 2018-03-27): Vulnerability in MicroSCADA Pro SYS600 9.x - Improper Access Control ∗∗∗ --------------------------------------------- 3.2.2018 Original document, 16.3.2018 Fix for SYS600 9.3 systems is available. Clarified file system permissions for created Windows groups, see FAQ. --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=1MRS257731&LanguageC… ∗∗∗ OpenSSL Security Advisory [27 Mar 2018] ∗∗∗ --------------------------------------------- Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) --------------------------------------------- https://openssl.org/news/secadv/20180327.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, irssi, and librelp), Gentoo (busybox and plib), Mageia (exempi and jupyter-notebook), openSUSE (clamav, dhcp, nginx, python-Django, python3-Django, and thunderbird), Oracle (slf4j), Red Hat (slf4j), Scientific Linux (slf4j), Slackware (firefox), SUSE (librelp), and Ubuntu (screen-resolution-extra). --------------------------------------------- https://lwn.net/Articles/750207/ ∗∗∗ Bugtraq: Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541897 ∗∗∗ DFN-CERT-2018-0574: Librelp: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0574/ ∗∗∗ DFN-CERT-2018-0573: Jenkins-Plugins: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0573/ ∗∗∗ DFN-CERT-2018-0575: Sophos UTM: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0575/ ∗∗∗ DFN-CERT-2018-0581: Apache Struts: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0581/ ∗∗∗ Security Notice - Statement on Command Injection Vulnerability in Huawei HG655m Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180327-01-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099782 ∗∗∗ IBM Security Bulletin: ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027315 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014717 ∗∗∗ IBM Security Bulletin: IBM B2B Advanced Communications is Affected by an XML External Entity Injection (XXE) Attack when Processing XML Data ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014656 ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM Security Privileged Identity Manager is affected by sensitive information in page comments vulnerability (CVE-2017-1705) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014988 ∗∗∗ NTP vulnerability CVE-2018-7184 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13540723 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.03.2018
by Daily end-of-shift report 26 Mar '18

26 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 23-03-2018 18:00 − Montag 26-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Microsoft unterbindet RDP-Anfragen von ungepatchten Clients ∗∗∗ --------------------------------------------- Eine kritische Sicherheitslücke in Microsofts Credential Security Support Provider versetzt Angreifer in die Lage, beliebigen Code auszuführen. Deswegen unterbindet das Unternehmen demnächst Verbindungsversuche ungepatchter Clients, Admins sollten also schnell handeln. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-microsoft-unterbindet-rdp-anfra… ∗∗∗ Threat Landscape for Industrial Automation Systems in H2 2017 ∗∗∗ --------------------------------------------- Kaspersky Lab ICS CERT publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017. The main objective of these publications is to provide information support to incident response teams, enterprise information security staff and researchers in the area of industrial facility security. --------------------------------------------- http://securelist.com/threat-landscape-for-industrial-automation-systems-in… ∗∗∗ KVA Shadow: Mitigating Meltdown on Windows ∗∗∗ --------------------------------------------- On January 3rd, 2018, Microsoft released an advisory and security updates that relate to a new class of discovered hardware vulnerabilities, termed speculative execution side channels, that affect the design methodology and implementation decisions behind many modern microprocessors. This post dives into the technical details of Kernel Virtual Address (KVA) Shadow which is the Windows [...] --------------------------------------------- https://blogs.technet.microsoft.com/srd/2018/03/23/kva-shadow-mitigating-me… ∗∗∗ Adding Backdoors at the Chip Level ∗∗∗ --------------------------------------------- Interesting research into undetectably adding backdoors into computer chips during manufacture: "Stealthy dopant-level hardware Trojans: extended version," also available here:Abstract: In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing [...] --------------------------------------------- https://www.schneier.com/blog/archives/2018/03/adding_backdoor.html ∗∗∗ Web Application Penetration Testing Cheat Sheet ∗∗∗ --------------------------------------------- This cheatsheet is intended to run down the typical steps performed when conducting a web application penetration test. I will break these steps down into sub-tasks and describe the tools I recommend using at each level. --------------------------------------------- https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodo… ∗∗∗ Gefälschte A1-Mail fordert SIM-Karten-Aktualisierung ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte A1-Nachricht. Darin fordern sie Kund/innen dazu auf, dass sie ihre SIM-Karten-Details aktualisieren. Das soll auf einer gefälschten A1-Website geschehen. Kund/innen, die der Aufforderung nachkommen, übermitteln sensible Informationen an Kriminelle und werden Opfer eines Datendiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-a1-mail-fordert-sim-kart… ∗∗∗ Achtung vor gefälschter Klarna-Rechnung! ∗∗∗ --------------------------------------------- Unter dem Betreff "Offene Rechnung von Klarna" versenden Kriminelle gefälschte Rechnungen. EmpfängerInnen werden in der E-Mail aufgefordert eine angehängte ZIP-Datei zu öffnen, um weiterführende Informationen zu offenen Beträgen zu erhalten. Die ZIP-Datei enthält jedoch Schadsoftware, Betroffene dürfen die Datei daher nicht öffnen und sollten die E-Mail löschen. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-gefaelschter-klarna-rech… ∗∗∗ Forgot About Default Accounts? No Worries, GoScanSSH Didn’t ∗∗∗ --------------------------------------------- This blog post was authored by Edmund Brumaghin, Andrew Williams, and Alain Zidouemba.Executive SummaryDuring a recent Incident Response (IR) engagement, Talos identified a new malware family that was being used to compromise SSH servers exposed to the internet. This malware, which we have named GoScanSSH, was written using the Go programming language, and exhibited several interesting characteristics. This is not the first malware family that Talos has observed that was written using Go. --------------------------------------------- http://blog.talosintelligence.com/2018/03/goscanssh-analysis.html ∗∗∗ One Year Later, Hackers Still Target Apache Struts Flaw ∗∗∗ --------------------------------------------- One year after researchers saw the first attempts to exploit a critical remote code execution flaw affecting the Apache Struts 2 framework, hackers continue to scan the Web for vulnerable servers. The vulnerability in question, tracked as CVE-2017-5638, affects Struts 2.3.5 through 2.3.31 and Struts 2.5 through 2.5.10. The security hole was addressed on March 6, 2017 with the release of versions 2.3.32 and 2.5.10.1. The bug, caused due to improper handling of the Content-Type header, can be [...] --------------------------------------------- https://www.securityweek.com/one-year-later-hackers-still-target-apache-str… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bchunk, thunderbird, and xerces-c), Debian (freeplane, icu, libvirt, and net-snmp), Fedora (monitorix, php-simplesamlphp-saml2, php-simplesamlphp-saml2_1, php-simplesamlphp-saml2_3, puppet, and qt5-qtwebengine), openSUSE (curl, libmodplug, libvorbis, mailman, nginx, opera, python-paramiko, and samba, talloc, tevent), Red Hat (python-paramiko, rh-maven35-slf4j, rh-mysql56-mysql, rh-mysql57-mysql, rh-ruby22-ruby, rh-ruby23-ruby, and [...] --------------------------------------------- https://lwn.net/Articles/750150/ ∗∗∗ Bugtraq: Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541891 ∗∗∗ Norton App Lock Authentication Bypass ∗∗∗ --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… ∗∗∗ DFN-CERT-2018-0566: Nmap: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0566/ ∗∗∗ DFN-CERT-2018-0569: Moodle: Zwei Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0569/ ∗∗∗ DFN-CERT-2018-0571: Mozilla Thunderbird: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0571/ ∗∗∗ DFN-CERT-2018-0570: Apache Software Foundation HTTP-Server (httpd): Mehrere Schwachstellen ermöglichen u.a. die Manipulation von Sitzungsdaten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0570/ ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in Business Space affects IBM Business Process Manager, WebSphere Process Server, and WebSphere Enterprise Service Bus (CVE-2018-1384) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012604 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (CVE-2017-1767) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012396 ∗∗∗ IBM Security Bulletin: Potential information leakage in IBM Business Process Manager (CVE-2017-1756) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010796 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects Rational Engineering Lifecycle Manager ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014831 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.03.2018
by Daily end-of-shift report 23 Mar '18

23 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 22-03-2018 18:00 − Freitag 23-03-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Wichtige Updates sichern GitLab ab ∗∗∗ --------------------------------------------- Wer Software-Projekte über GitLab verwaltet, sollte zügig die aktuellen Sicherheitspatches installieren. Sonst könnten Angreifer eventuell Schadcode ausführen. --------------------------------------------- https://www.heise.de/meldung/Wichtige-Updates-sichern-GitLab-ab-4002151.html ∗∗∗ Atlanta: Kryptotrojaner trifft Stadtverwaltung ∗∗∗ --------------------------------------------- Die US-Metropole Atlanta wurde von einem Kryptotrojaner getroffen, der Teile des Computernetzes der Stadtregierung lahmgelegt hat. Derzeit versuchen das FBI und das Heimatschutzministerium, das Problem zu beheben. --------------------------------------------- https://www.heise.de/meldung/Atlanta-Kryptotrojaner-trifft-Stadtverwaltung-… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIMATIC WinCC OA UI Mobile App ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper access control vulnerability in the Siemens WinCC OA UI mobile app for Android and IOS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-081-01 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multiplatforms ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014820 ∗∗∗ IBM Security Bulletin: There are potential Cross Site Scripting (XSS) vulnerabilities in the Duplicate Detect component in Financial Transaction Manager (FTM) for Check Services (CVE-2018-1390) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014795 ∗∗∗ IBM Security Bulletin: IBM API Connect has released 5.0.8.2 iFix in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014530 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.03.2018
by Daily end-of-shift report 22 Mar '18

22 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 21-03-2018 18:00 − Donnerstag 22-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 10 Steps to Detect Lateral Movement in a Data Breach ∗∗∗ --------------------------------------------- Many enterprises spend millions of dollars on solutions that promise to bolster their security. However, much less focus is placed on the ability to detect lateral movement during a breach. --------------------------------------------- http://resources.infosecinstitute.com /10-steps-detect-lateral-movement-data-breach/ ∗∗∗ Siri plaudert geheime Nachrichten von iPhone-Nutzern aus ∗∗∗ --------------------------------------------- Neu entdeckter Bug unterwandert zentrale Sicherheitssperren des Apple-Smartphones --------------------------------------------- http://derstandard.at/2000076603171 ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: ModSecurity WAF 3.0 for Nginx - Denial of Service ∗∗∗ --------------------------------------------- During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set. In the system logs I found information about the Nginx worker processes being terminated due to memory corruption errors. --------------------------------------------- http://www.securityfocus.com/archive/1/541886 ∗∗∗ JSON API - Moderately critical - Access Bypass - SA-CONTRIB-2018-016 ∗∗∗ --------------------------------------------- This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently check access when viewing related resources or relationships, thereby causing an access bypass vulnerability. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-016 ∗∗∗ DFN-CERT-2018-0557/">Oracle Solaris: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in ISC BIND, ISC DHCP und Wireshark für Oracle Solaris 11.3 ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0557/ ∗∗∗ Drupal stellt Sicherheitsupdate für extrem kritische Lücke in Aussicht ∗∗∗ --------------------------------------------- Wer das CMS Drupal einsetzt, sollte sich den 28. März im Kalender markieren, um wichtige Sicherheitsupdates für verschiedene Versionen zu installieren. --------------------------------------------- https://heise.de/-4001063 ∗∗∗ Flaws in ManageEngine apps opens enterprise systems to compromise ∗∗∗ --------------------------------------------- Researchers have discovered multiple severe vulnerabilities in ManageEngine’s line of tools for internal IT support teams, which are used by over half of Fortune 500 companies. About the vulnerabilities The first flaw affects EventLog Analyzer 11.8 and Log360 5.3, and could be exploited to achieve remote code execution with the same privileges as the user that started the application, by uploading a web shell to be written to the web root. --------------------------------------------- https://www.helpnetsecurity.com/2018/03/22/manageengine-apps-flaws/ ∗∗∗ TMM WebSocket vulnerability CVE-2018-5504 ∗∗∗ --------------------------------------------- In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed WebSocket requests/responses, which allows remote attackers to cause a denial of service (DoS) or possible remote code execution on the BIG-IP system. (CVE-2018-5504) This vulnerability allows unauthorized remote code execution and disruption of service through an unspecified crafted WebSocket packet. --------------------------------------------- https://support.f5.com/csp/article/K11718033 ∗∗∗ Multiple Wireshark vulnerabilities ∗∗∗ --------------------------------------------- A remote attacker can transmit crafted packets while a BIG-IP administrator account runs the tshark utility with the affected protocol parsers via Advanced Shell (bash). This causes the tshark utility to stop responding and may allow remote code execution from the BIG-IP administrator account. --------------------------------------------- https://support.f5.com/csp/article/K34035645 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-libvorbis), Debian (exempi and polarssl), Gentoo (collectd and webkit-gtk), openSUSE (postgresql96), SUSE (qemu), and Ubuntu (libvorbis). --------------------------------------------- https://lwn.net/Articles/749958/ ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerability ( CVE-2018-1429). ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014046 ∗∗∗ IBM Security Bulletin: Vulnerability found in OpenSSL release used by Windows and z/OS Security Identity Adapters (CVE-2017-3736) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014629 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099781 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011787 ∗∗∗ IBM Security Bulletin: Vulnerability in GNU C Library affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-15670) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099788 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a denial of service vulnerability in cURL (CVE-2017-1000257) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011740 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011746 ∗∗∗ IBM Security Bulletin: Vulnerability found in OpenSSL release used by Windows and z/OS Security Identity Adapters (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014628 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by multiple vulnerabilities in IBM Tivoli Integrated Portal (TIP) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014253 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.03.2018
by Daily end-of-shift report 21 Mar '18

21 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 20-03-2018 18:00 − Mittwoch 21-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ IETF 101: TLS 1.3 ist jetzt wirklich fertig ∗∗∗ --------------------------------------------- Auf der IETF-Tagung in London ist TLS 1.3 beschlossen worden. In wenigen Wochen dürfte der Standard für Verschlüsselung im Web dann auch als RFC erscheinen. --------------------------------------------- https://www.golem.de/news/ietf-101-tls-1-3-ist-jetzt-wirklich-fertig-1803-1… ∗∗∗ Ryzenfall, Fallout & Co: AMD bestätigt Sicherheitslücken in Ryzen- und Epyc-Prozessoren ∗∗∗ --------------------------------------------- Der Chiphersteller AMD konnte die Sicherheitslücken in Epyc- und Ryzen-CPUs sowie Promontory-Chipsätzen nachvollziehen und kündigt Sicherheitspatches für die betroffenen Systeme an. --------------------------------------------- https://heise.de/-4000040 ∗∗∗ Nmap 7.70 released: Better service and OS detection, 9 new NSE scripts, and more! ∗∗∗ --------------------------------------------- Nmap is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. --------------------------------------------- https://www.helpnetsecurity.com/2018/03/21/nmap-7-70-released/ ∗∗∗ Keine 3D Secure Passwort-Aktualisierung notwendig ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte CardComplete-Nachricht. Darin fordern sie Empfänger/innen dazu auf, dass sie ihre persönlichen Daten aktualisieren. Das soll auf einer gefälschten Website geschehen und angeblich notwendig sein, damit Kund/innen weiterhin das 3D Secure-Verfahren nützen können. In Wahrheit übermitteln sie mit einer Aktualisierung ihre Kreditkartendaten an Betrüger/innen. --------------------------------------------- https://www.watchlist-internet.at/news/keine-3d-secure-passwort-aktualisier… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0543/">GitLab: Zwei Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Eine Schwachstelle ermöglicht einem vermutlich nicht authentisierten Angreifer mit Netzwerkzugriff auf eine GitLab-Instanz die Durchführung eines Server-Side-Request-Forgery (SSRF)-Angriffs, mit Hilfe von manipulierten Web-Anfragen, und dadurch unter anderem das Ausspähen von Informationen, das Umgehen von Sicherheitsvorkehrungen sowie die Ausführung beliebigen Programmcodes. Eine weitere Schwachstelle betrifft nur die GitLab Community Edition (CE) und ermöglicht einem authentisierten Angreifer durch eine Auth0-Anmeldung die Anmeldung eines anderen Benutzers und dadurch möglicherweise dessen Benutzerrechte zu erlangen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0543/ ∗∗∗ DFN-CERT-2018-0547/">Google Chrome, Chromium: Mehrere Schwachstellen ermöglichen nicht weiter spezifizierte Angriffe ∗∗∗ --------------------------------------------- Ein Angreifer kann aufgrund mehrerer Schwachstellen in Google Chrome und Chromium verschiedene, nicht weiter spezifizierte Angriffe ausführen. In der Vergangenheit konnten derartige Schwachstellen zumeist von einem entfernten und nicht authentisierten Angreifer ausgenutzt werden. Google stellt Chrome 65.0.3325.181 für Windows, macOS und Linux als Sicherheitsupdate zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0547/ ∗∗∗ DFN-CERT-2018-0551/">SpiderMonkey (mozjs): Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in SpiderMonkey ermöglichen einem entfernten und nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes. Eine Schwachstelle ermöglicht dem Angreifer einen Denial-of-Service (DoS)-Angriff, eine weitere das Umgehen von Sicherheitsvorkehrungen. Ein lokaler, nicht authentisierter Angreifer kann außerdem Informationen ausspähen. Mozilla stellt analog zur kürzlich veröffentlichten Version 52.7.2 von Firefox ESR eine aktuelle Version der JavaScript-Engine SpiderMonkey zur Verfügung, macht aber keine Angaben über die dadurch behobenen Schwachstellen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0551/ ∗∗∗ [openssl-announce] Forthcoming OpenSSL releases ∗∗∗ --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0h and 1.0.2o. These releases will be made available on 27th March 2018 between approximately 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in these releases is MODERATE. --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html ∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗ --------------------------------------------- A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for some XenServer versions, allow a remote attacker to compromise the host. The following vulnerabilities have been addressed: CVE-2016-2074: openvswitch: MPLS buffer overflow vulnerability CVE-2018-7540: DoS via non-preemptable L3/L4 pagetable freeing CVE-2018-7541: grant table v2 -> v1 transition may crash Xen --------------------------------------------- https://support.citrix.com/article/CTX232655 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (plexus-utils), Fedora (calibre, cryptopp, curl, dolphin-emu, firefox, golang, jhead, kernel, libcdio, libgit2, libvorbis, ming, net-snmp, patch, samba, xen, and zsh), Red Hat (collectd and rh-mariadb101-mariadb and rh-mariadb101-galera), and Ubuntu (paramiko and tiff). --------------------------------------------- https://lwn.net/Articles/749871/ ∗∗∗ Security Advisory - Out-Of-Bounds Write Vulnerability on Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-… ∗∗∗ Security Advisory - Integer overflow Vulnerability in Bdat Driver of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-… ∗∗∗ Security Advisory - Weak Algorithm Vulnerability on Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-… ∗∗∗ Security Advisory - Out-Of-Bounds Write Vulnerability on Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180214-… ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180106-… ∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to the vulnerability known as Spectre (CVE-2017-5715) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099757 ∗∗∗ IBM Security Bulletin: One vulnerability in IBM Java SDK affects IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, v1.0.2, v5.0.2, v5.0.2.1, v5.0.3, v5.0.4, v5.0.4.1 (CVE-2017-10356) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014797 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-1000100) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099787 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099786 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM NeXtScale Fan Power Controller (FPC) (CVE-2017-3735) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099793 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014815 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.03.2018
by Daily end-of-shift report 20 Mar '18

20 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 19-03-2018 18:00 − Dienstag 20-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Administrators Password Bad Practice, (Tue, Mar 20th) ∗∗∗ --------------------------------------------- Just a quick reminder about some bad practices while handling Windows Administrator credentials. --------------------------------------------- https://isc.sans.edu/diary/rss/23465 ∗∗∗ This Android malware redirects calls you make to your bank to go to scammers instead ∗∗∗ --------------------------------------------- Once installed the malware will intercept mobile calls you attempt to make to your bank, and instead direct them to a scammer impersonating an agent working for the bank. Furthermore, the malware will intercept calls from the *scammers*, and display a fake caller ID to make it appear as though the call is really from the legitimate bank. Very sneaky. --------------------------------------------- https://www.grahamcluley.com/this-android-malware-redirects-calls-you-make-… ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: ES2018-05 Kamailio heap overflow ∗∗∗ --------------------------------------------- A specially crafted REGISTER message with a malformed `branch` or `From tag` triggers an off-by-one heap overflow. Abuse of this vulnerability leads to denial of service in Kamailio. Further research may show that exploitation leads to remote code execution. --------------------------------------------- http://www.securityfocus.com/archive/1/541874 ∗∗∗ Bugtraq: CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries ∗∗∗ --------------------------------------------- Compass Security discovered a design weakness in Microsoft Intune's iOS Keychain management. This allows users to access company data even after the device has been unenrolled. --------------------------------------------- http://www.securityfocus.com/archive/1/541875 ∗∗∗ DFN-CERT-2018-0526/">Apache Commons Compress: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann mit Hilfe einer speziell präparierten ZIP-Archivdatei einen Denial-of-Service-Angriff auf Apache Commons Compress und auf Software, die dessen ZIP-Paket verwendet, durchführen. Der Hersteller veröffentlicht zur Behebung der Schwachstelle die Version Commons Compress 1.16. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0526/ ∗∗∗ DFN-CERT-2018-0532/">SDL2, SDL2_image: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Eine Vielzahl von Schwachstellen in verschiedenen Komponenten von SDL2_image ermöglicht einem entfernten, nicht authentisierten Angreifer mit Hilfe manipulierter Bilddateien, welche ein Benutzer anzeigen muss, die Ausführung beliebigen Programmcodes sowie die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0532/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (clamav, curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), openSUSE (various KMPs), Oracle (firefox), Scientific Linux (firefox), SUSE (java-1_7_1-ibm), and Ubuntu (memcached). --------------------------------------------- https://lwn.net/Articles/749757/ ∗∗∗ [R1] Nessus 7.0.3 Fixes One Vulnerability ∗∗∗ --------------------------------------------- When installing Nessus to a directory outside of the default location, Nessus did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. --------------------------------------------- http://www.tenable.com/security/tns-2018-01 ∗∗∗ Geutebruck IP Cameras ∗∗∗ --------------------------------------------- This advisory includes mitigations for several vulnerabilities in the Geutebrück IP Cameras. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01 ∗∗∗ Siemens SIMATIC, SINUMERIK, and PROFINET IO ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability in the Siemens SIMATIC, SINUMERIK, and PROFINET IO products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-079-02 ∗∗∗ IBM Security Bulletin: Denial of Service attack affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-3768) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099791 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Ncurses affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099790 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099766 ∗∗∗ IBM Security Bulletin: Vulnerability in Linux Kernel affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099767 ∗∗∗ IBM Security Bulletin: Vulnerabilities in HTTPD affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099759 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099758 ∗∗∗ IBM Security Bulletin: Vulnerability in strongSwan affects IBM Chassis Management Module (CVE-2017-11185) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099779 ∗∗∗ IBM Security Bulletin: Vulnerabilities in expat affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099765 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM Chassis Management Module (CVE-2017-1000100) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099776 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Chassis Management Module (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099775 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.03.2018
by Daily end-of-shift report 19 Mar '18

19 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-03-2018 18:00 − Montag 19-03-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Ab sofort: Cyber-Security-Hotline der WKO für Unternehmen ∗∗∗ --------------------------------------------- Cyberattacken können jedes Unternehmen treffen - im Falle des Falles ist rasche Hilfe wichtig. Dafür sorgt die Hotline der WKO unter 0800 888 133. --------------------------------------------- https://futurezone.at/b2b/ab-sofort-cyber-security-hotline-der-wko-fuer-unt… ∗∗∗ Großes Missbrauchspotenzial beim Bundestrojaner ∗∗∗ --------------------------------------------- Der Bundestrojaner ist laut Verfassungsjuristen rechtlich "kaum angreifbar". Missbrauch ist nach Meinung von IT-Experten kaum zu kontrollieren. --------------------------------------------- https://futurezone.at/netzpolitik/grosses-missbrauchspotenzial-beim-bundest… ∗∗∗ VB2017 paper: The life story of an IPT - Inept Persistent Threat actor ∗∗∗ --------------------------------------------- At VB2017 in Madrid, Polish security researcher and journalist Adam Haertlé presented a paper about a very inept persistent threat. Today, we publish both the paper and the recording .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/03/vb2017-paper-life-story-ipt-… ∗∗∗ Pwn2Own: Touch Bar eines MacBook Pro via Safari gehackt ∗∗∗ --------------------------------------------- Über die Ausnutzung von insgesamt drei Fehlern gelang es einem Sicherheitsforscher, aus dem Browser heraus tief in macOS einzugreifen. Auch ein weiterer Safari-Hack verlief erfolgreich. --------------------------------------------- https://www.heise.de/meldung/Pwn2Own-Touch-Bar-eines-MacBook-Pro-via-Safari… ∗∗∗ Hacker-Wettbewerb Pwn2Own: Firefox, Edge und Safari fallen um wie die Fliegen ∗∗∗ --------------------------------------------- Dieses Jahr haben die Pwn2Own-Veranstalter ein Preisgeld von zwei Millionen US-Dollar ausgerufen. Trotz einiger Hack-Erfolge blieb ein Großteil der Prämie jedoch im Topf. --------------------------------------------- https://www.heise.de/meldung/Hacker-Wettbewerb-Pwn2Own-Firefox-Edge-und-Saf… ∗∗∗ Passwort-Tresor Webbrowser: Firefox pfuscht seit neun Jahren beim Master-Kennwort ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher warnt erneut: In Firefox und Thunderbird gespeicherte Passwörter sind nicht effektiv vor Datendiebstahl geschützt. --------------------------------------------- https://www.heise.de/meldung/Passwort-Tresor-Webbrowser-Firefox-pfuscht-sei… ∗∗∗ Hackerangriff auf deutsches Regierungsnetz nur punktuell erfolgreich ∗∗∗ --------------------------------------------- Berlin will sich stärker gegen Cyberattacken schützen --------------------------------------------- http://derstandard.at/2000076371068 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4144 openjdk-8 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4144 ∗∗∗ DSA-4143 firefox-esr - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4143 ∗∗∗ DSA-4145 gitlab - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4145 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.03.2018
by Daily end-of-shift report 16 Mar '18

16 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-03-2018 18:00 − Freitag 16-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ TROOPERS 18 Wrap-Up Day #2 ∗∗∗ --------------------------------------------- Hello Readers, here is my wrap-up of the second day. Usually, the second day is harder in the morning due to the social events but, at TROOPERS, they organize the hacker run started at 06:45 for the most motivated of us. Today, the topic of the 3rd track switched from [...] --------------------------------------------- https://blog.rootshell.be/2018/03/15/troopers-18-wrap-day-2/ ∗∗∗ Schwachstelle in Chrome RDP für macOS: Gast kann vollen Remote-Zugriff erhalten ∗∗∗ --------------------------------------------- Ein Fehler in Googles Fernwartungs-Tool Chrome Remote Desktop kann es Unbefugten ohne Kenntnis eines Passwortes ermöglichen, einen aktiven Nutzer-Account auf dem entfernten Mac zu übernehmen, warnen Sicherheitsforscher. --------------------------------------------- https://heise.de/-3996450 ∗∗∗ Sofacy Uses DealersChoice to Target European Government Agency ∗∗∗ --------------------------------------------- Back in October 2016, Unit 42 published an initial analysis on a Flash exploitation framework used by the Sofacy threat group called DealersChoice. The attack consisted of Microsoft Word delivery documents that contained Adobe Flash objects capable of loading additional malicious Flash objects embedded in the file or directly provided by a command and control server. Sofacy continued to use [...] --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-deal… ∗∗∗ Hintertüren in USB-Controllern auch in Intel-Systemen vermutet ∗∗∗ --------------------------------------------- Einige der kürzlich von CTS-Labs gemeldeten Sicherheitslücken von AMD-Chips betreffen auch PCIe-USB-3.0-Controller von ASMedia, die auf vielen Mainboards für Intel-Prozessoren sitzen. --------------------------------------------- https://heise.de/-3996868 ∗∗∗ Qrypter RAT Hits Hundreds of Organizations Worldwide ∗∗∗ --------------------------------------------- Hundreds of organizations all around the world have been targeted in a series of attacks that leverage the Qrypter remote access Trojan (RAT), security firm Forcepoint says. The malware, often mistaken for the Adwind cross-platform backdoor, has been around for a couple of years, and was developed by an underground group called 'QUA R&D', which offers a Malware-as-a-Service (MaaS) platform. --------------------------------------------- https://www.securityweek.com/qrypter-rat-hits-hundreds-organizations-worldw… ∗∗∗ Abusing Duo 2FA ∗∗∗ --------------------------------------------- On a recent client engagement, our customer asked us to look at their use of Duo Security multifactor authentication that protected Windows workstation logins. It was configured to send a push notification to users' phones whenever they logged in or unlocked, either physically at the console or over remote desktop. --------------------------------------------- https://www.pentestpartners.com/security-blog/abusing-duo-2fa/ ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2018-0008 ∗∗∗ --------------------------------------------- Workstation and Fusion updates address a denial-of-service vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0008.html ∗∗∗ VMSA-2018-0007.2 ∗∗∗ --------------------------------------------- VMware Virtual Appliance updates address side-channel analysis due to speculative execution 2018-03-15: Updated in conjunction with the release of Identity Manager (vIDM) 3.2 and vRealize Automation (vRA) 7.3.1 on 2018-03-15. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0007.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (clamav and firefox-esr), openSUSE (Chromium and kernel-firmware), Oracle (firefox), Red Hat (ceph), Scientific Linux (firefox), Slackware (curl), and SUSE (java-1_7_1-ibm and mariadb). --------------------------------------------- https://lwn.net/Articles/749513/ ∗∗∗ Bugtraq: Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541861 ∗∗∗ DFN-CERT-2018-0513: HP-UX CIFS Server (Samba), Apache Tomcat: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0513/ ∗∗∗ DFN-CERT-2018-0507: Monitorix: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0507/ ∗∗∗ [remote] MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44290/?rss ∗∗∗ [remote] SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44292/?rss ∗∗∗ IBM Security Bulletin: IBM® Db2® vulnerability allows local user to overwrite Db2 files (CVE-2018-1448) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014388 ∗∗∗ IBM Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2017-12613) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013598 ∗∗∗ IBM Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22011981 ∗∗∗ IBM Security Bulletin: Mulitiple security vulnerabilities in Apache CXF affects IBM InfoSphere Master Data Management (CVE-2016-6812 CVE-2016-8739 CVE-2017-5653 CVE-2017-5656 CVE-2017-3156) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22011984 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.03.2018
by Daily end-of-shift report 15 Mar '18

15 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-03-2018 18:00 − Donnerstag 15-03-2018 18:00 Handler: Nina Bieringer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ PSA: Beware of Windows PowerShell Credential Request Prompts ∗∗∗ --------------------------------------------- A new PowerShell script was posted on Github recently that prompts a victim to enter their login credentials, checks if they are correct, and then sends the credentials to a remote server. This allows an attacker to distribute the script and harvest domain login credentials from their victims. --------------------------------------------- https://www.bleepingcomputer.com/news/security/psa-beware-of-windows-powers… ∗∗∗ Webmailer: Squirrelmail-Sicherheitslücke bleibt vorerst offen ∗∗∗ --------------------------------------------- Bei der Untersuchung einer Security-Appliance von Check Point haben Sicherheitsforscher eine Lücke im Webmail-Tool Squirrelmail gefunden, mit der sich unberechtigt Dateien des Servers auslesen lassen. Einen offiziellen Fix gibt es bislang nicht, Golem.de stellt aber einen vorläufigen Patch bereit. --------------------------------------------- https://www.golem.de/news/webmailer-squirrelmail-sicherheitsluecke-bleibt-v… ∗∗∗ VPN tests reveal privacy-leaking bugs ∗∗∗ --------------------------------------------- Hotspot Shield patched; Zenmate and VPN Shield havent ... yet? A virtual private network recommendation site decided to call in the white hats and test three products for bugs, and the news wasnt good. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/03/15/vpn_tests_r… ∗∗∗ TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors ∗∗∗ --------------------------------------------- [...] This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA18-074A ∗∗∗ Rechnungen im Doc-Format sind Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden E-Mails, mit denen Sie Empfänger/innen dazu auffordern, eine Rechnung zu öffnen: „bitte Anhang beachten. Danke. Noch einen schönen Resttag“. Die Rechnung steht auf einer fremden Website zum Download bereit. Nutzer/innen, die die angebliche Zahlungsaufforderung öffnen, installieren Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/rechnungen-im-doc-format-sind-schads… ===================== = Vulnerabilities = ===================== ∗∗∗ Arbitrary Shortcode Execution & Local File Inclusion in WOOF (PluginUs.Net) ∗∗∗ --------------------------------------------- Multiple vulnerabilies have been identified in WooCommerce Products Filter version 1.1.9. An unauthenticated user can perform a local file inclusion and execute arbitrary wordpress shortcode. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/arbitrary-shortcode-executio… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (samba), CentOS (389-ds-base, kernel, libreoffice, mailman, and qemu-kvm), Debian (curl, libvirt, and mbedtls), Fedora (advancecomp, ceph, firefox, libldb, postgresql, python-django, and samba), Mageia (clamav, memcached, php, python-django, and zsh), openSUSE (adminer, firefox, java-1_7_0-openjdk, java-1_8_0-openjdk, and postgresql94), Oracle (kernel and libreoffice), Red Hat (erlang, firefox, flash-plugin, and java-1.7.1-ibm), Scientific Linux --------------------------------------------- https://lwn.net/Articles/749423/ ∗∗∗ IBM Security Bulletin: Potential spoofing attack in WebSphere Application Server (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012341 ∗∗∗ IBM Security Bulletin: IBM® Db2® performs unsafe deserialization in DB2 JDBC driver (CVE-2017-1677) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012896 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099764 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099763 ∗∗∗ IBM Security Bulletin: Vulnerability in HTTPD affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099762 ∗∗∗ IBM Security Bulletin: Under specific circumstances IBM® Db2® installation creates users with a weak password hashing algorithm (CVE-2017-1571). ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012948 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Campaign, IBM Contact Optimization ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014126 ∗∗∗ IBM Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the GSKit library (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013756 ∗∗∗ Linux kernel vulnerability CVE-2017-1000111 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44309215 ∗∗∗ Apache vulnerability CVE-2017-12613 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52319810 ∗∗∗ Apache Portable Runtime vulnerability CVE-2017-12613 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52319810 ∗∗∗ Linux kernel vulnerability CVE-2017-1000112 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K60250153 ∗∗∗ Linux kernel vulnerability CVE-2017-9074 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K61223103 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.03.2018
by Daily end-of-shift report 14 Mar '18

14 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-03-2018 18:00 − Mittwoch 14-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ BlackBerry powered by Android Security Bulletin - March 2018 ∗∗∗ --------------------------------------------- March 2018 Android Security Bulletin --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Websicherheit: Apple-Datei auf Webservern verrät Verzeichnisinhalte ∗∗∗ --------------------------------------------- Mittels Parser lassen sich aus .DS_Store-Dateien sensible Informationen auslesen. Das Projekt Internetwache.org hat sich die proprietäre Lösung von Apple genauer angeschaut - und Erstaunliches zutage gefördert. --------------------------------------------- https://www.golem.de/news/websicherheit-apple-datei-auf-webservern-verraet-… ∗∗∗ Spectre-Lücke: Intels Microcode-Updates für Linux und Windows ∗∗∗ --------------------------------------------- Endlich hat es Intel geschafft, die zum Stopfen der Spectre-V2-Lücke nötigen Updates für Core-i-Prozessoren seit 2011 (Sandy Bridge) zu veröffentlichen - vor allem für Linux-Distributionen. --------------------------------------------- https://www.heise.de/meldung/Spectre-Luecke-Intels-Microcode-Updates-fuer-L… ∗∗∗ Lets Encrypt stellt ab sofort Wildcard-Zertifikate aus ∗∗∗ --------------------------------------------- Die kostenlose Zertifizierungsstelle Lets Encrypt stellt ab sofort auch Zertifikate ohne explizit benannte Subdomains aus. Durch solche Wildcards können Admins mit weniger unterschiedlichen Zertifikaten HTTPS aktivieren. --------------------------------------------- https://www.heise.de/meldung/Let-s-Encrypt-stellt-ab-sofort-Wildcard-Zertif… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-05), Adobe Connect (APSB18-06) and Adobe Dreamweaver CC (APSB18-07). Adobe recommends users update their product .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1535 ∗∗∗ Microsoft - March 2018 Security Updates ∗∗∗ --------------------------------------------- The March security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and .. --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail… ∗∗∗ Mozilla Foundation Security Advisory 2018-06 ∗∗∗ --------------------------------------------- Security vulnerabilities fixed in Firefox 59 --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ ∗∗∗ Mozilla Foundation Security Advisory 2018-07 ∗∗∗ --------------------------------------------- Security vulnerabilities fixed in Firefox ESR 52.7 --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (calibre, dovecot, and postgresql), CentOS (dhcp and mailman), Fedora (freetype, kernel, leptonica, mariadb, mingw-leptonica, net-snmp, .. --------------------------------------------- https://lwn.net/Articles/749288/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.03.2018
by Daily end-of-shift report 13 Mar '18

13 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 12-03-2018 18:00 − Dienstag 13-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Phishing bei Amazon Prime-Kunden ∗∗∗ --------------------------------------------- Kriminelle versenden betrügerische Amazon Prime-Schreiben an Unternehmen. Darin behaupten sie, dass diese ihre Mitgliedschaft nicht bezahlen konnten. Aus diesem Grund sollen Verkäufer/innen auf einer Website ihre Zahlungsdaten aktualisieren. In Wahrheit müssen Empfänger/innen keine Reaktion zeigen und können die Nachricht löschen, denn es handelt sich um eine Phishingmail. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-bei-amazon-prime-kunden/ ===================== = Vulnerabilities = ===================== ∗∗∗ [20180301] - Core - SQLi vulnerability User Notes ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 3.5.0 through 3.8.5 Exploit type: SQLi Reported Date: 2018-March-08 Fixed Date: 2018-March-12 CVE Number: CVE-2018-8045 --------------------------------------------- https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnera… ∗∗∗ TYPO3 8.7.11 and 7.6.25 released ∗∗∗ --------------------------------------------- The TYPO3 Community announces the versions 8.7.11 LTS and 7.6.25 LTS of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes only. --------------------------------------------- https://typo3.org/news/article/typo3-8711-and-7625-released ∗∗∗ Achtung Admins: Netzwerküberwachung PRTG speichert Passwörter unverschlüsselt ∗∗∗ --------------------------------------------- Wer die Netzwerküberwachung PRTG von Paessler nutzt, muss jetzt handeln, ansonsten könnten Angreifer Passwörter auslesen. --------------------------------------------- https://heise.de/-3992126 ∗∗∗ Sicherheitsforscher beschreiben 12 Lücken in AMD-Prozessoren ∗∗∗ --------------------------------------------- Die Firma CTS-Labs meldet 12 Sicherheitslücken, die aktuelle AMD-Prozessoren wie Ryzen, Ryzen Pro und Epyc betreffen beziehungsweise deren integrierte AMD Secure Processors (PSP). --------------------------------------------- https://heise.de/-3993807 ∗∗∗ rt-sa-2017-012 ∗∗∗ --------------------------------------------- Shopware Cart Accessible by Third-Party Websites --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2017-012.txt ∗∗∗ SAP Security Patch Day - March 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. --------------------------------------------- https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/ ∗∗∗ Kritische Sicherheitslücke in Samba4 - Patches verfügbar ∗∗∗ --------------------------------------------- Kritische Sicherheitslücke in Samba4 - Patches verfügbar 13. März 2018 Beschreibung Wie das Samba-Projekt bekanntgegeben hat, gibt es 2 Sicherheitsprobleme in allen aktuellen Samba-Versionen, eine davon stufen wir als kritisch ein. CVE-Nummern: CVE-2018-1057 CVE-2018-1050 Auswirkungen Durch Ausnutzen von CVE-2018-1057 kann ein angemeldeter Benutzer auf einem Samba Domain Controller die Passwörter beliebiger Benutzerkonten ändern. Dies inkludiert Dienst-Accounts von --------------------------------------------- http://www.cert.at/warnings/all/20180313.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (samba), Fedora (tor), openSUSE (glibc, mysql-connector-java, and shadow), Oracle (dhcp), Red Hat (bind, chromium-browser, and dhcp), Scientific Linux (dhcp), and SUSE (java-1_7_0-openjdk, java-1_8_0-ibm, and java-1_8_0-openjdk). --------------------------------------------- https://lwn.net/Articles/749177/ ∗∗∗ BSRT-2018-001 Vulnerability in UEM Management Console impacts UEM ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2018 CPU that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013951 ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2017-3145 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022495 ∗∗∗ IBM Security Bulletin: Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2018-1388) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014196 ∗∗∗ IBM Security Bulletin: Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022490 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.03.2018
by Daily end-of-shift report 12 Mar '18

12 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-03-2018 18:00 − Montag 12-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Qwerty Ransomware Utilizes GnuPG to Encrypt a Victims Files ∗∗∗ --------------------------------------------- A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption program to encrypt a victims files. Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted files name. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qwerty-ransomware-utilizes-g… ∗∗∗ Coinminer Campaigns Target Redis, Apache Solr, and Windows Servers ∗∗∗ --------------------------------------------- Windows Server, Apache Solr, and Redis servers have been targeted this week by cyber-criminals looking to take over unpatched machines and install malware that mines cryptocurrency (known as a coinminer). --------------------------------------------- https://www.bleepingcomputer.com/news/security/coinminer-campaigns-target-r… ∗∗∗ SmartCam: Kritische Sicherheitslücken in Cloud-Anbindung von Samsung-IP-Kameras ∗∗∗ --------------------------------------------- Lücken in der IP-Kamera SNH-V6410PN/PNW ermöglichen es, das Linux darauf zu kapern. Da die Sicherheitslücke in der Cloud-Anbindung liegt, sind wahrscheinlich weitere SmartCam-Modelle betroffen. Der Cloud-Dienst verwaltet die Kameras per Jabber-Server. --------------------------------------------- https://www.heise.de/security/meldung/SmartCam-Kritische-Sicherheitsluecken… ∗∗∗ TLS 1.3 and Proxies ∗∗∗ --------------------------------------------- I'll generally ignore the internet froth in a given week as much as possible, but when Her Majesty's Government starts repeating misunderstandings about TLS 1.3 it is necessary to write something, if only to have a pointer ready for when people start citing it as evidence. --------------------------------------------- http://www.imperialviolet.org/2018/03/10/tls13.html ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Critical Vulnerabilities in SecurEnvoy SecurMail ∗∗∗ --------------------------------------------- Several vulnerabilities in the SecurEnvoy SecurMail encrypted mail transfer solution allow an attacker to read other users' encrypted e-mails and overwrite or delete e-mails stored in other users' inboxes. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (389-ds-base, dhcp, kernel, libreoffice, php, quagga, and ruby), Debian (ming, util-linux, vips, and zsh), Fedora (community-mysql, php, ruby, and transmission), Gentoo (newsbeuter), Mageia (libraw and mbedtls), openSUSE (php7 and python-Django), Red Hat (MRG Realtime 2.5), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/749087/ ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1444) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014392 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects MegaRAID Storage Manager (CVE-2016-7055) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099769 ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in OpenSSL, IBM Java JRE and the microcode shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009613 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013943 ∗∗∗ IBM Security Bulletin: Vulnerability in WebSphere Application Server affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2017-1681) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013339 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2018 CPU ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013818 ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM HTTP Server Response Time module is affected by JavaScript injection vulnerability. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013557 ∗∗∗ IBM Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity Center) is affected by OpenSSL vulnerabilities (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011110 ∗∗∗ IBM Security Bulletin: SetGID and SetUID programs in IBM Workload Scheduler can be exploited to obtain privilege escalation (CVE-2018-1386) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012171 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.03.2018
by Daily end-of-shift report 09 Mar '18

09 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 08-03-2018 18:00 − Freitag 09-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ LLVM 6.0: Clang bekommt Maßnahme gegen Spectre-Angriff ∗∗∗ --------------------------------------------- Die neue Version der LLVM-Compiler wie Clang bringt mit Retpolines eine wichtige Maßnahme gegen Angriffe über Spectre. Davon profitieren auch künftige Windows-Versionen von Google Chrome. Optimierungen gibt es außerdem bei der Diagnose von Quelltexten. --------------------------------------------- https://www.golem.de/news/llvm-6-0-clang-bekommt-massnahme-gegen-spectre-an… ∗∗∗ Avast: CCleaner-Infektion enthielt Keylogger-Funktion ∗∗∗ --------------------------------------------- Die im vergangenen Jahr mit CCleaner verteilte Malware sollte Unternehmen wohl auch per Keylogger ausspionieren. Avast hat im eigenen Netzwerk die Shadowpad-Malware gefunden, geht aber davon aus, dass diese bei Kunden nicht installiert wurde. --------------------------------------------- https://www.golem.de/news/avast-ccleaner-infektion-enthielt-keylogger-funkt… ∗∗∗ Look-Alike Domains and Visual Confusion ∗∗∗ --------------------------------------------- How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well .. --------------------------------------------- https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/ ∗∗∗ Researchers Demonstrate Ransomware Attack on Robots ∗∗∗ --------------------------------------------- IOActive security researchers today revealed a ransomware attack on robots, demonstrating not only that such assaults are possible, but also their potential financial impact. read more --------------------------------------------- https://www.securityweek.com/researchers-demonstrate-ransomware-attack-robo… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module ∗∗∗ --------------------------------------------- This advisory includes mitigations for missing authentication for critical function, and inadequate encryption strength vulnerabilities in Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet module. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01 ∗∗∗ Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension ∗∗∗ --------------------------------------------- This advisory includes mitigation details for a missing authentication for critical function vulnerability in the Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-067-02 ∗∗∗ Security Advisory - Information Disclosure Vulnerability on Honor Smart Scale Application ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in eNSP Software ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-… ∗∗∗ IBM Security Bulletin: IBM Notes Privilege Escalation in IBM Notes System Diagnostics service (CVE-2018-1437) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014201 ∗∗∗ IBM Security Bulletin: IBM Notes Remote Code Execution Vulnerability (CVE-2018-1435) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014198 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.03.2018
by Daily end-of-shift report 08 Mar '18

08 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-03-2018 18:00 − Donnerstag 08-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Microsoft Stops Malware Campaign That Tried to Infect 400,000 Users in 12 Hours ∗∗∗ --------------------------------------------- Microsoft revealed today that Windows Defender stopped a massive malware distribution campaign that attempted to infect over 400,000 users with a cryptocurrency miner during a 12-hour period on March 6, 2018. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-stops-malware-camp… ∗∗∗ Memcached Amplification: Neue Hacker-Tools verursachen Rekord-DDoS-Angriffe ∗∗∗ --------------------------------------------- DDoS-Angriffe per Memcached Amplification sind erst seit etwa einer Woche bekannt, nun existieren einfach zu bedienende Werkzeuge für solche Attacken. Unter anderem wurde auf diese Art GitHub mit einem Rekord-Angriff aus dem Internet geschwemmt. --------------------------------------------- https://www.heise.de/security/meldung/Memcached-Amplification-Neue-Hacker-T… ∗∗∗ Distrust of the Symantec PKI: Immediate action needed by site operators ∗∗∗ --------------------------------------------- We previously announced plans to deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL). This post outlines how site operators can determine if they’re affected by this .. --------------------------------------------- https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/07/Cisco-Releases-Sec… ∗∗∗ DFN-CERT-2018-0455/">Red Hat JBoss Web Server: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0455/ ∗∗∗ rt-sa-2018-001 ∗∗∗ --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2018-001.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.03.2018
by Daily end-of-shift report 07 Mar '18

07 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-03-2018 18:00 − Mittwoch 07-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Encryption 101: How to break encryption ∗∗∗ --------------------------------------------- Continuing on in our Encryption 101 series, where we gave a malware analyst’s primer on encryption and demonstrated encryption techniques using ShiOne ransomware, we now look at what it takes to break an encryption. In order for something as powerful as encryption to break, there needs to be some kind of secret flaw. That flaw is often a result of an error in implementation. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to… ===================== = Vulnerabilities = ===================== ∗∗∗ Google Releases Security Update for Chrome ∗∗∗ --------------------------------------------- Google has released Chrome version 65.0.3325.146 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to obtain access to sensitive information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/06/Google-Releases-Se… ∗∗∗ DFN-CERT-2018-0444/">Citrix NetScaler Application Delivery Controller, Citrix NetScaler Gateway: Mehrere Schwachstellen ermöglichen u.a. die Übernahme des Systems ∗∗∗ --------------------------------------------- Eine Schwachstelle in Citrix VPX ermöglicht einem entfernten, einfach authentisierten Angreifer die Ausführung beliebigen Programmcodes und damit letztlich die Übernahme des Systems. Weitere Schwachstellen ermöglichen einem entfernten, vermutlich nicht authentisierten Angreifer das Ausspähen beliebiger Dateien, die Eskalation von Privilegien sowie einen Cross-Site-Scripting (XSS)-Angriff. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0444/ ∗∗∗ FortiWebs cookie tampering protection can be bypassed by erasing the FortiWeb session cookie ∗∗∗ --------------------------------------------- FortiWeb 5.6.0 introduced a feature called "Signed Security Mode", which, when enabled, would prevent an attacker from tampering with "regular" cookies set by the web-sites protected by FortiWeb; in effect, access to the protected web-site can be blocked when cookie tampering is detected (depending on the "Action" selected by the FortiWeb admin).This protection can however be made inoperant if the attacker removes FortiWebs own session cookie. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-279 ∗∗∗ RSA Archer eGRC Bugs Let Remote Users Redirect Users to an Arbitrary Site and Let Remote Authenticated Users Obtain Username Information ∗∗∗ --------------------------------------------- A remote authenticated user can exploit an access control flaw in an API to determine valid usernames on the target system [CVE-2018-1219]. A remote user can exploit a flaw in the QuickLinks feature to redirect the target user to an arbitrary site [CVE-2018-1220]. --------------------------------------------- http://www.securitytracker.com/id/1040457 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (python-django and python2-django), Debian (leptonlib), Fedora (bugzilla, cryptopp, electrum, firefox, freexl, glibc, jhead, libcdio, libsamplerate, libXcursor, libXfont, libXfont2, mingw-wavpack, nx-libs, php, python-crypto, quagga, sharutils, unzip, x2goserver, and xen), Gentoo (exim), openSUSE (cups, go1.8, ImageMagick, jgraphx, leptonica, openexr, tor, and wavpack), Red Hat (389-ds-base, java-1.7.1-ibm, kernel, kernel-rt, libreoffice, and --------------------------------------------- https://lwn.net/Articles/748741/ ∗∗∗ Hirschmann Automation and Control GmbH Classic Platform Switches ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01 ∗∗∗ Schneider Electric SoMove Software and DTM Software Components ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-02 ∗∗∗ Eaton ELCSoft ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-03 ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ Security Advisory - Permission Control Vulnerability in Huawei Video Application ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Admin Console (CVE-2017-1741) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012342 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014257 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.03.2018
by Daily end-of-shift report 06 Mar '18

06 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 05-03-2018 18:00 − Dienstag 06-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ E-Mail-Clients für Android: Kennwörter werden an Entwickler der App übermittelt ∗∗∗ --------------------------------------------- Der E-Mail-Client sollte mit Bedacht gewählt werden. Zwei Apps für Android übermitteln die Kennwörter an den Anbieter der App. Der Entdecker des Sicherheitsrisikos rät zur Deinstallation der Apps und zur Zurücksetzung des E-Mail-Kennworts. --------------------------------------------- https://www.golem.de/news/e-mail-clients-fuer-android-kennwoerter-werden-im… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0432/">NetIQ Identiy Manager: Eine Schwachstelle ermöglicht das Ausspähen von Passwörtern ∗∗∗ --------------------------------------------- Ein vermutlich lokaler, einfach authentisierter Angreifer kann Passwörter ausspähen, welche unter Umständen in Logdateien gespeichert werden. NetIQ stellt den NetIQ Identiy Manager in der Version 4.6 zur Behebung der Schwachstelle bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0432/ ∗∗∗ DFN-CERT-2018-0431/">GitLab: Mehrere Schwachstellen ermöglichen u.a. einen kompletten Denial-of-Service (DoS)-Angriff ∗∗∗ --------------------------------------------- Zwei Schwachstellen betreffen GitLab Enterprise und ermöglichen einem vermutlich entfernten und einfach authentisierten Angreifer das Bewirken kompletter Denial-of-Service (DoS)-Zustände. Weitere Schwachstellen ermöglichen dem Angreifer das Umgehen von Sicherheitsvorkehrungen, das Ausspähen von Informationen und Darstellen falscher Informationen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0431/ ∗∗∗ Android: März-Update schließt Fülle an kritischen Lücken ∗∗∗ --------------------------------------------- Den ersten Montag des Monats nutzt Google üblicherweise, um Sicherheitslücken in Android zu bereinigen. Und so gibt es auch jetzt wieder ein neues Update, das sich vor allem der Bereinigung solcher Probleme bereinigt. --------------------------------------------- http://derstandard.at/2000075574454 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dhclient and dhcp), Debian (tomcat7 and xen), Fedora (dhcp), Mageia (glibc and xerces-c), SUSE (xen), and Ubuntu (irssi, memcached, postgresql-9.3, postgresql-9.5, postgresql-9.6, and twisted). --------------------------------------------- https://lwn.net/Articles/748625/ ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Stored Cross-Site Scripting - Product Attributes ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541839 ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Stored Cross-Site Scripting - Downloadable Products ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541838 ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541840 ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541837 ∗∗∗ IBM Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a Security Assertion Markup Language (SAML)-based single sign-on (SSO) systems vulnerability (CVE-2018-1443 ) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014161 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a Security Assertion Markup Language (SAML)-based single sign-on (SSO) systems vulnerability (CVE-2018-1443) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014160 ∗∗∗ IBM Security Bulletin: IBM Security Guardium has released patch in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013322 ∗∗∗ IBM Security Bulletin: Response Time Monitoring Agent is affected by a NoSQL Injection vulnerability ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013500 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2017-14746, CVE-2017-15275) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1012067 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects Rational Asset Analyzer ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013972 ∗∗∗ IBM Security Bulletin: Monitoring Agent for WebSphere Applications is affected by a potential for sensitive personal information to be visible when you use the diagnostics or transaction tracking capability of the agent ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014035 ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a vulnerability in WAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013974 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014235 ∗∗∗ IBM Security Bulletin: IBM’s Pulse App for QRadar is vulnerable to sensitive information exposure. (CVE-2017-1625) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014284 ∗∗∗ Apache Tomcat 6.x vulnerability CVE-2016-0706 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18174924 ∗∗∗ Apache Tomcat 6.x vulnerabilities CVE-2016-0714 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K58084500 ∗∗∗ Apache Tomcat 6.x vulnerability CVE-2015-5345 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K34341852 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.03.2018
by Daily end-of-shift report 05 Mar '18

05 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-03-2018 18:00 − Montag 05-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Spring break! Critical vuln in Pivotal frameworks Data parts plugged ∗∗∗ --------------------------------------------- Similar to Apache Struts flaw that stuffed Equifax Pivotals Spring Data REST project has a serious security hole that needs patching. --------------------------------------------- www.theregister.co.uk/2018/03/05/rest_vuln/ ∗∗∗ Bei 40 günstigen Android-Smartphones ist ein Trojaner ab Werk inklusive ∗∗∗ --------------------------------------------- Sicherheitsforscher listen über 40 Android-Smartphones auf, die einen von Angreifern modifizierbaren Trojaner an Bord haben. Dieser soll sich nicht ohne Weiteres entfernen lassen. --------------------------------------------- https://www.heise.de/meldung/Bei-40-guenstigen-Android-Smartphones-ist-ein-… ∗∗∗ Powerful New DDoS Method Adds Extortion ∗∗∗ --------------------------------------------- Attackers have seized on a relatively new method for executing distributed denial-of-service (DDoS) attacks of unprecedented disruptive power, using it to launch record-breaking DDoS assaults over the past week. Now evidence .. --------------------------------------------- https://krebsonsecurity.com/2018/03/powerful-new-ddos-method-adds-extortion/ ∗∗∗ Gefälschte Klarna-Rechnung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden eine Rechnung mit dem Betreff „Automatische Konto-Lastschrift von Klarna Bank konnte nicht durchgeführt werden“. Sie fordern die Empfänger/innen der Nachricht dazu auf, dass sie weiterführende Informationen zur offenen Forderung einer ZIP-Datei entnehmen. Sie verbirgt Schadsoftware. Aus diesem Grund dürfen Adressat/innen die angebliche Rechnung nicht öffnen. --------------------------------------------- https://www.watchlist-internet.at//themen/e-mail/ ∗∗∗ LTE: Massive Lücke erlaubt SMS- und Standort-Spionage ∗∗∗ --------------------------------------------- Angreifer könnten auch gefälschte Katastrophenwarnungen an großen Zahl von Nutzern gleichzeitig verschicken --------------------------------------------- http://derstandard.at/2000075435289 ∗∗∗ 700 Gbit/s: Bislang größte DDoS-Attacke auf Österreich gemessen ∗∗∗ --------------------------------------------- Galt "internationalem Service-Provider" – Zeitgleich zu Angriff auf Github und andere Seiten --------------------------------------------- http://derstandard.at/2000075492832 ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2018-001 ∗∗∗ IBM Security Bulletin: IBM MessageSight V1.2 has released 1.2.0.3-IBM-IMA-IFIT24219 in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027210 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.03.2018
by Daily end-of-shift report 02 Mar '18

02 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 01-03-2018 18:00 − Freitag 02-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Banking Trojan Found in Over 40 Models of Low-Cost Android Smartphones ∗∗∗ --------------------------------------------- Over 40 models of low-cost Android smartphones are sold already infected with the Triada banking trojan, says Dr.Web, a Russia-based antivirus vendor. --------------------------------------------- https://www.bleepingcomputer.com/news/security/banking-trojan-found-in-over… ∗∗∗ Chromes WebUSB Feature Leaves Some Yubikeys Vulnerable to Attack ∗∗∗ --------------------------------------------- While still the best protection against phishing attacks, some Yubikey models are vulnerable after a recent update to Google Chrome. --------------------------------------------- https://www.wired.com/story/chrome-yubikey-phishing-webusb ∗∗∗ Spectre-Lücke: Microcode-Updates nun doch als Windows Update ∗∗∗ --------------------------------------------- So wie einige Linux-Distributionen (re-)aktiviert Microsoft die Möglichkeit, Microcode-Updates mit IBC-Patches gegen Spectre als Update des Betriebssystems einzuspielen – vorerst nur für Core i-6000 (Skylake). --------------------------------------------- https://www.heise.de/meldung/Spectre-Luecke-Microcode-Updates-nun-doch-als-… ∗∗∗ Rekord-DDoS-Attacke mit 1,35 Terabit pro Sekunde gegen Github.com ∗∗∗ --------------------------------------------- Die Webseite von Github hat die bislang heftigste dokumentierte DDoS-Attacke überstanden. Die Angreifer setzten dabei auf einen erst kürzlich bekanntgewordenen Angriffsvektor. --------------------------------------------- https://www.heise.de/meldung/Rekord-DDoS-Attacke-mit-1-35-Terabit-pro-Sekun… ∗∗∗ Financial Cyber Threat Sharing Group Phished ∗∗∗ --------------------------------------------- The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members. The fallout from the back-to-back phishing attacks appears to have been limited and contained, as many FS-ISAC members who received the phishing attack quickly detected [...] --------------------------------------------- https://krebsonsecurity.com/2018/03/financial-cyber-threat-sharing-group-ph… ∗∗∗ Warnung vor gefälschter Raiffeisen Bank-Kundeninformation ∗∗∗ --------------------------------------------- Datendiebe versenden eine gefälschte Raiffeisen Bank-Kundeninformation. Darin fordern sie Empfänger/innen dazu auf, dass sie eine angebliche Sicherheits-App für die weitere Nutzung ihres ELBA Internet-Kontos installieren. Die Anwendung ist Schadsoftware. Sie ermöglicht es den Kriminellen, auf das Konto ihrer Opfer zuzugreifen und Geld zu stehlen. --------------------------------------------- http://www.watchlist-internet.at/index.php?id=6&tx_news_pi1[overwriteDemand… ∗∗∗ Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image ∗∗∗ --------------------------------------------- OverviewTalos is disclosing several vulnerabilities identified in Simple DirectMedia Layers SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. It is used by video playback software, emulators, and popular games including Valves award winning catalog and many Humble Bundle games. SDL officially supports Windows, --------------------------------------------- http://blog.talosintelligence.com/2018/03/vulnerability-spotlight-simple.ht… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIMATIC, SIMOTION, and SINUMERIK ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow and permissions, privileges, and access controls vulnerabilities in the Siemens SIMATIC, SIMOTION, and SINUMERIK Industrial PCs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-01 ∗∗∗ Moxa OnCell G3100-HSPA Series ∗∗∗ --------------------------------------------- This advisory contains mitigation details for reliance on cookies without validation and integrity checking, improper handling of length parameter inconsistency, and NULL pointer dereference vulnerabilities in the Moxa OnCell G3100-HSPA Series IP gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02 ∗∗∗ Delta Electronics Delta Industrial Automation DOPSoft ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a stack-based buffer overflow vulnerability in the Delta Electronics Delta Industrial Automation DOPSoft human machine interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-03 ∗∗∗ MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in Micro Focus Operations Orchestration. The vulnerability could be remotely exploited to allow Denial of Service (DoS). --------------------------------------------- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM0… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (freexl and simplesamlphp), Fedora (krb5, libvirt, php-phpmyadmin-motranslator, php-phpmyadmin-sql-parser, and phpMyAdmin), Mageia (krb5, leptonica, and libvirt), Slackware (dhcp and ntp), and Ubuntu (isc-dhcp). --------------------------------------------- https://lwn.net/Articles/748422/ ∗∗∗ Vuln: Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://www.securityfocus.com/bid/103201 ∗∗∗ DFN-CERT-2018-0399: PHP: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0399/ ∗∗∗ DFN-CERT-2018-0418: SimpleSAMLphp: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0418/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.03.2018
by Daily end-of-shift report 01 Mar '18

01 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 28-02-2018 18:00 − Donnerstag 01-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ DDoS-Reflection mit Memcached ∗∗∗ --------------------------------------------- Auf diesen Seiten war schon viel über DDoS zu lesen, insbesondere der Variante, bei der schlecht betriebene Services im Netz sich als Reflektoren/Verstärker missbrauchen lassen. Übliche Vektoren in den letzten Jahren waren DNS, NTP, SSDP, SNMP und auch LDAP. Jetzt ist hier was neues am Radar aufgetaucht: Memcached. --------------------------------------------- http://www.cert.at/services/blog/20180228181107-2150.html ∗∗∗ Trustico/Digicert: Chaos um 23.000 Zertifikate und private Schlüssel ∗∗∗ --------------------------------------------- Der Zertifikatsreseller Trustico bittet aus unklaren Gründen darum, dass 50.000 Zertifikate zurückgezogen werden. Zu knapp der Hälfte davon besaß Trustico offenbar die privaten Schlüssel - die ein Zertifikatshändler eigentlich nie haben sollte. --------------------------------------------- https://www.golem.de/news/trustico-digicert-chaos-um-23-000-zertifikate-und… ∗∗∗ Spectre-Attacken auch auf Sicherheitsfunktion Intel SGX möglich ∗∗∗ --------------------------------------------- Sicherheitsforscher zeigen zwei Szenarien auf, in denen sie Intels Software Guard Extensions (SGX) erfolgreich über die Spectre-Lücke angreifen. --------------------------------------------- https://heise.de/-3983848 ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0400/">ISC Bind Supported Preview Edition: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Die BIND Supported Preview Edition ist ein spezieller BIND Feature Preview Branch für ISC Support Kunden. Keine der allgemein veröffentlichten BIND Versionen ist von der jetzt behobenen Schwachstelle betroffen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0400/ ∗∗∗ DFN-CERT-2018-0401/">ISC DHCP: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann zwei Schwachstellen in ISC DHCP ausnutzen, um verschiedene Denial-of-Service (DoS)-Angriffe durchzuführen. Eine der Schwachstellen kann eventuell auch die Ausführung beliebigen Programmcodes ermöglichen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0401/ ∗∗∗ DFN-CERT-2018-0407/">Sophos UTM: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Verschiedene Schwachstellen in den Komponenten Exim und SSH Server von Sophos Unified Threat Management (UTM) ermöglichen unter anderem einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes und das Ausspähen von Informationen. Weitere Schwachstellen ermöglichen diese Angriffe auch einem lokalen einfach authentisierten Angreifer. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0407/ ∗∗∗ DFN-CERT-2018-0408/">NTP: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in NTP ermöglichen einem entfernten, zumeist nicht authentisierten Angreifer das Ausführen beliebigen Programmcodes, die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe, das Fälschen von Zeitinformationen und das Ausspähen von Informationen. (Note: Remote Code Execution betrifft nur das ntpq Tool) --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0408/ ∗∗∗ DFN-CERT-2018-0409/">PostgreSQL: Eine Schwachstelle ermöglicht die Eskalation von Privilegien ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentifizierter Angreifer kann eine Schwachstelle in PostgreSQL ausnutzen, um die beabsichtigten Funktionen von PostgreSQL zu ändern. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0409/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (xmltooling), Fedora (mbedtls), openSUSE (freexl), Oracle (quagga and ruby), Red Hat (.NET Core, quagga, and ruby), Scientific Linux (quagga and ruby), SUSE (glibc), and Ubuntu (libreoffice). --------------------------------------------- https://lwn.net/Articles/748350/ ∗∗∗ IBM Security Bulletin: IBM Cloud Private has released a patch in response to the vulnerabilities known as Spectre and Meltdown(CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027210 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in XMLsoft Libxml2 and OpenSSL affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013398 ∗∗∗ IBM Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza SQL Extensions ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013399 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by an Information disclosure in WebSphere Application Server (CVE-2017-1681) vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014125 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by an Open Source Apache Poi vulnerability (CVE-2017-5644) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014107 ∗∗∗ Authentication Bypass Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX232199 ∗∗∗ TMM vulnerability CVE-2018-5500 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33211839 ∗∗∗ DNS TCP virtual server vulnerability CVE-2018-5501 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44200194 ∗∗∗ BIG-IP TMM vulnerability CVE-2017-6150 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62712037 ∗∗∗ BIG-IP ASM data processing vulnerability CVE-2017-6154 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K38243073 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.02.2018
by Daily end-of-shift report 28 Feb '18

28 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 27-02-2018 18:00 − Mittwoch 28-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Free Decrypter Available for GandCrab Ransomware Victims ∗∗∗ --------------------------------------------- Bitdefender has released a free decrypter that helps victims of GandCrab ransomware infections recover files without paying the ransom. --------------------------------------------- https://www.bleepingcomputer.com/news/security/free-decrypter-available-for… ∗∗∗ Dissecting Hancitor’s Latest 2018 Packer ∗∗∗ --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/02/unit42-dissecting-hanci… ∗∗∗ Sicherheits-Netzbetriebssystem: Fortinet präsentiert FortiOS 6.0 ∗∗∗ --------------------------------------------- Auf seiner Hausveranstaltung Accelerate 18 hat Fortinet Version 6.0 seines Security-Network-Betriebssystems FortiOS vorgestellt. Das Update umfasst über 200 Aktualisierungen. --------------------------------------------- https://www.heise.de/meldung/Sicherheits-Netzbetriebssystem-Fortinet-praese… ∗∗∗ Electra: Erster umfassender Jailbreak für iOS 11 erschienen ∗∗∗ --------------------------------------------- Ein neuer Jailbreak soll erstmals den alternativen App Store Cydia auf iOS 11 bringen. Dafür wird der Exploit eines Google-Sicherheitsforschers eingesetzt, der allerdings nur in älteren Versionen des Betriebssystems funktioniert. --------------------------------------------- https://www.heise.de/meldung/Electra-Erster-umfassender-Jailbreak-fuer-iOS-… ∗∗∗ Who Wasn’t Responsible for Olympic Destroyer? ∗∗∗ --------------------------------------------- This blog post is authored by Paul Rascagneres and Martin Lee.SummaryAbsent contributions from traditional intelligence capacities, the available evidence linking the Olympic Destroyer malware to a specific threat actor group is contradictory, and does not allow for unambiguous attribution. The threat actor responsible for the attack has purposefully included .. --------------------------------------------- http://feedproxy.google.com/~r/feedburner/Talos/~3/VvKIOSM9n5Y/who-wasnt-re… ∗∗∗ First true native IPv6 DDoS attack spotted in wild ∗∗∗ --------------------------------------------- https://www.scmagazineuk.com/news/first-true-native-ipv6-ddos-attack-spotte… ===================== = Vulnerabilities = ===================== ∗∗∗ Emerson ControlWave Micro Process Automation Controller ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in the Emerson ControlWave Micro Process Automation Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-03 ∗∗∗ Delta Electronics WPLSoft ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow, heap-based buffer overflow, out-of-bounds write vulnerabilities in the Delta Electronics WPLSoft PLC programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 ∗∗∗ Medtronic 2090 Carelink Programmer Vulnerabilities ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for vulnerabilities in Medtronic’s 2090 CareLink Programmer and its accompanying software deployment network. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01 ∗∗∗ Philips Intellispace Portal ISP Vulnerabilities ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for vulnerabilities in the Philips’ IntelliSpace Portal (ISP), an advanced visualization and image analysis system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 ∗∗∗ Siemens SIMATIC Industrial PCs ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013543 ∗∗∗ IBM Security Bulletin: A vulnerability in Struts affects IBM InfoSphere Metadata Workbench ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013436 ∗∗∗ Insecure Direct Object Reference in TestLink Open Source Test Management ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/insecure-direct-object-refer… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.02.2018
by Daily end-of-shift report 27 Feb '18

27 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Montag 26-02-2018 18:00 − Dienstag 27-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ SAML Vulnerability Lets Attackers Log in as Other Users ∗∗∗ --------------------------------------------- Security researchers from Duo Labs and the US Computer Emergency Response Team (US-CERT) will release security advisories today detailing a new SAML vulnerability that allows malicious attackers to authenticate as legitimate users without knowledge of the victims password. --------------------------------------------- https://www.bleepingcomputer.com/news/security/saml-vulnerability-lets-atta… ∗∗∗ New Guide on How to Clean a Hacked Website ∗∗∗ --------------------------------------------- Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research website vulnerabilities and who are eager to share with you some tips on how to clean your hacked website. We are happy to help the community learn the steps they can follow to get rid of a website hack. You can find all our guides to website security in a section of our website dedicated to providing concise and comprehensive tips on different areas of --------------------------------------------- https://blog.sucuri.net/2018/02/new-guide-clean-hacked-website.html ∗∗∗ Memcached Amplification Attack: Neuer DDoS-Angriffsvektor aufgetaucht ∗∗∗ --------------------------------------------- Öffentlich erreichbare Memcached-Installationen werden von Angreifern für mächtige DDoS-Attacken missbraucht. Die Besitzer dieser Server wissen oft nicht, dass sie dabei helfen, Webseiten aus dem Internet zu spülen. --------------------------------------------- https://www.heise.de/security/meldung/Memcached-Amplification-Attack-Neuer-… ===================== = Vulnerabilities = ===================== ∗∗∗ OS command injection, arbitrary file upload & SQL injection in ClipBucket ∗∗∗ --------------------------------------------- Critical security issues such as OS command injection or arbitrary file upload allow an attacker to fully compromise the web server which has the video and media management solution “ClipBucket” installed. Potentially sensitive data might get exposed through this attack. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitra… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (exim, irssi, php-phpmyadmin-motranslator, php-phpmyadmin-sql-parser, phpMyAdmin, and seamonkey), Mageia (cups, flatpak, golang, jhead, and qpdf), Oracle (gcab, java-1.7.0-openjdk, and kernel), Red Hat (gcab, java-1.7.0-openjdk, and java-1.8.0-ibm), Scientific Linux (gcab and java-1.7.0-openjdk), and Ubuntu (sensible-utils). --------------------------------------------- https://lwn.net/Articles/748179/ ∗∗∗ DFN-CERT-2018-0389: Jenkins-Plugins: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0389/ ∗∗∗ IBM Security Bulletin: Potential hard-coded password vulnerability affects Rational Publishing Engine ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013961 ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements (CVE-2017-1654) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010869 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by a Public disclosed vulnerability from Apache Struts vulnerability (CVE-2017-15707) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013305 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Open Source Apache Struts 2.5 Vulnerability (CVE-2017-7525 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012547 ∗∗∗ GNU C Library vulnerability CVE-2018-6551 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11274054 ∗∗∗ XSA-256 - x86 PVH guest without LAPIC may DoS the host ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-256.html ∗∗∗ XSA-255 - grant table v2 -> v1 transition may crash Xen ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-255.html ∗∗∗ XSA-252 - DoS via non-preemptable L3/L4 pagetable freeing ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-252.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.02.2018
by Daily end-of-shift report 26 Feb '18

26 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 23-02-2018 18:00 − Montag 26-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Incident Response: Social Engineering funktioniert als Angriffsvektor weiterhin ∗∗∗ --------------------------------------------- Was passiert, nachdem ein Unternehmen gehackt wurde - und welche Mechanismen werden dafür genutzt? Das Sicherheitsunternehmen F-Secure hat Zahlen des eigenen Incident-Response-Teams veröffentlicht und stellt fest: Besonders im Gaming-Sektor und bei Behörden gibt es gezielte Angriffe. --------------------------------------------- https://www.golem.de/news/incident-response-social-engineering-funktioniert… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0384/">Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Wireshark können von einem entfernten, nicht authentisierten Angreifer für verschiedene Denial-of-Service (DoS)-Angriffe ausgenutzt werden. Die Ausnutzung der Schwachstellen erfordert die Verarbeitung speziell präparierter Datenpakete oder Packet-Trace-Dateien. Der Hersteller stellt Wireshark 2.2.13 und 2.4.5 als Sicherheitsupdates zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0384/ ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- Security researchers disclosed two groups of CPU vulnerabilities "Meltdown" and "Spectre". In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel. ... Huawei has released software updates to fix these vulnerabilities. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180106-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-wavpack, phpmyadmin, unixodbc, and wavpack), Debian (drupal7, golang, imagemagick, libdatetime-timezone-perl, libvpx, and tzdata), Fedora (exim, irssi, kernel, milkytracker, qt5-qtwebengine, seamonkey, and suricata), Mageia (advancecomp, apache-commons-email, freetype2, ghostscript, glpi, jackson-databind, kernel, mariadb, and postgresql), openSUSE (dhcp, GraphicsMagick, lame, php5, phpMyAdmin, timidity, and wireshark), and Oracle (kernel). --------------------------------------------- https://lwn.net/Articles/748073/ ∗∗∗ Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers ∗∗∗ --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1416) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013706 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013753 ∗∗∗ IBM Security Bulletin:IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities (CVE-2016-1000220, CVE-2017-11479) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013921 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Inadequate Encryption Strength vulnerability (CVE-2018-1425) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013751 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Weak password policy vulnerability (CVE-2018-1372) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013832 ∗∗∗ IBM Security Bulletin: Daeja ViewONE Virtual is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013094 ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security is affected by a publicly disclosed vulnerability in BIND ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013558 ∗∗∗ IBM Security Bulletin: IBM Protector is affected by Open Source XMLsoft Libxml2 Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013890 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.02.2018
by Daily end-of-shift report 23 Feb '18

23 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 22-02-2018 18:00 − Freitag 23-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Botched npm Update Crashes Linux Systems, Forces Users to Reinstall ∗∗∗ --------------------------------------------- A bug in npm (Node Package Manager), the most widely used JavaScript package manager, will change ownership of crucial Linux system folders, such as /etc, /usr, /boot. --------------------------------------------- https://www.bleepingcomputer.com/news/linux/botched-npm-update-crashes-linu… ∗∗∗ Android P Will Block Background Apps from Accessing Phones Camera & Microphone ∗∗∗ --------------------------------------------- Android P, the next major version of the Android operating system, will block idle (background) applications from accessing a smartphones camera or microphone. --------------------------------------------- https://www.bleepingcomputer.com/news/mobile/android-p-will-block-backgroun… ∗∗∗ Pwned Passwords: Troy Hunt veröffentlicht eine halbe Milliarde Passworthashes ∗∗∗ --------------------------------------------- Bei HaveIBeenPwned können Nutzer aktuell rund eine halbe Milliarde Passwort-Hashes herunterladen. Damit könnten sie Dienste in die Lage versetzen, geleakte Passwörter abzulehnen. --------------------------------------------- https://www.golem.de/news/pwned-passwords-troy-hunt-veroeffentlicht-eine-ha… ∗∗∗ Mitm6 - Pwning IPv4 Via IPv6 ∗∗∗ --------------------------------------------- Mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server [...] --------------------------------------------- https://www.kitploit.com/2018/02/mitm6-pwning-ipv4-via-ipv6.html ∗∗∗ Versionsverwaltung: GitLab 10.5 integriert Verschlüsselung mit Lets Encrypt ∗∗∗ --------------------------------------------- Insgesamt 26 Neuerungen bringt die neue Version von GitLab mit. Spannend sind vor allem die Verschlüsselung mit Lets Encrypt, externe Daten in CI/CD-Pipelines, und der Einzug von Gemnasium in die Versionsverwaltung. --------------------------------------------- https://www.heise.de/developer/meldung/Versionsverwaltung-GitLab-10-5-integ… ∗∗∗ Name, Adresse, Geburtsdatum: ÖBB-App zeigte fremde Nutzerdaten an ∗∗∗ --------------------------------------------- Betroffene sahen sensible Daten anderer Nutzer. Ob auch Kreditkarteninformationen im Detail eingesehen werden konnten, ist noch nicht klar --------------------------------------------- http://derstandard.at/2000074884009 ∗∗∗ Report Highlights Challenges of Incident Response ∗∗∗ --------------------------------------------- False Positives Lead to a Surprising Number of Incident Response Investigations read more --------------------------------------------- https://www.securityweek.com/report-highlights-challenges-incident-response ===================== = Vulnerabilities = ===================== ∗∗∗ MFSBGN03798 rev.1 - Micro Focus UCMDB-Browser, Apache Struts Instance ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in Micro Focus Universal CMDB. The vulnerability could be remotely exploited to allow Arbitrary Code Execution. --------------------------------------------- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM0… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cups, gcc-6, irssi, kernel, and squid3), Fedora (mupdf), Mageia (irssi, mpv, qpdf, and quagga), openSUSE (libmad and postgresql95), SUSE (kernel and php5), and Ubuntu (kernel, linux-lts-trusty, linux-raspi2, and wavpack). --------------------------------------------- https://lwn.net/Articles/747911/ ∗∗∗ DFN-CERT-2018-0378: Apache Tomcat: Zwei Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0378/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.02.2018
by Daily end-of-shift report 22 Feb '18

22 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 21-02-2018 18:00 − Donnerstag 22-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Gefälschte BAWAG P.S.K.-Kundeninformation im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte BAWAG P.S.K.-Kundeninformation. Darin fordern sie die Empfänger/innen dazu auf, dass sie ihre Nutzerinformationen bei der Bank bestätigen. Das soll auf einer fremden Website geschehen. Konsument/innen, die der Aufforderung nachkommen, übermitteln Betrüger/innen ihre Daten. Die Kriminellen nützen diese, um Geld zu stehlen und Verbrechen unter fremden Namen zu begehen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-bawag-psk-kundeninformat… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0364/">Digium Asterisk, Digium Certified Asterisk: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Der Hersteller informiert über die Schwachstellen und stellt Asterisk Open Source 13.19.2, 14.7.6 und 15.2.2 sowie Certified Asterisk 13.18-cert3 als Sicherheitsupdates bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0364/ ∗∗∗ DFN-CERT-2018-0356/">Red Hat Satellite: Mehrere Schwachstellen ermöglichen u.a. die komplette Kompromittierung von Systemen ∗∗∗ --------------------------------------------- Eine Vielzahl von Schwachstellen in von Red Hat Satellite verwendeten Komponenten, insbesondere Foreman, ermöglichen auch einem entfernten und nicht authentisierten Angreifer das Ausspähen sensibler Informationen wie Passwörtern, einen Cross-Site-Scripting (XSS)-Angriff, Denial-of-Service (DoS)-Angriffe und möglicherweise die Ausführung beliebigen Programmcodes ... --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0356/ ∗∗∗ Sicherheitsupdates: Drupal-Webseiten können Inhalte leaken ∗∗∗ --------------------------------------------- Im CMS Drupal klaffen mehrere Sicherheitslücken. Davon gelten zwei als kritisch. Sicherheitsupdates für verschiene Versionsstränge stehen bereit. --------------------------------------------- https://www.heise.de/meldung/Sicherheitsupdates-Drupal-Webseiten-koennen-In… ∗∗∗ Trend Micro fixes serious vulnerabilities in Email Encryption Gateway ∗∗∗ --------------------------------------------- Trend Micro has plugged a bucketload of vulnerabilities in its Email Encryption Gateway, some of which can be combined to execute root commands from the perspective of a remote unauthenticated attacker. --------------------------------------------- https://www.helpnetsecurity.com/2018/02/22/email-encryption-gateway-vulnera… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (strongswan), Fedora (torbrowser-launcher), openSUSE (libdb-4_5, libdb-4_8, postgresql96, python3-openpyxl, and xv), Red Hat (rh-maven35-jackson-databind), and Ubuntu (kernel, libreoffice, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-azure, linux-gcp, linux-oem, and linux-lts-xenial, linux-aws). --------------------------------------------- https://lwn.net/Articles/747805/ ∗∗∗ IBM Security Bulletin: IBM b-type SAN Network/Storage switches is affected by a denial of service vulnerability, caused by a CPU consumption in the IPv6 stack (CVE-2017-6227). ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012115 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM API Connect (CVE-2017-3738, CVE-2017-3737) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013801 ∗∗∗ IBM Security Bulletin: API Connect is affected by weaker than expected cryptographic algorithm usage vulnerability (CVE-2018-1385) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013051 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by Information Exposure vulnerability (CVE-2017-1774 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013595 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Password in Clear Text vulnerability (CVE-2018-1377 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013596 ∗∗∗ IBM Security Bulletin: Security vulnerability in Apache Commons FileUpload used by Liberty for Java for IBM Cloud (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013713 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM API Connect (CVE-2017-7668, CVE-2017-7679) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012455 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.02.2018
by Daily end-of-shift report 21 Feb '18

21 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 20-02-2018 18:00 − Mittwoch 21-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ New Spectre/Meltdown Variants ∗∗∗ --------------------------------------------- Researchers have discovered new variants of Spectre and Meltdown. The software mitigations for Spectre and Meltdown seem to block these variants, although the eventual CPU fixes will have to be expanded to account for these new attacks. --------------------------------------------- https://www.schneier.com/blog/archives/2018/02/new_spectremelt.html ===================== = Vulnerabilities = ===================== ∗∗∗ ABB netCADOPS Web Application ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an information exposure vulnerability in the ABB netCADOPS Web Application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01 ∗∗∗ DFN-CERT-2018-0347/">phpMyAdmin: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentifizierter Angreifer kann eine Schwachstelle in phpMyAdmin ausnutzen, um einen Cross-Site-Scripting (XSS)-Angriff gegen sich selbst durchzuführen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0347/ ∗∗∗ Mozillas executable installers: FUBAR ∗∗∗ --------------------------------------------- #1) "Firefox Installer.exe" (digitally signed 2018-01-28) 58.0.1 is vulnerable to DLL hijacking #2) "setup-stub.exe" extracted and executed by "Firefox Installer.exe" is vulnerable to DLL hijacking #3) "Firefox Setup 52.6.0esr.exe" (digitally signed 2018-01-19) is vulnerable to DLL hijacking #4) "setup.exe" extracted and executed by "Firefox Setup 52.6.0esr.exe" is vulnerable to DLL hijacking --------------------------------------------- http://seclists.org/fulldisclosure/2018/Feb/58 ∗∗∗ Sicherheitsforscher empfiehlt, BitTorrent-Client uTorrent Web vorerst nicht zu nutzen ∗∗∗ --------------------------------------------- Zwei uTorrent-Clients sind verwundbar. Es gibt zwar Sicherheitspatches, doch offenbar wirken diese nur teilweise. --------------------------------------------- https://www.heise.de/meldung/Sicherheitsforscher-empfiehlt-BitTorrent-Clien… ∗∗∗ Coldroot: macOS-Trojaner offenbar seit zwei Jahren unentdeckt ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher hat eine Remote-Access-Malware für Apple-Rechner entdeckt, die seit mindestens 2016 kursieren soll. --------------------------------------------- https://www.heise.de/meldung/Coldroot-macOS-Trojaner-offenbar-seit-zwei-Jah… ∗∗∗ Internet of Babies – When baby monitors fail to be smart ∗∗∗ --------------------------------------------- Baby monitors serve an important purpose in securing and monitoring our loved ones. An estimated 52k user accounts and video baby monitors are affected by a number of critical security vulnerabilities in "miSafes" video monitor products. --------------------------------------------- https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-mo… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libmspack), Debian (zziplib), Fedora (ca-certificates, firefox, freetype, golang, krb5, libreoffice, monit, patch, plasma-workspace, ruby, sox, tomcat, and zziplib), openSUSE (dovecot22, glibc, GraphicsMagick, libXcursor, mbedtls, p7zip, SDL_image, SDL2_image, sox, and transfig), Red Hat (chromium-browser), and Ubuntu (cups, libvirt, and qemu). --------------------------------------------- https://lwn.net/Articles/747711/ ∗∗∗ Cisco Unity Connection Mail Relay Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco UCS Director and Cisco Integrated Management Controller Supervisor Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Service Catalog Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Tool User Provisioning Tab Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Tool Web Portal Repeated Bad Login Attempts Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Service Portal Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Data Center Analytics Framework Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/support/docview.wss?uid=swg22012965 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2018-1415) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013796 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection (CVE-2018-1414) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013797 ∗∗∗ IBM Security Bulletin: IBM b-type SAN switches and directors affected by XSS vulnerabilities CVE-2017-6225. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1012113 ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services has a potential input validation vulnerability (CVE-2018-1392) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013249 ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services has a potential Denial of Service (DOS) vulnerability (CVE-2018-1391) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013247 ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services and Corporate Payment Services has a potential XML External Entity vulnerability (CVE-2017-1758) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012828 ∗∗∗ IBM Security Bulletin: IBM Transformation Extender Advanced is Potentially Vulnerable to an XML External Entity (XXE) Injection in its REST API. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013432 ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by Node.js tough-cookie module vulnerability to a denial of service (CVE-2016-1000232) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013088 ∗∗∗ IBM Security Bulletin: IBM Systems Director (ISD) Storage Control is affected by vulnerabilities in IBM Websphere Application Server (WAS), OpenSSL and IBM Java Runtime ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027035 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.02.2018
by Daily end-of-shift report 20 Feb '18

20 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Montag 19-02-2018 18:00 − Dienstag 20-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Coldroot RAT Still Undetectable Despite Being Uploaded on GitHub Two Years Ago ∗∗∗ --------------------------------------------- Coldroot, a remote access trojan (RAT), is still undetectable by most antivirus engines, despite being uploaded and freely available on GitHub for almost two years. --------------------------------------------- https://www.bleepingcomputer.com/news/security/coldroot-rat-still-undetecta… ∗∗∗ Pirated Wordpress Add-On makes Websites Distribute Malware ∗∗∗ --------------------------------------------- Wordpress is a popular tool for creating web pages. Numerous extensions make your own programming skills superfluous. However, one should be careful when choosing its extensions. --------------------------------------------- https://www.gdatasoftware.com/blog/2018/02/30506-wordpress-add-on-malware ∗∗∗ Biggest Crypto Hacking Operation Ever Uncovered ∗∗∗ --------------------------------------------- Hackers are targeting Jenkins CI servers to exploit a vulnerability and secretly mine millions of dollars worth of cryptocurrency. --------------------------------------------- https://www.htbridge.com/blog/biggest-crypto-hacking-operation-ever-uncover… ∗∗∗ Wikipedia Page Review Reveals Minr Malware ∗∗∗ --------------------------------------------- Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the tag). This code is generated by the well-known JJEncode obfuscator, which was once quite popular for encrypting malicious code. Since its popularity dwindled a few years ago, we’ve hardly seen any new malware using it. It was definitely a surprise for us when approximately 3 months ago we noticed the JJEncode obfuscator was once again in [...] --------------------------------------------- https://blog.sucuri.net/2018/02/wikipedia-page-review-revealed-minr-malware… ∗∗∗ Textbombe: Apple räumt verheerenden Fehler mit Update aus ∗∗∗ --------------------------------------------- Neue Versionen von iOS und macOS verfügbar – Zeichenfolge konnte zahlreiche Apps zum Absturz bringen --------------------------------------------- http://derstandard.at/2000074619775 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libav), Gentoo (chromium, firefox, libreoffice, mysql, and ruby), SUSE (kernel), and Ubuntu (bind9). --------------------------------------------- https://lwn.net/Articles/747630/ ∗∗∗ DFN-CERT-2018-0340: Jenkins: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0340/ ∗∗∗ IBM Security Bulletin: IBM Sterling Connect:Express for UNIX is Affected by the Following OpenSSL Vulnerabilities (CVE-2017-3637, CVE-2017-3737, CVE-2017-3738) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013705 ∗∗∗ JSA10843 - 2018-02 Security Bulletin: AppFormix: Debug Shell Command Execution in AppFormix Agent (CVE-2018-0015) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10843&actp=RSS -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.02.2018
by Daily end-of-shift report 19 Feb '18

19 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-02-2018 18:00 − Montag 19-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers pilfered $6M from Russian central bank via SWIFT system ∗∗∗ --------------------------------------------- Hackers nicked $6 million from the Russian central bank last year via the SWIFT messaging system, according to report from the bank. --------------------------------------------- https://www.scmagazine.com/hackers-pilfered-6m-from-russian-central-bank-vi… ∗∗∗ WWW: Tracking-Methoden werden brutaler, Browser-Hersteller schauen weg ∗∗∗ --------------------------------------------- Die Überwachungsmethoden der Tracker werden immer ausgefeilter. Selbst bei Online-Apotheken bedienen sich die Datendealer. Datenschutz-Forscher Arvind Narayanan ärgert sich über die Untätigkeit der großen Browser-Hersteller. --------------------------------------------- https://heise.de/-3718112 ∗∗∗ FSX: Add-On-Entwickler FSLabs liest heimlich Passwörter von Raubkopierern aus ∗∗∗ --------------------------------------------- FlightSimLabs verkauft Zusatzflugzeuge für den beliebten Microsoft Flight Simulator. Die Firma gibt zu, mutmaßlichen Raubkopierern eine Software auf den Rechner installiert zu haben, die deren Chrome-Passwörter an die Entwickler übermittelt. --------------------------------------------- https://heise.de/-3973485 ∗∗∗ Security bugs in Dell storage platform allowed hackers to gain root access ∗∗∗ --------------------------------------------- Security researchers recently unearthed as many as nine security vulnerabilities in Dell EMC's Isilon OneFS platform allowing remote attackers to launch social engineering attacks and subsequently access the Isilon systems at root. --------------------------------------------- https://www.scmagazineuk.com/news/security-bugs-in-dell-storage-platform-al… ∗∗∗ Record-Breaking Number of Vulnerabilities Disclosed in 2017: Report ∗∗∗ --------------------------------------------- A record-breaking number of vulnerabilities were disclosed in 2017, with a total of 20,832 such security flaws, a new report from Risk Based Security shows. read more --------------------------------------------- https://www.securityweek.com/record-breaking-number-vulnerabilities-disclos… ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft-Browser Edge: Google veröffentlicht Zero-Day-Lücke, kein Patch in Sicht ∗∗∗ --------------------------------------------- Der JIT-Compiler, der Microsofts Edge-Browser von Angriffscode aus dem Web isolieren soll, lässt sich selbst zum Einschleusen von Angriffscode missbrauchen. Google hat die dazugehörige Lücke nun veröffentlicht, ohne dass Microsoft Zeit zum Patchen hatte. --------------------------------------------- https://heise.de/-3973380 ∗∗∗ DSA-4118 tomcat-native - security update ∗∗∗ --------------------------------------------- Jonas Klempel reported that tomcat-native, a library giving Tomcataccess to the Apache Portable Runtime (APR) librarys network connection(socket) implementation and random-number generator, does not properlyhandle fields longer than 127 bytes when parsing the AIA-Extension fieldof a client certificate. If OCSP checks are used, this could result inclient certificates that should have been rejected to be accepted. --------------------------------------------- https://www.debian.org/security/2018/dsa-4118 ∗∗∗ DFN-CERT-2016-0125: Red Hat JBoss Web Server: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe und das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Red Hat aktualisiert seinen Sicherheitshinweis vom 21.01.2016 und gibt bekannt, dass die Schwachstelle CVE-2012-1148 auch in der aktualisierten Version des Red Hat JBoss Webserver enthalten ist. Bislang gibt es keine Information darüber, wann ein Sicherheitsupdate zur Behebung dieser Schwachstelle zur Verfügung stehen wird. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0125/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (irssi), Debian (bind9, gcc-4.9, plasma-workspace, quagga, and tomcat-native), Fedora (p7zip), Mageia (nasm), openSUSE (exim, ffmpeg, irssi, mpv, qpdf, quagga, rrdtool, and rubygem-puppet), and SUSE (p7zip and xen). --------------------------------------------- https://lwn.net/Articles/747548/rss ∗∗∗ Tenda AC15 Remote Code Execution ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2018020216 ∗∗∗ IBM Security Bulletin: IBM Maximo Anywhere is vulnerable to cross-site scripting (CVE-2017-1604) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011883 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects Rational Rhapsody Design Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013739 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.02.2018
by Daily end-of-shift report 16 Feb '18

16 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-02-2018 18:00 − Freitag 16-02-2018 18:00 Handler: n/a Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New Saturn Ransomware Actively Infecting Victims ∗∗∗ --------------------------------------------- A new ransomware was discovered this week by MalwareHunterTeam called Saturn. This ransomware will encrypt the files on a computer and then append the .saturn extension to the files name. At this time it is not known how Saturn Ransomware is being distributed. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-saturn-ransomware-active… ∗∗∗ Using the Chrome Task Manager to Find In-Browser Miners ∗∗∗ --------------------------------------------- The use of browsers to mine for digital currency is becoming a major problem. With more and more sites incorporating in-browser mining scripts such as CoinHive and web extensions injecting them into web pages, people will continue to be affected by this attack. Thankfully, we can easily detect miners using the Chrome Task Manager. --------------------------------------------- https://www.bleepingcomputer.com/news/security/using-the-chrome-task-manage… ∗∗∗ Behörden ignorieren Sicherheitsbedenken gegenüber Windows 10 ∗∗∗ --------------------------------------------- Deutsche Behörden kaufen fleißig Software bei Microsoft. Dabei gibt es erhebliche Sicherheitsbedenken, die das US-Unternehmen wohl immer noch nicht ausräumen konnte. Unklar ist etwa, welche Daten an den Konzern fließen. --------------------------------------------- https://www.heise.de/newsticker/meldung/Behoerden-ignorieren-Sicherheitsbed… ∗∗∗ Infizierte Heimrouter: Satori-Botnetz legt stark zu ∗∗∗ --------------------------------------------- Der Mirai-Nachfolger Satori infiziert immer mehr Heimrouter und IoT-Geräte. Die zugrundeliegenden Sicherheitslücken werden von den Herstellern oft ignoriert. In der Zwischenzeit schürfen die Angreifer munter Kryptogeld. --------------------------------------------- https://www.heise.de/meldung/Infizierte-Heimrouter-Satori-Botnetz-legt-star… ∗∗∗ Oracle WebLogic Server Flaw Exploited to Deliver Crypto-Miners ∗∗∗ --------------------------------------------- Threat actors are exploiting a recently patched vulnerability in Oracle WebLogic Server to infect systems with crypto-currency mining malware, FireEye reports. --------------------------------------------- https://www.securityweek.com/oracle-weblogic-server-flaw-exploited-deliver-… ===================== = Vulnerabilities = ===================== ∗∗∗ Nortek Linear eMerge E3 Series ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a command injection vulnerability in the Nortek Linear eMerge E3 Series. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-01 ∗∗∗ GE D60 Line Distance Relay ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow and improper restriction of operations within the bounds of a memory buffer vulnerabilities in GE’s D60 Line Distance Relay. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02 ∗∗∗ Schneider Electric IGSS Mobile ∗∗∗ --------------------------------------------- This advisory contains mitigation details for Improper certificate validation and plaintext storage of a password vulnerabilities in the Schneider Electric IGSS Mobile products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03 ∗∗∗ Schneider Electric StruxureOn Gateway ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an unrestricted upload of file with dangerous type vulnerability in Schneider Electrics StruxureOn Gateway software management platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-04 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (quagga), Mageia (freetype2, kernel-linus, and kernel-tmb), openSUSE (chromium, GraphicsMagick, mupdf, openssl-steam, and xen), Slackware (irssi), SUSE (glibc and quagga), and Ubuntu (quagga). --------------------------------------------- https://lwn.net/Articles/747439/rss ∗∗∗ 2018-01-06 (updated 2018-02-16): Cyber Security Notification - Meltdown & Spectre ∗∗∗ --------------------------------------------- http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A8219&… ∗∗∗ DFN-CERT-2018-0320: Quagga: Mehrere Schwachstellen ermöglichen u.a. einen Distributed-Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0320/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027118 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013416 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Host On-Demand ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012447 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Maximo Asset Management (CVE-2017-5662) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008816 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.02.2018
by Daily end-of-shift report 15 Feb '18

15 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-02-2018 18:00 − Donnerstag 15-02-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Spam and phishing in 2017 ∗∗∗ --------------------------------------------- The share of spam in email traffic in 2017 fell by 1.68% to 56.63%. The lowest share (52.67%) was recorded in December 2017. The highest (59.56%) belonged to September. In 2017, the Anti-Phishing system was triggered 246,231,645 times on computers of Kaspersky Lab users as a result of phishing redirection attempts. --------------------------------------------- http://securelist.com/spam-and-phishing-in-2017/83833/ ∗∗∗ Inside the MSRC– The Monthly Security Update Releases ∗∗∗ --------------------------------------------- For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence. October 2003 ushered in .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/02/14/inside-the-msrc-the-mon… ∗∗∗ Multi-Stage Email Word Attack without Macros ∗∗∗ --------------------------------------------- Malware authors often distribute malware through code macros in Microsoft Office documents such as Word, Excel, or PowerPoint. Regardless of the particular Office version, macros can be executed whenever the user opens the file. By default users get warnings from .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Multi-Stage-Email-Word-… ∗∗∗ Besser vernetzt - besser geschützt ∗∗∗ --------------------------------------------- Zweitägiger Workshop im BRZ ermöglicht raschere Reaktion auf Malware und andere Bedrohungen. 70 Teilnehmer/innen von österreichischen und internationalen CERTs waren dabei. --------------------------------------------- https://www.brz.gv.at/BRZ_News/besser_vernetzt_besser_geschuetzt.html ∗∗∗ MeltdownPrime & SpectrePrime: Neue Software automatisiert CPU-Angriffe ∗∗∗ --------------------------------------------- Nach Meltdown und Spectre hatten Experten prognostiziert, dass das Zuschneiden auf spezifische Chips eine Weile dauern würde. Dieser Prozess lässt sich nun durch Automatisierung beschleunigen. Dabei wurden auch neue Variationen der Angriffe gefunden. --------------------------------------------- https://www.heise.de/meldung/MeltdownPrime-SpectrePrime-Neue-Software-autom… ∗∗∗ Cryptojacking: Hacker infiltrieren 5.000 Websites, verdienen nur 23 Euro ∗∗∗ --------------------------------------------- Laut Angaben von Skript-Entwickler Coinhive – Angreifer schleusten Code in Vorlese-Plugin .. --------------------------------------------- http://derstandard.at/2000074318850 ∗∗∗ COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style ∗∗∗ --------------------------------------------- This post is authored by Jeremiah OConnor and Dave Maynor with contributions from Artsiom Holub and Austin McBride. Executive SummaryCisco has been tracking a bitcoin theft campaign for over 6 months. The campaign was discovered internally and researched with the aid of an intelligence sharing partnership with Ukraine Cyberpolice. The campaign .. --------------------------------------------- http://blog.talosintelligence.com/2018/02/coinhoarder.html ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4112 xen - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4112 ∗∗∗ Entity API - Moderately critical - Information Disclosure - SA-CONTRIB-2018-013 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-013 ∗∗∗ Entity Backup - Critical - Module Unsupported - SA-CONTRIB-2018-012 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-012 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.02.2018
by Daily end-of-shift report 14 Feb '18

14 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-02-2018 18:00 − Mittwoch 14-02-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Hackers Keep it Simple: Malware Evades Detection by Simply Copying a File ∗∗∗ --------------------------------------------- Returning to this particular flavor of malware, we see a rather simple way to bypass the detection products: it simply copies kernel32.dll. The copied version is identical and serves to relay requests from Word in to the kernel in precisely the same way; however, the copy name is subtly different. Therefore, some products fail to detect the malware activity as it passes from Word to the kernel. --------------------------------------------- https://blogs.bromium.com/malware-copies-file-evades-detection/ ∗∗∗ DoubleDoor Botnet Chains Exploits to Bypass Firewalls ∗∗∗ --------------------------------------------- Anubhav says DoubleDoor attackers are using the first exploit to bypass Juniper Netscreen firewalls and then scan internal networks for ZyXEL routers to exploit with the second exploit. ... But the botnet is not a major danger just yet. Anubhav says DoubleDoor looks like a work in progress and still under heavy development. --------------------------------------------- https://www.bleepingcomputer.com/news/security /doubledoor-botnet-chains-exploits-to-bypass-firewalls/ ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft - February 2018 Security Updates ∗∗∗ --------------------------------------------- The February security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore Adobe Flash --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance /releasenotedetail/879af9c3-970b-e811-a961-000d3a33c573 ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB18-02) and Adobe Experience Manager (APSB18-04). --------------------------------------------- https://blogs.adobe.com/psirt/?p=1530 ∗∗∗ Zu aufwendig: Microsoft will schwere Skype-Lücke nicht beheben ∗∗∗ --------------------------------------------- Leck erlaubt Übernahme von Windows-System – Kein Patch geplant, Fehler soll erst in neuer Version entfernt werden --------------------------------------------- http://derstandard.at/2000074186504 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (exim and mpv), Debian (advancecomp and graphicsmagick), Red Hat (collectd, erlang, httpd24-apr, openstack-aodh, and openstack-nova), SUSE (kernel and xen), and Ubuntu (libvorbis). --------------------------------------------- https://lwn.net/Articles/747244/rss ∗∗∗ SAP Resolves High Risk Flaws with February 2018 Patches ∗∗∗ --------------------------------------------- SAP this week released its monthly set of security updates for its products, addressing a total of 11 new vulnerabilities, including two considered high severity. --------------------------------------------- https://www.securityweek.com /sap-resolves-high-risk-flaws-february-2018-patches ∗∗∗ WAGO PFC200 Series ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01 ∗∗∗ Schneider Electric IGSS SCADA Software ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-044-02 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2016-4461) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010883 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud (CVE-2017-1681, CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013359 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013041 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5647) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010892 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.02.2018
by Daily end-of-shift report 13 Feb '18

13 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Montag 12-02-2018 18:00 − Dienstag 13-02-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ If You Thought Ransomware was Big, Illegal Crypto-Mining May be Bigger ∗∗∗ --------------------------------------------- There has been an interesting trend if you follow the daily barrage of security breaches, malware, and other .. --------------------------------------------- https://www.beyondtrust.com/blog/thought-ransomware-big-illegal-crypto-mini… ∗∗∗ Cybersecurity-Experten warnen for Valentinstags-Angeboten ∗∗∗ --------------------------------------------- Der Valentinstag am 14. Februar wird von Cyber-Kriminellen zum Versand von E-Mails mit gefährlichen Sonderangeboten genutzt. --------------------------------------------- https://futurezone.at/digital-life/cybersecurity-experten-warnen-for-valent… ∗∗∗ Security baseline for Office 2016 and Office 365 ProPlus apps – FINAL ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Microsoft Office Professional Plus 2016 and Office 365 ProPlus 2016 apps. There are no changes from the draft .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2018/02/13/security-baseline-f… ∗∗∗ Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins ∗∗∗ --------------------------------------------- On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating unwanted pop-up/pop-unders. Whenever a visitor clicks .. --------------------------------------------- https://blog.sucuri.net/2018/02/unwanted-popups-caused-injectbody-injectscr… ∗∗∗ Still not on Windows 10? Fine, sighs Microsoft, here are its antivirus tools for Windows 7, 8.1 ∗∗∗ --------------------------------------------- Redmond extends ATP to older builds, adds third-party links Microsoft has back-ported its Windows Defender Advanced Threat Protection (ATP) antivirus tool from Windows 10 to Windows 7 and 8.1. --------------------------------------------- www.theregister.co.uk/2018/02/12/microsoft_windows_atp/ ∗∗∗ Sicherheitsupdates: Gefährliche Lücken in IBM AIX und Notes ∗∗∗ --------------------------------------------- In AIX von IBM klafft eine kritische Sicherheitslücke. Darüber hinaus stopft ein Update eine Schwachstelle in Notes. --------------------------------------------- https://www.heise.de/meldung/Sicherheitsupdates-Gefaehrliche-Luecken-in-IBM… ∗∗∗ Chrome-Security-Chefin: "Wenn Flash entfernt wird, feiern wir eine Party" ∗∗∗ --------------------------------------------- Parisa Tabriz leitet die Elite-Hacker Gruppe Project Zero – sie sagt, dass Phishing eine größere Gefahr für die breite Masse als die Lücken "Meltdown" und Spectre ist --------------------------------------------- http://derstandard.at/2000073871421 ∗∗∗ Olympic Destroyer Takes Aim At Winter Olympics ∗∗∗ --------------------------------------------- This blog post is authored by Warren Mercer and Paul Rascagneres.Update 2/13 08:30 We have updated the information regarding the use of stolen credentialsUpdate 2/12 12:00: We have updated the destructor section with action taken .. --------------------------------------------- blog.talosintelligence.com/2018/02/olympic-destroyer.html ∗∗∗ Zero-Day in Telegrams Windows Client Exploited for Months ∗∗∗ --------------------------------------------- A zero-day vulnerability impacting Telegram Messenger’s Windows client had been exploited in malicious attacks for months before being discovered and addressed. read more --------------------------------------------- https://www.securityweek.com/zero-day-telegrams-windows-client-exploited-mo… ===================== = Vulnerabilities = ===================== ∗∗∗ [KDE] Plasma Desktop: Arbitrary command execution in the removable device notifier ∗∗∗ --------------------------------------------- When a vfat thumbdrive which contains `` or $() in its volume label is plugged and mounted trough the device notifier, its interpreted as a shell command, leaving a possibility of arbitrary commands execution. --------------------------------------------- https://www.kde.org/info/security/advisory-20180208-2.txt ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- https://blogs.adobe.com/psirt/?p=1530 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.02.2018
by Daily end-of-shift report 12 Feb '18

12 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-02-2018 18:00 − Montag 12-02-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Vor allem Porno-Seiten spannen Nutzer zum Krypto-Mining ein ∗∗∗ --------------------------------------------- Laut einer aktuellen Studie enthalten mehr als 240 der beliebtesten Websites Code, der die Rechner ihre Besucher zum "Schürfen" von Kryptowährungen nutzt. --------------------------------------------- https://futurezone.at/digital-life/vor-allem-porno-seiten-spannen-nutzer-zu… ∗∗∗ Cisco Confirms Critical Firewall Software Bug Is Under Attack ∗∗∗ --------------------------------------------- Cisco has issued patches for the vulnerability, which could be up to seven years old. --------------------------------------------- http://threatpost.com/cisco-confirms-critical-firewall-software-bug-is-unde… ∗∗∗ Cryakl ransomware keys made public ∗∗∗ --------------------------------------------- The Belgian Federal Police are releasing free decryption keys for Cryakl ransomware and have become a partner with the No More Ransom Project. --------------------------------------------- https://www.scmagazine.com/cryakl-ransomware-keys-made-public/article/74332… ∗∗∗ GitHub-Account-Zombies erregen die Gemüter ∗∗∗ --------------------------------------------- Löscht ein Nutzer seinen Account bei GitHub, wird der Name sofort wieder für neue Nutzer frei. Das können Kriminelle missbrauchen, um über die Entwicklerseite Malware zu verteilen. Entwickler sollten Accounts daher lieber downgraden statt löschen. --------------------------------------------- https://www.heise.de/security/meldung/GitHub-Account-Zombies-erregen-die-Ge… ∗∗∗ Equifax-Hack betrifft noch mehr Daten als bisher bekannt ∗∗∗ --------------------------------------------- In einem Papier an den Bankenausschuss des US-Senats räumt Equifax ein, dass bei dem spektakulären Hack im September 2017 noch mehr Daten abgegriffen wurden als bisher zugegeben. Zusätzlich betroffen waren Steuernummern und Angaben im Führerschein. --------------------------------------------- https://www.heise.de/security/meldung/Equifax-Hack-betrifft-noch-mehr-Daten… ∗∗∗ Italienische Kryptobörse ausgeraubt: BitGrail fehlen 140 Millionen Euro ∗∗∗ --------------------------------------------- Diebe erbeuteten 17 Millionen sogenannte "Nano". BitGrail setzte den Handel vorerst aus. Die Polizei ermittelt. --------------------------------------------- https://www.heise.de/security/meldung/Italienische-Kryptoboerse-ausgeraubt-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (go, go-pie, and plasma-workspace), Debian (audacity, exim4, libreoffice, librsvg, ruby-omniauth, tomcat-native, and uwsgi), Fedora (tomcat-native), Gentoo (virtualbox), Mageia (kernel), openSUSE (freetype2, ghostscript, jhead, and libxml2), and SUSE (freetype2 and kernel). --------------------------------------------- https://lwn.net/Articles/747120/rss ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the diagnostic shell for Cisco IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell.The vulnerability is due to lack of proper input validation for certain diagnostic shell commands. An attacker could exploit this vulnerability by authenticating to the device, entering the diagnostic --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ BlackBerry powered by Android Security Bulletin - February 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ DSA-4110 exim4 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4110 ∗∗∗ DSA-4111 libreoffice - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4111 ∗∗∗ DFN-CERT-2018-0286: Oracle MySQL Community Server: Mehrere Schwachstellen ermöglichen u.a. Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0286/ ∗∗∗ IBM Security Bulletin: Remote code execution vulnerability within Jackson JSON library affects IBM Business Process Manager (CVE-2017-7525) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012395 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013351 ∗∗∗ VMSA-2018-0007 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0007.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.02.2018
by Daily end-of-shift report 09 Feb '18

09 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 08-02-2018 18:00 − Freitag 09-02-2018 18:00 Handler: Robert Waldner Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Free Decryption Tool Released for Cryakl Ransomware ∗∗∗ --------------------------------------------- Belgian Federal Police together with Kaspersky Lab have released a free decryption tool for some versions of the Cryakl ransomware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/free-decryption-tool-release… ∗∗∗ X.509 Certificates Can Be Abused for Data Exfiltration ∗∗∗ --------------------------------------------- Researchers say that threat actors looking for a covert channel for stealing data from a firewalled network can abuse X.509 certificates to hide and extract data without being detected. --------------------------------------------- https://www.bleepingcomputer.com/news/security/x-509-certificates-can-be-ab… ∗∗∗ Verschlüsselung: Github testet Abschaltung alter Krypto ∗∗∗ --------------------------------------------- Github-Nutzer sollten ihre Clients auf Kompatibilität prüfen: Ab dem 22. Februar werden alte TLS-Versionen und einige Diffie-Hellman-Gruppen deaktiviert. Am Donnerstagabend wurde die Abschaltung schon einmal getestet. --------------------------------------------- https://www.golem.de/news/verschluesselung-github-testet-abschaltung-alter-… ∗∗∗ Living in a Smart Home ∗∗∗ --------------------------------------------- In "The House that Spied on Me," Kashmir Hill outfits her home to be as "smart" as possible and writes about the results. --------------------------------------------- https://www.schneier.com/blog/archives/2018/02/living_in_a_sma.html ∗∗∗ WannaMine: Cryptocurrency Mining Malware That Uses An NSA Exploit ∗∗∗ --------------------------------------------- The recent months have seen an increase in cyberattacks using cryptocurrency-mining tools, which has now become one of the main security threats. --------------------------------------------- https://www.techworm.net/2018/02/wannamine-cryptocurrency-mining-malware-us… ∗∗∗ Einige Netgear-Router lassen sich mit simplem URL-Trick übernehmen ∗∗∗ --------------------------------------------- In vielen Routern von Netgear klaffen Sicherheitslücken, die Angreifern mitunter Tür und Tor öffnen können. Updates schaffen Abhilfe. --------------------------------------------- https://www.heise.de/security/meldung/Einige-Netgear-Router-lassen-sich-mit… ∗∗∗ WordPress 4.9.3 schießt automatische Update-Funktion ab ∗∗∗ --------------------------------------------- Die WordPress-Ausgabe 4.9.3 hat zwar in erster Linie Bugs gefixt, aber auch einen neuen mitgebracht: Die automatische Aktualisierung funktioniert nicht mehr. Eine neue Version löst das Problem. --------------------------------------------- https://www.heise.de/security/meldung/WordPress-4-9-3-schiesst-automatische… ∗∗∗ Spectre-2-Lücke: Intel verspricht Updates auch für ältere Prozessoren ∗∗∗ --------------------------------------------- Für Skylake-Prozessoren, zahlreiche Atoms und damit verwandte Celerons gibt es nun wieder Microcode-Updates – zunächst nur für OEM-Partner; doch Intel will auch ältere Prozessoren patchen. --------------------------------------------- https://www.heise.de/security/meldung/Spectre-2-Luecke-Intel-verspricht-Upd… ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-02) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB18-02) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, February 13, 2018. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1527 ∗∗∗ DSA-4108 mailman - security update ∗∗∗ --------------------------------------------- Calum Hutton and the Mailman team discovered a cross site scripting andinformation leak vulnerability in the user options page. A remoteattacker could use a crafted URL to steal cookie information or tofish for whether a user is subscribed to a list with a private roster. --------------------------------------------- https://www.debian.org/security/2018/dsa-4108 ∗∗∗ Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro ∗∗∗ --------------------------------------------- Sonatype Nexus Repository Manager OSS/Pro is affected by multiple cross-site scripting vulnerabilities (both reflected and stored) in both version 2 and 3 of the product which could be used by an attacker to execute JavaScript code in the user’s browser. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scriptin… ∗∗∗ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3) ∗∗∗ --------------------------------------------- Abstract: NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3). The purpose of the patch is to provide an upgrade of OpenSSL for eliminating potential security vulnerabilities and a few software fixes. This release does not contain any new features. --------------------------------------------- https://download.novell.com/Download?buildid=MtsbTyzebZw~ ∗∗∗ JRE vulnerability CVE-2012-5081 ∗∗∗ --------------------------------------------- JRE vulnerability CVE-2012-5081. Security Advisory. Security Advisory Description. Unspecified vulnerability in the Java ... --------------------------------------------- https://support.f5.com/csp/article/K21018505 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (clamav), Debian (mailman, mpv, and simplesamlphp), Fedora (tomcat-native), openSUSE (docker, docker-runc, containerd,, kernel, mupdf, and python-mistune), Red Hat (kernel), and Ubuntu (mailman and postgresql-9.3, postgresql-9.5, postgresql-9.6). --------------------------------------------- https://lwn.net/Articles/746988/rss ∗∗∗ DFN-CERT-2018-0278: Nextcloud Server: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0278/ ∗∗∗ IBM Security Bulletin: IBM i is affected by GSKIT vulnerability CVE-2018-1388 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022451 ∗∗∗ IBM Security Bulletin: Vulnerability impacts AIX and VIOS (CVE-2018-1383) ∗∗∗ --------------------------------------------- http://aix.software.ibm.com/aix/efixes/security/aixbase_advisory.asc ∗∗∗ IBM Security Bulletin: Open Source Apache CXF Vulnerablities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013336 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.02.2018
by Daily end-of-shift report 08 Feb '18

08 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-02-2018 18:00 − Donnerstag 08-02-2018 18:00 Handler: Robert Waldner Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ HTTPS: Viele Webseiten nutzen alte Symantec-Zertifikate ∗∗∗ --------------------------------------------- In Kürze wird Chrome vielen alten Symantec-Zertifikaten nicht mehr trauen, eine Testversion zeigt schon jetzt Warnmeldungen. Doch viele Seiten haben noch nicht umgestellt - darunter auch prominente Seiten wie Wechat oder Spiegel Online. --------------------------------------------- https://www.golem.de/news/https-viele-webseiten-nutzen-alte-symantec-zertif… ∗∗∗ Gefälschte card complete-Sicherheitsmitteilung ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte card complete-Sicherheitsmitteilung. Darin behaupten sie, dass das Unternehmen "einige Informationen von Ihnen (braucht) , Einloggen und aktualisieren Sie Ihr Konto". Empfänger/innen dürfen der Aufforderung nicht nachkommen, denn andernfalls übermitteln sie ihre Kreditkartendaten an Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/index.php?id=71&tx_news_pi1%5bnews%5d=301… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (django-anymail, libtasn1-6, and postgresql-9.1), Fedora (w3m), Mageia (389-ds-base, gcc, libtasn1, and p7zip), openSUSE (flatpak, ImageMagick, libjpeg-turbo, libsndfile, mariadb, plasma5-workspace, pound, and spice-vdagent), Oracle (kernel), Red Hat (flash-plugin), SUSE (docker, docker-runc, containerd, golang-github-docker-libnetwork and kernel), and Ubuntu (libvirt, miniupnpc, and QEMU). --------------------------------------------- https://lwn.net/Articles/746915/rss ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1761) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012416 ∗∗∗ IBM Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza Platform Software clients ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012829 ∗∗∗ IBM Security Bulletin: IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013053 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.02.2018
by Daily end-of-shift report 07 Feb '18

07 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-02-2018 18:00 − Mittwoch 07-02-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ A Flaw In Hotspot Shield Can Expose VPN Users, Locations ∗∗∗ --------------------------------------------- An anonymous reader quotes a report from ZDNet: A security researcher has found a way to identify users of Hotspot Shield, a popular free virtual private network service that promises its users anonymity and privacy. Hotspot Shield, developed by AnchorFree, has an estimated 500 million users around the world relying on its privacy service. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/zRG3hEa7Tro/a-flaw-in-hotsp… ===================== = Vulnerabilities = ===================== ∗∗∗ Update: "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches nun verfügbar ∗∗∗ --------------------------------------------- Update: 7. Februar 2018 Adobe hat nun ein entsprechendes Update veröffentlicht, die Details finden sich unter https://helpx.adobe.com/security/products/flash-player/apsb18-03.html --------------------------------------------- http://www.cert.at/warnings/all/20180201.html ∗∗∗ Vyaire Medical CareFusion Upgrade Utility Vulnerability ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for an uncontrolled search path element vulnerability in Vyaire Medical’s CareFusion Upgrade Utility application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01 ∗∗∗ Bugtraq: SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip ∗∗∗ --------------------------------------------- Business recommendation: InfoZip Unzip should be updated to the latest available version. --------------------------------------------- http://www.securityfocus.com/archive/1/541753 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mpv), Fedora (jackson-databind), Mageia (flash-player-plugin), Slackware (kernel), and Ubuntu (python-django). --------------------------------------------- https://lwn.net/Articles/746787/rss ∗∗∗ Cisco Enterprise License Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers File Overwrite Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco UCS Central Arbitrary Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Spark Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco RV132W and RV134W Wireless VPN Routers Unauthenticated Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XR Software Routing and Forwarding Inconsistency Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Diagnostic Shell Path Traversal Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower System Software BitTorrent File Policy Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance and Cisco Content Security Management Appliance Spam Quarantine Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Data Center Analytics Framework Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Data Center Analytics Framework Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite RADIUS Authentication Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite RADIUS Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Network TCP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Two Out-of-Bounds Read Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Six Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Two Vulnerabilities in the SIP Module of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Two Buffer Overflow Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Out-of-Bounds Memory Access Vulnerability in the GPU Driver of Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Three Vulnerabilities in SCCPX Module of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1401) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22013097 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008892 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Server Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012410 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Struts Affect IBM Emptoris Contract Management and IBM Emptoris Spend (CVE-2016-1181,CVE-2016-1182) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013334 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012609 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Insufficient Authorization Checks vulnerability (CVE-2018-1368 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013302 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source Binutils and Open Source OpenSSL affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012605 ∗∗∗ IBM Security Bulletin:Vulnerability in Apache Poi Affects IBM Emptoris Sourcing and IBM Emptoris Contract Management (CVE-2017-5644) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012515 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.02.2018
by Daily end-of-shift report 06 Feb '18

06 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Montag 05-02-2018 18:00 − Dienstag 06-02-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Research papers and Youtube videos from BlueHat Israel 2018 ∗∗∗ --------------------------------------------- http://www.bluehatil.com/abstracts.html ∗∗∗ European Cyber Security Month ECSM 2017 deployment report ∗∗∗ --------------------------------------------- ENISA is today pleased to publish the ‘European Cyber Security Month deployment report’, a summary of the activities carried out throughout ECSM 2017 by the Agency and participating Member States. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/european-cyber-security-month-e… ∗∗∗ Strong cybersecurity culture as efficient firewall for organisations ∗∗∗ --------------------------------------------- ENISA’s Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/strong-cybersecurity-culture-as… ∗∗∗ Krypto-Miner schlich über Download-Verzeichnis MacUpdate auf Macs ∗∗∗ --------------------------------------------- Mac-Nutzer, die beliebte Software wie etwa den Browser Firefox über MacUpdate heruntergeladen haben, handelten sich dadurch unter Umständen Malware ein. --------------------------------------------- https://www.heise.de/meldung/Krypto-Miner-schlich-ueber-Download-Verzeichni… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Flash Player (APSB18-03) ∗∗∗ --------------------------------------------- https://blogs.adobe.com/psirt/?p=1522 ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a common separated value (CSV) vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012674 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM JRE affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013271 ∗∗∗ February 2018 ∗∗∗ --------------------------------------------- https://source.android.com/security/bulletin/2018-02-01.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.02.2018
by Daily end-of-shift report 05 Feb '18

05 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-02-2018 18:00 − Montag 05-02-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Safer Internet Day ∗∗∗ --------------------------------------------- February 6, 2018, is Safer Internet Day (SID), a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/02/05/Safer-Internet-Day ===================== = Vulnerabilities = ===================== ∗∗∗ New Western Digital My Cloud Bugs Give Local Attackers Root on NAS Devices ∗∗∗ --------------------------------------------- Two new WD My Cloud vulnerabilities have been identified, adding to last month’s bevy of security bugs. --------------------------------------------- http://threatpost.com/new-western-digital-my-cloud-bugs-give-local-attacker… ∗∗∗ NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3) ∗∗∗ --------------------------------------------- NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3). The purpose of the patch is to provide an upgrade of OpenSSL for eliminating potential security vulnerabilities and a few software fixes. --------------------------------------------- https://download.novell.com/Download?buildid=MtsbTyzebZw~ ∗∗∗ Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2018-0235/">Django: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Eine Schwachstelle in Django ermöglicht einem entfernten, nicht authentisierten Angreifer Informationen zu berechtigten Benutzern auszuspähen. Der Hersteller hat Django 2.0.2 und 1.11.10 als Security Releases veröffentlicht und stellt Patches für den Master Branch und die Releases Branches 2.0 und 1.11 zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0235/ ∗∗∗ DFN-CERT-2018-0234/">7-Zip: Eine Schwachstelle ermöglicht u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle ausnutzen, um einen Denial-of-Service (DoS)-Angriff durchzuführen (Out-of-bounds Write) oder möglicherweise mit Hilfe eines präparierten ZIP-Archivs beliebigen Programmcode zur Ausführung bringen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0234/ ∗∗∗ Update: Kritische Sicherheitslücke in Cisco ASA Software - Patches verfügbar ∗∗∗ --------------------------------------------- Update: 5. Februar 2018 Cisco hat bekanntgegeben, dass im Zuge interner Untersuchungen noch weitere Lücken gefunden wurden, sowie dass die bisher veröffentlichten gefixten Versionen Fehler enthalten. --------------------------------------------- http://www.cert.at/warnings/all/20180130.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dokuwiki and p7zip), Fedora (kernel, pdns, rsync, and webkitgtk4), openSUSE (chromium and translate-toolkit), Red Hat (jboss-ec2-eap and Red Hat Satellite 6), Slackware (php), and SUSE (bind and firefox). --------------------------------------------- https://lwn.net/Articles/746568/rss ∗∗∗ IBM Security Bulletin: API Connect is affected by a cross-site scripting vulnerability CVE-2018-1382 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013054 ∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by authenticated user access to sensitive information vulnerability (CVE-2017-1785) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013061 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013153 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026841 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025910 ∗∗∗ IBM Security Bulletin: October 2016 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011818 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.02.2018
by Daily end-of-shift report 02 Feb '18

02 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 01-02-2018 18:00 − Freitag 02-02-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Crypto Miners May Be the 'New Payload of Choice' for Attackers ∗∗∗ --------------------------------------------- Crypto mining botnets provide a stealthy way to generate big bucks, without the downsides of ransomware. --------------------------------------------- http://threatpost.com/crypto-miners-may-be-the-new-payload-of-choice-for-at… ∗∗∗ Simple but Effective Malicious XLS Sheet, (Fri, Feb 2nd) ∗∗∗ --------------------------------------------- Here is another quick analysis of a malicious Excel sheet found while hunting. The malicious document was delivered through a classic phishing attempt from Janes 360[1], a website operated by HIS Markit[2]. Here is a copy of the mail body. --------------------------------------------- https://isc.sans.edu/diary/rss/23305 ∗∗∗ Multiple Vulnerabilities in WD MyCloud ∗∗∗ --------------------------------------------- While performing security research on personal storage I found some vulnerabilities in the WD (Western Digital) MyCloud device. Trustwave reported them to WD back in 2017 and now that patches are available we can discuss the technical details. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Multiple-Vulnerabilitie… ∗∗∗ There is no evidence in-the-wild malware is using Meltdown or Spectre ∗∗∗ --------------------------------------------- Reports of malware using the Meltdown or Spectre attacks are likely based on proof-of-concept code rather than files written for a malicious purpose. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/02/there-no-evidence-wild-malwa… ∗∗∗ Service-Router von Cisco können sich an IPv6-Paketen verschlucken ∗∗∗ --------------------------------------------- Ein Sicherheitsupdate schließt eine DoS-Schwachstelle in Cisco ASR 9000. --------------------------------------------- https://www.heise.de/security/meldung/Service-Router-von-Cisco-koennen-sich… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (systemd and thunderbird), Debian (squid and squid3), Fedora (firefox), Mageia (java-1.8.0-openjdk and sox), openSUSE (ecryptfs-utils and libXfont), Oracle (systemd and thunderbird), Scientific Linux (thunderbird), and Ubuntu (dovecot and w3m). --------------------------------------------- https://lwn.net/Articles/746326/rss ===================== = Vulnerabilities = ===================== ∗∗∗ "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches noch nicht verfügbar ∗∗∗ --------------------------------------------- "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches noch nicht verfügbar 1. Februar 2018 Beschreibung Adobe hat bekanntgegeben, dass es aktuell eine kritische Sicherheitslücke in Adobe Flash Player gibt, die auch bereits aktiv ausgenützt wird. CVE-Nummer: CVE-2018-4878 Es ist noch keine entsprechend gefixte Version verfügbar - Adobe hat eine solche für nächste Woche (beginnend mit 5. Februar 2018) in Aussicht --------------------------------------------- http://www.cert.at/warnings/all/20180201.html ∗∗∗ IBM Security Bulletin: IBM StoredIQ for Legal has released Interim Fix 2.0.3.3-IBM-SIQ4L-IF001 in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012719 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Kernel, libvirt and qemu-kvm affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012641 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.02.2018
by Daily end-of-shift report 01 Feb '18

01 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 31-01-2018 18:00 − Donnerstag 01-02-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ DDG: A Mining Botnet Aiming at Database Servers ∗∗∗ --------------------------------------------- Starting 2017-10-25, we noticed there was a large scale ongoing scan targeting the OrientDB databases. Further analysis found that this is a long-running botnet whose main .. --------------------------------------------- http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/ ∗∗∗ Adaptive Phishing Kit ∗∗∗ --------------------------------------------- Phishing kits are everywhere! If your server is compromised today, they are chances that it will be used to mine cryptocurrency, to deliver malware payloads or to host a phishing kit. Phishing remains a common attack scenario to collect valid credentials and impersonate the user account or, in larger attacks, it is one of the first steps to .. --------------------------------------------- https://isc.sans.edu/diary/rss/23299 ∗∗∗ Internet of Dildos – a long way to a vibrant future ∗∗∗ --------------------------------------------- Schwachstellen in Sexspielzeugen sind nicht nur aus technischer Sicht sehr interessant, sondern vor allem datenschutzrechtlich. Mehrere „Smart Sex“ Spielzeuge der Marke Vibratissimo und die dazugehörige Cloud Plattform waren von schwerwiegenden Schwachstellen betroffenen. --------------------------------------------- https://www.sec-consult.com/blog/2018/02/internet-of-dildos-a-long-way-to-a… ∗∗∗ Meltdown/Specter-based Malware Coming Soon to Devices Near You, Are You Ready? ∗∗∗ --------------------------------------------- It has been few weeks since the details of the Spectre, and Meltdown processor vulnerabilities came out in public and researchers have discovered more than 130 malware samples trying to exploit these chip flaws. Spectre and Meltdown are security .. --------------------------------------------- https://thehackernews.com/2018/02/meltdown-spectre-malware-hacking.html ∗∗∗ Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet ∗∗∗ --------------------------------------------- The Trend Micro Cyber Safety Solutions team has discovered a new botnet delivered via Chrome extensions that affects more than half a million users. (The malicious extension is detected as BREX_DCBOT.A.) This botnet was used to inject ads and cryptocurrency mining code into websites the victim would visit. We have dubbed this particular .. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-chrom… ∗∗∗ "Ändere dein Passwort"-Tag: Lass es doch einfach bleiben! ∗∗∗ --------------------------------------------- Am 1. Februar ist "Ändere dein Passwort"-Tag. Aber ist es wirklich sinnvoll, Passwörter regelmäßig zu ändern? Und wie wählt man überhaupt gute Passwörter, die Hackerangriffen standhalten? --------------------------------------------- https://www.heise.de/meldung/Aendere-dein-Passwort-Tag-Lass-es-doch-einfach… ∗∗∗ Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions ∗∗∗ --------------------------------------------- The threat landscape is constantly changing; over the last few years malware threat vectors, methods and payloads have rapidly evolved. Recently, as cryptocurrency values have exploded, mining .. --------------------------------------------- http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html ∗∗∗ Chrome’s Plan to Distrust Symantec Certificates ∗∗∗ --------------------------------------------- Posted by Devon O’Brien, Ryan Sleevi, Andrew Whalley, Chrome SecurityThis post is a broader announcement of plans already finalized on the blink-dev mailing list.Update, 1/31/18: Post was updated to further clarify 13 month validity limitationsAt the end of July, the Chrome team and the PKI community converged upon a plan to reduce, and .. --------------------------------------------- https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.h… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4103 chromium-browser - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4103 ∗∗∗ Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.01.2018
by Daily end-of-shift report 31 Jan '18

31 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 30-01-2018 18:00 − Mittwoch 31-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft Drops the Hammer on Coercive Registry Cleaners & System Optimizers ∗∗∗ --------------------------------------------- Starting March 1st 2018, Windows Defender and other Microsoft products will begin to remove programs that display coercive behavior. This includes registry cleaners and system optimizers that offer free scans, display alarming messages, and then require the user to purchase it.before fixing anything. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-drops-the-hammer-… ∗∗∗ Google hat 2017 mehr als 700.000 bösartige Apps aus Google Play verbannt ∗∗∗ --------------------------------------------- In einem Jahresbericht führt Google aus, wie sicher der eigene Android-App-Store Google Play doch ist. Aufgrund einiger Vorfälle wirkt die Argumentation stellenweise jedoch nicht ganz glaubwürdig. --------------------------------------------- https://www.heise.de/meldung/Google-hat-2017-mehr-als-700-000-boesartige-Ap… ∗∗∗ Kritische Sicherheitslücke in Mozilla Firefox - Patch verfügbar ∗∗∗ --------------------------------------------- Mozilla hat einen Out-of-Band Patch für eine kritische Sicherheitslücke im Webbrowser Firefox veröffentlicht. Auswirkungen Durch Ausnützen dieser Lücke kann ein Angreifer beliebigen Code auf betroffenen Systemen, mit den Rechten des angemeldeten Benutzers, ausführen. Dazu reicht es, den Browser zum Anzeigen einer entsprechend präparierten Webseite .. --------------------------------------------- http://www.cert.at/warnings/all/20180131.html ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4102 thunderbird - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4102 ∗∗∗ PHOENIX CONTACT mGuard ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01 ∗∗∗ Siemens TeleControl Server Basic ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-030-02 ∗∗∗ WordPress plugin "WP Retina 2x" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN30636823/ ∗∗∗ Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.01.2018
by Daily end-of-shift report 30 Jan '18

30 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Montag 29-01-2018 18:00 − Dienstag 30-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ IBM-Studie: Viele Nutzer halten biometrische Anmeldung für sicher ∗∗∗ --------------------------------------------- Gerade junge Leute wollen sich heutzutage keine Passwörter mehr merken: Eine IBM-Studie untersucht Vorlieben von Nutzern aller Altersgruppen. Teilnehmer ab 55 Jahren hingegen merken sich viele verschiedene Passwörter auf einmal - auch ohne Passwort-Manager. --------------------------------------------- https://www.golem.de/news/ibm-studie-viele-nutzer-halten-biometrische-anmel… ∗∗∗ Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery ∗∗∗ --------------------------------------------- Of course this does nothing for victims encrypted files Cybercriminals are using Tor proxies to divert ransomware payments to their own Bitcoin wallets. --------------------------------------------- theregister.com/feed/www.theregister.co.uk/2018/01/30/ransomware_diversions/ ∗∗∗ Chrome Extension Malware Has Evolved ∗∗∗ --------------------------------------------- While helpful and creative, Chrome extensions have also become a new playground for hackers intent on stealing your data. --------------------------------------------- https://www.wired.com/story/chrome-extension-malware ∗∗∗ ENISA organises cyber-exercise to boost CSIRT cooperation ∗∗∗ --------------------------------------------- On 30 January 2018, the EU Cybersecurity Agency ENISA organised ‘Cyber SOPEx’, the first cooperation exercise of the CSIRTs Network. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-organises-cyber-exercise-… ∗∗∗ E-Mail-Betrug: Vorarlberger Firma zahlt 150.000 Euro ∗∗∗ --------------------------------------------- Mitarbeiterin überwies knapp 150.000 Euro ins Ausland – 83.000 Euro konnten zurückgeholt werden --------------------------------------------- http://derstandard.at/2000073288109 ∗∗∗ "spotzi" und "bier1": Cybasar-Leak zeigt die unsicheren Passwörter der Österreicher ∗∗∗ --------------------------------------------- Viele Kennwörter offenbaren fahrlässigen Umgang mit eigenen Informationen im Netz – auch von Behördenmitarbeitern --------------------------------------------- http://derstandard.at/2000073316365 ∗∗∗ 2017 in Snort Signatures. ∗∗∗ --------------------------------------------- This post was written by Martin Lee and Vanja Svajcer.2017 was an eventful year for cyber security with high profile vulnerabilities that allowed self-replicating worm attacks such as WannaCry and BadRabbit to impact .. --------------------------------------------- http://blog.talosintelligence.com/2018/01/2017-in-snort-signatures.html ∗∗∗ Kritische Sicherheitslücke in Cisco ASA Software - Patches verfügbar ∗∗∗ --------------------------------------------- Cisco hat ein Advisory zu einer kritischen Sicherheitslücke in Cisco ASA Software veröffentlicht. Die Lücke befindet sich im Code, der für das "webvpn"-Feature zuständig .. --------------------------------------------- http://www.cert.at/warnings/all/20180130.html ===================== = Vulnerabilities = ===================== ∗∗∗ [20180103] - Core - XSS vulnerability in Uri class ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/721-20180103-core-xss-vulnerab… ∗∗∗ [20180102] - Core - XSS vulnerability in com_fields ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/720-20180102-core-xss-vulnerab… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.01.2018
by Daily end-of-shift report 29 Jan '18

29 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 26-01-2018 18:00 − Montag 29-01-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Cyberattacken auf niederländische Banken: Netbanking weg ∗∗∗ --------------------------------------------- Die drei größten Banken der Niederlande hatten am Wochenende mit Cyberangriffen zu kämpfen. Teilweise fiel auch das Online-Banking aus. --------------------------------------------- https://futurezone.at/digital-life/cyberattacken-auf-niederlaendische-banke… ∗∗∗ Coincheck: Kryptowährung im Wert von 429 Millionen Euro gestohlen ∗∗∗ --------------------------------------------- Für das Unternehmen Coincheck war es ein schwarzer Freitag: Eine große Menge der Kryptowährung NEM wurde gestohlen. Der Kurs sank dadurch um elf Prozent. Auch Bitcoin und Etherium waren davon betroffen. Der Angriff ist für einige ein Anlass zur Kritik an Japans Regulierung des Kryptohandels. --------------------------------------------- https://www.golem.de/news/coincheck-kryptowaehrung-im-wert-von-429-milliard… ∗∗∗ Security: Lenovo gesteht Sicherheitslücken im Fingerprint Manager ein ∗∗∗ --------------------------------------------- Die Software Fingerprint Manager Pro speichert biometrische Daten auf dem Gerät. Allerdings sagt selbst Lenovo, dass das unsicher sei und rät daher zu einem Update. Windows-10-Geräte sind davon jedoch nicht betroffen. --------------------------------------------- https://www.golem.de/news/security-lenovo-gesteht-sicherheitsluecken-im-fin… ∗∗∗ Meltdown & Spectre: Windows-Update deaktiviert Schutz gegen Spectre V2 ∗∗∗ --------------------------------------------- Ein aktuelles Windows-Update schaltet den Schutz gegen Spectre Variant 2 ab, um Instabilitäten des Systems vorzubeugen. --------------------------------------------- https://www.heise.de/newsticker/meldung/Meltdown-Spectre-Windows-Update-dea… ∗∗∗ First 'Jackpotting' Attacks Hit U.S. ATMs ∗∗∗ --------------------------------------------- ATM "jackpotting" - a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand - has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United [...] --------------------------------------------- https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms/ ∗∗∗ Cybasar.at gehackt: 70.000 österreichische Log-ins im Netz aufgetaucht ∗∗∗ --------------------------------------------- Hunderte E-Mails und Passwörter von offiziellen Stellen enthalten – Daten stammen von Gebrauchtwagenplattform Cybasar --------------------------------------------- http://derstandard.at/2000073253135 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4099 ffmpeg - security update ∗∗∗ --------------------------------------------- Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed. --------------------------------------------- https://www.debian.org/security/2018/dsa-4099 ∗∗∗ DSA-4101 wireshark - security update ∗∗∗ --------------------------------------------- It was discovered that wireshark, a network protocol analyzer, containedseveral vulnerabilities in the dissectors/file parsers for IxVeriWave,WCP, JSON, XML, NTP, XMPP and GDB, which could result in denial ofservice or the execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2018/dsa-4101 ∗∗∗ DFN-CERT-2018-0020 ∗∗∗ --------------------------------------------- Auf diesem Wege noch einmal der Hinweis, dass wir unsere Security Advisories zu #Spectre und #Meltdown (DFN-CERT-2018-0020) sowie Spectre 2 (DFN-CERT-2018-0019) beinahe täglich aktualisieren. Bleiben Sie via @DFNCERT_ADV auf dem neuesten Stand. --------------------------------------------- https://twitter.com/DFNCERT/status/956906148388536321 ∗∗∗ DFN-CERT-2018-0196: VMware AirWatch Console (AWC): Eine Schwachstelle ermöglicht einen Cross-Site-Request-Forgery-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0196/ ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in the Bluetooth Module of Some Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180129-… ∗∗∗ IBM Security Bulletin: IBM has released AIX and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.a… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012707 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.01.2018
by Daily end-of-shift report 26 Jan '18

26 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 25-01-2018 18:00 − Freitag 26-01-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Virenscanner: ClamAV hat zahlreiche Schwachstellen ∗∗∗ --------------------------------------------- Nutzer von ClamAV sollten so schnell wie möglich auf die aktuelle Version der Software wechseln. Denn Sicherheitslücken ermöglichen Angreifern, zum Beispiel mit einem zugeschickten PDF Code auf dem Rechner der Nutzer auszuführen. --------------------------------------------- https://www.golem.de/news/virenscanner-clamav-hat-zahlreiche-schwachstellen… ∗∗∗ Niederländische Geheimdienste hackten russische Hacker ∗∗∗ --------------------------------------------- Russisches Eindringen in digitale Systeme der US-Regierung festgestellt – Hackergruppe "Cozy Beer" jahrelang observiert --------------------------------------------- http://derstandard.at/2000073070848 ∗∗∗ London wirft Moskau Ausspähen strategischer Infrastruktur vor ∗∗∗ --------------------------------------------- Verteidigungsminister Williamson: Totales Chaos mit abertausenden Toten möglich --------------------------------------------- http://derstandard.at/2000073086515 ===================== = Vulnerabilities = ===================== ∗∗∗ Nari PCS-9611 ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-025-01 ∗∗∗ Siemens Desigo PXC ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-025-02 ∗∗∗ Philips IntelliSpace Cardiovascular System Vulnerability ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-025-01 ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by an XML External Entity Injection (XXE) vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012595 ∗∗∗ Linux RPM vulnerability CVE-2017-7501 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K03710547 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.01.2018
by Daily end-of-shift report 25 Jan '18

25 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 24-01-2018 18:00 − Donnerstag 25-01-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack ∗∗∗ --------------------------------------------- The worlds largest container shipping company â€”A.P. MÃ¸ller-Maerskâ€” said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/maersk-reinstalled-45-000-pc… ∗∗∗ BSI-Richtlinie: Der streng geheime Streit über die Routersicherheit ∗∗∗ --------------------------------------------- Das BSI will in den kommenden Monaten eine Technische Richtlinie für Heimrouter herausgeben. Vor allem die Kabelnetzbetreiber halten nichts davon, für möglichst viel Sicherheit bei den Geräten zu sorgen. Der CCC spricht von "Lobbying-Sabotage". --------------------------------------------- https://www.golem.de/news/bsi-richtlinie-der-streng-geheime-streit-ueber-di… ∗∗∗ Windows 10: Microsoft will aufzeigen, was an Gerätedaten gesammelt wird ∗∗∗ --------------------------------------------- Sprachdaten, Positionsdaten und Browserverlauf: Nutzer sollen künftig einen besseren Überblick über gesammelte Daten in Windows 10 bekommen. Dazu stellt Microsoft ein Dashboard für Microsoft-Accounts und einen Diagnostic Viewer für Geräteinformation zur Verfügung. (Microsoft, Datenschutz) --------------------------------------------- https://www.golem.de/news/windows-10-microsoft-will-aufzeigen-was-an-geraet… ∗∗∗ Cloudflare[.]solutions Keylogger Returns on New Domains ∗∗∗ --------------------------------------------- A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the WordPress keylogger from Cloudflare[.]solutions. This malware was originally identified by one of our analysts in April 2017 and has since evolved and spread to new domains. Keylogger Spreads to New Domains A few days after our keylogger post was released on Dec 8th, 2017, the Cloudflare[.]solutions domain was taken [...] --------------------------------------------- https://blog.sucuri.net/2018/01/cloudflare-solutions-keylogger-returns-on-n… ∗∗∗ libcurl has had auth leak bug since the first commit we recorded ∗∗∗ --------------------------------------------- Fixed in 7.58.0 If you use libcurl, the command line tool and library for transferring data with URLs, get ready to patch. The tool has a pair of problems, one of which is an authentication leak.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/01/25/curl_carrie… ∗∗∗ Healthcare CERTs highlight the need for security guidance for specific sectors ∗∗∗ --------------------------------------------- A new computer emergency response team has been launched in the Netherlands to provide guidance specifically tailored to the healthcare sector. Martijn Grooten welcomes the development. Read more --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/01/healthcare-certs-show-need-s… ∗∗∗ Announcing turndown of the deprecated Google Safe Browsing APIs ∗∗∗ --------------------------------------------- Posted by Alex Wozniak, Software Engineer, Safe Browsing TeamIn May 2016, we introduced the latest version of the Google Safe Browsing API (v4). Since this launch, thousands of developers around the world have adopted the API to protect over 3 billion devices from unsafe web resources.Coupled with that announcement was the deprecation of legacy Safe Browsing APIs, v2 and v3. Today we are announcing an official turn-down date of October 1st, 2018, for these APIs. All v2 and v3 clients must [...] --------------------------------------------- https://security.googleblog.com/2018/01/announcing-turndown-of-deprecated.h… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4096 firefox-esr - security update ∗∗∗ --------------------------------------------- Several security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, use-after-frees, integeroverflows and other implementation errors may lead to the execution ofarbitrary code, denial of service or URL spoofing. --------------------------------------------- https://www.debian.org/security/2018/dsa-4096 ∗∗∗ Vulnerability Spotlight: Multiple Unpatched Vulnerabilities in Blender Identified ∗∗∗ --------------------------------------------- Update 1/25/18: Blender has released version 2.79a to address these issues Technology has evolved in incredible ways that has helped people to create and visualize media like never before. Today, people can use tools such as Blender to visualize, model, and animate 3D content, especially since its free and open-source software. However, this also make it an attractive target for adversaries to audit and find vulnerabilities. Given the user base of Blender, exploiting these vulnerabilities to [...] --------------------------------------------- http://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html ∗∗∗ DFN-CERT-2018-0177: Google Chrome, Chromium: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0177/ ∗∗∗ IBM Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026853 ∗∗∗ IBM Security Bulletin: Vulnerabilities in postgresql affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026733 ∗∗∗ IBM Security Bulletin: Vulnerabilities in PHP affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026732 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Portable Runtime affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026735 ∗∗∗ IBM Security Bulletin: A vulnerability in procmail affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026736 ∗∗∗ IBM Security Bulletin: A vulnerability in curl affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026734 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012767 ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026731 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007398 ∗∗∗ IBM Security Bulletin: Rational DOORS is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012789 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.01.2018
by Daily end-of-shift report 24 Jan '18

24 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 23-01-2018 18:00 − Mittwoch 24-01-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Skype, Signal, Slack, other apps inherit Electron vuln ∗∗∗ --------------------------------------------- If youve built a Windows application on Electron, check to see if its subject to a just-announced remote code execution vulnerability. ... Slack users should update to version 3.0.3 or better, and the latest version of Skype for Windows is protected --------------------------------------------- https://www.theregister.co.uk/2018/01/24/skype_signal_slack_nherit_electron… ∗∗∗ [papers] Hardcore SAP Penetration Testing ∗∗∗ --------------------------------------------- http://www.exploit-db.com/docs/english/43859-hardcore-sap-penetration-testi… ∗∗∗ 14 flaws found that could take over industrial control systems ∗∗∗ --------------------------------------------- Licence management systems used in industrial control systems are plagued with vulnerabilities - contain 14 flaws could enable hackers to take control of systems and carry out DoS attacks --------------------------------------------- https://www.scmagazineuk.com/news/14-flaws-found-that-could-take-over-indus… ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess/SCADA ∗∗∗ --------------------------------------------- This advisory contains mitigation details for path traversal and SQL injection vulnerabilities in Advantech’s WebAccess/SCADA software platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-023-01 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (smarty3), Fedora (bind, bind-dyndb-ldap, dnsperf, glibc, kernel, libtasn1, libvpx, mariadb, python-bottle, ruby, and sox), Red Hat (rh-eclipse46-jackson-databind), SUSE (kernel), and Ubuntu (kernel, linux, linux-aws, linux-euclid, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-aws, and rsync). --------------------------------------------- https://lwn.net/Articles/745165/rss ∗∗∗ Apple Updates Everything, Again, (Tue, Jan 23rd) ∗∗∗ --------------------------------------------- https://isc.sans.edu/diary/rss/23269 ∗∗∗ Vuln: GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/102765 ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180124-… ∗∗∗ Security Advisory - Two Vulnerabilities in MGCP Protocol of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-… ∗∗∗ Security Advisory - Integer Overflow Vulnerability on Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-… ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180106-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012739 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012712 ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by vulnerability due to information disclosure in MyFaces for WebSphere Application Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012737 ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by vulnerability due to information disclosure in Apache MyFaces ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012735 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012623 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Insight. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012627 ∗∗∗ SSA-824231 (Last Update 2018-01-24): Unauthenticated Firmware Upload Vulnerability in Desigo PXC ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.01.2018
by Daily end-of-shift report 23 Jan '18

23 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Montag 22-01-2018 18:00 − Dienstag 23-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Newsletter-Dienst: Mailchimp verrät E-Mail-Adressen von Newsletter-Abonnenten ∗∗∗ --------------------------------------------- Spezifische Referrer für jeden Newsletter-Nutzer haben dazu geführt, dass Webseitenbetreiber die E-Mail-Adressen von Mailchimp-Nutzern herausfinden konnten. Das Problem wurde nach Meldung an den Anbieter mittlerweile behoben. --------------------------------------------- https://www.golem.de/news/newsletter-dienst-mailchimp-verraet-e-mail-adress… ∗∗∗ Just Keep Swimming: How to Avoid Phishing on Social Media ∗∗∗ --------------------------------------------- >From Facebook to LinkedIn, social media is flat-out rife with phishing attacks. You’ve probably encountered one before… Do fake Oakley sunglasses sales ring a bell? Phishing attacks attempt to steal .. --------------------------------------------- https://www.webroot.com/blog/2018/01/22/how-to-avoid-phishing-social-media/ ∗∗∗ "MaMi": MacOS-Malware hört User ab und manipuliert Datenverkehr ∗∗∗ --------------------------------------------- Schädling leitet Traffic über von Unbekannten kontrollierte DNS-Server um --------------------------------------------- http://derstandard.at/2000072382780 ∗∗∗ Millionen PCs verwundbar: Forscher deckt Lücke in allen Blizzard-Games auf ∗∗∗ --------------------------------------------- Konzern arbeitet bereits an Lösung – Problem bei Client --------------------------------------------- http://derstandard.at/2000072835431 ∗∗∗ Achtung: Whatsapp Abo-Betrug kursiert derzeit per Mail ∗∗∗ --------------------------------------------- "Konto ist abgelaufen" – ehemaliges Abomodell von Whatsapp wird instrumentalisiert um Kreditkartendaten zu ergattern --------------------------------------------- http://derstandard.at/2000072831670 ∗∗∗ SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks ∗∗∗ --------------------------------------------- This post was written by Vitor VenturaIntroductionTalos has been working in conjunction with Cisco IR Services on what we believe to be a new variant of the SamSam ransomware. This ransomware has been observed across multiple industries including Government, Healthcare and ICS. These attacks do not appear to be highly targeted, and appear to be more opportunistic in nature.Given SamSams victimology, its impacts are not just felt within the business world, they are also impacting people, --------------------------------------------- http://blog.talosintelligence.com/2018/01/samsam-evolution-continues-nettin… ===================== = Vulnerabilities = ===================== ∗∗∗ HTTP Host header attacks against web proxy disclaimer response webpage ∗∗∗ --------------------------------------------- The FortiOS web proxy disclaimer page is potentially vulnerable to an XSS attack, via maliciously crafted "Host" headers in user HTTP requests. The latter is possible if an attacker is in a Man-in-the-middle position (i.e. able to modify the HTTP requests of the potential victim before they reach the web proxy), or poisons a web cache used by the potential victim.In the latter attack scenario, the tainted disclaimer web page being cached, the XSS attack can be considered as persistent. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-262 ∗∗∗ VMSA-2018-0002.3 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0002.html ∗∗∗ JSA10836 - 2018-01 Security Bulletin: SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured. (CVE-2018-0009) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10836 ∗∗∗ XXE & Reflected XSS in Oracle Financial Services Analytical Applications ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/xxe-reflected-xss-in-oracle-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.01.2018
by Daily end-of-shift report 22 Jan '18

22 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 19-01-2018 18:00 − Montag 22-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hacker One: Nur 20 Prozent der Bounty-Jäger hacken in Vollzeit ∗∗∗ --------------------------------------------- Das US-Unternehmen Hacker One hat aktuelle Zahlen vorgestellt: Die meisten Bounties werden nach wie vor von US-Unternehmen gezahlt. Die Daten zeigen außerdem, dass das Finden von Schwachstellen für die meisten ein Nebenberuf oder Hobby ist. --------------------------------------------- https://www.golem.de/news/hacker-one-nur-20-prozent-der-bounty-jaeger-hacke… ∗∗∗ Powerful Skygofree Spyware Was Already Reported and Analyzed In 2017 ∗∗∗ --------------------------------------------- The Skygofree spyware analyzed by Kaspersky today was first spotted by the researcher Lukas Stefanko and the first analysis was published last year by the experts of CSE Cybsec ZLab. The Skygofree .. --------------------------------------------- http://resources.infosecinstitute.com/powerful-skygofree-spyware-already-re… ∗∗∗ Apple Preps ChaiOS iMessage Bug Fix, Report ∗∗∗ --------------------------------------------- A so-called ‘text bomb’ flaw in Apple’s iPhone and Mac computers that causes devices to crash or restart will be patched next week, according to multiple sources. --------------------------------------------- http://threatpost.com/apple-preps-chaios-imessage-bug-fix-report/129544/ ∗∗∗ Followup to IPv6 brute force and IPv6 blocking ∗∗∗ --------------------------------------------- My diary earlier this week led to some good discussion in the comments and on twitter. I want to, first off, apologize for not responding as much or as quickly as I would have liked, I&#;x26;#;39;ve actually been ill most of this week since posting the previous diary (and signing up for this slot as handler on duty). Having said that, .. --------------------------------------------- https://isc.sans.edu/diary/23253 ∗∗∗ Struts and DotNetNuke Server Exploits Used For Cryptocurrency Mining ∗∗∗ --------------------------------------------- Threat actors have turned to cryptocurrency mining as a reliable way to make a profit in recent months. Cryptocurrency miners use the computing power of end users to mine coins of various kinds, most commonly via malware or compromised websites. By compromising servers in order to run cryptocurrency miners, the threat actors would gain .. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/struts-dotnetnu… ∗∗∗ Dark Caracal: Good News and Bad News ∗∗∗ --------------------------------------------- Yesterday, EFF and Lookout announced a new report, Dark Caracal, that uncovers a new, global malware espionage campaign. One aspect of that campaign was the use of malicious, fake apps to impersonate legitimate popular apps like Signal and WhatsApp. Some readers had questions about what this means for them. This blog post is here to answer .. --------------------------------------------- https://www.eff.org/deeplinks/2018/01/dark-caracal-good-news-and-bad-news ∗∗∗ DarkComet upload vulnerability ∗∗∗ --------------------------------------------- This post will introduce a file upload vulnerability in DarkComet’s C&C server. While a flaw that allows an attacker to download files has already been known for many years there is no mention of this very similar vulnerability. A quick disclaimer before we go into the actual matter: Hacking a C&C server might seem morally justified but it is still illegal. Don’t do it. --------------------------------------------- https://pseudolaboratories.github.io/DarkComet-upload-vulnerability/ ∗∗∗ Zweiter Faktor: Nur wenige User sichern ihren Google-Account zusätzlich ab ∗∗∗ --------------------------------------------- Laut Google wird Zwei-Faktor-Authentifizierung gerade einmal von zehn Prozent alle Nutzer eingesetzt --------------------------------------------- http://derstandard.at/2000072757014 ∗∗∗ 2018 ICS Security Predictions ∗∗∗ --------------------------------------------- We just closed another year in the ICS security industry, one filled with advanced (and exciting) product developments. We also saw an increased market awareness, with growing a emphasis on protecting industrial infrastructure. --------------------------------------------- https://www.bayshorenetworks.com/blog/ics-security-2018-predictions ∗∗∗ Cryptocurrency Hacks and Heists in 2017 ∗∗∗ --------------------------------------------- The cryptocurrency rush took the world by storm last year. This dynamic environment lured new players, including hungry investors, miners, enthusiasts, looking to their hand at innovative startups not to mention threat actors. We witnessed blockchain splits, a boom of Initial Coin Offerings (ICOs), regulatory attempts by governments, the .. --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/cyber-s… ===================== = Vulnerabilities = ===================== ∗∗∗ Google Forms <= 0.91 - Unauthenticated Server-Side Request Forgery (SSRF) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9013 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.01.2018
by Daily end-of-shift report 19 Jan '18

19 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 18-01-2018 18:00 − Freitag 19-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Magento: Kreditkartendaten von bis zu 40.000 Oneplus-Käufern kopiert ∗∗∗ --------------------------------------------- Oneplus hat seine Untersuchung zu kopierten Kreditkarten abgeschlossen. Angreifer konnten wohl eine Schwachstelle für Cross-Site-Scripting ausnutzen. --------------------------------------------- https://www.golem.de/news/magento-kreditkartendaten-von-bis-zu-40-000-onepl… ∗∗∗ NCSC Releases Security Advisory ∗∗∗ --------------------------------------------- Original release date: January 18, 2018 The United Kingdoms National Cyber Security Centre (NCSC) has released a report updating its guidance on Turla Neuron malware, which provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats. NCCIC/US-CERT encourages users and administrators to review the NCSC advisory to access the report and for more information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/01/18/NCSC-Releases-Secu… ∗∗∗ 2018: Vierfach-Jubiläum für Österreichs Internet ∗∗∗ --------------------------------------------- Nicht nur die Republik begeht im heurigen Jahr mehrere Jahrestage, auch Österreichs Internet hat 2018 mehrfachen Grund zu feiern: Vor genau dreißig Jahren wurde die Internet-Endung .at ins weltweite Domain Name System eingetragen, 1998 wurden die Vergabestelle nic.at und die Online-Meldestelle Stopline ins Leben gerufen. Das CERT.at, Österreichs nationales Computer Emergency Response Team, feiert 2018 seinen zehnten Geburtstag. --------------------------------------------- https://www.nic.at/de/news/pressemeldungen/2018-vierfach-jubilaum-fur-oster… ∗∗∗ Militärs, Journalisten, Aktivisten: Libanesische Hacker vergaßen Daten auf offenem Server ∗∗∗ --------------------------------------------- Libanesischer Geheimdienst GDGS als Urheber des Leaks vermutet – Betroffene aus über 20 Ländern --------------------------------------------- http://derstandard.at/2000072593892 ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- Original release date: January 17, 2018 | Last revised: January 18, 2018 Cisco has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: [...] --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/01/17/Cisco-Releases-Sec… ∗∗∗ Filr 3.0 - Security Update 3 ∗∗∗ --------------------------------------------- Abstract: Security Update for Spectre and Meltdown vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).Document ID: 5360950Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:readme_filr_3su3.txt (2.68 kB)Products:Filr 3 Standard EditionFilr 3 Advanced EditionSuperceded Patches: None --------------------------------------------- https://download.novell.com/Download?buildid=4_X7yeGlMKg~ ∗∗∗ Filr 2.0 - Security Update 4 ∗∗∗ --------------------------------------------- Abstract: Security Update for Spectre and Meltdown vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).Document ID: 5360930Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:Search-2.0.0.423.HP.zip (157.55 MB)MySQL-2.0.0.205.HP.zip (157.55 MB)Filr-2.0.0.494.HP.zip (157.55 MB)Products:Filr 2Superceded Patches: None --------------------------------------------- https://download.novell.com/Download?buildid=h0wMCm1OqIU~ ∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗ --------------------------------------------- Due to concerns about the robustness of some of the Intel microcode updates included in the earlier hotfixes for these issues (XS71ECU1009, XS72E013 and XS73E001), Citrix has superseded these hotfixes with new hotfixes listed below. Customers are strongly recommended to apply these new hotfixes. --------------------------------------------- https://support.citrix.com/article/CTX231390 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bind, irssi, nrpe, perl-xml-libxml, and transmission-cli), CentOS (java-1.8.0-openjdk), Debian (awstats, libgd2, mysql-5.5, rsync, smarty3, and transmission), Fedora (keycloak-httpd-client-install and rootsh), and Red Hat (java-1.7.0-oracle and java-1.8.0-oracle). --------------------------------------------- https://lwn.net/Articles/744791/rss ∗∗∗ CPU Side-Channel Information Disclosure Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2018-0136: Symantec Advanced Secure Gateway, ProxySG: Mehrere Schwachstellen ermöglichen u.a. Cross-Site-Scripting-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0136/ ∗∗∗ CPU hardware vulnerable to Meltdown and Spectre attacks ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-18-002 ∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012718 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server for IBM Cloud October 2017 CPU ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011913 ∗∗∗ IBM Security Bulletin: September 2016 OpenSSL Vulnerabilities affect Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010852 ∗∗∗ BIG-IP AFM vulnerability CVE-2017-6142 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20682450 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.01.2018
by Daily end-of-shift report 18 Jan '18

18 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 17-01-2018 18:00 − Donnerstag 18-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ How I exploited ACME TLS-SNI-01 issuing Lets Encrypt SSL-certs for any domain using shared hosting ∗∗∗ --------------------------------------------- TL;DR: I was able to issue SSL certificates I was not supposed to be able to. AWS CloudFront and Heroku were among the affected. The issue was in the specification of ACME TLS-SNI-01 in combination with shared hosting providers. To be clear, Let’s Encrypt only followed the specification, they did nothing wrong here. Quite the opposite I would say. --------------------------------------------- https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issui… ∗∗∗ Some Basic Rules for Securing Your IoT Stuff ∗∗∗ --------------------------------------------- Most readers here have likely heard or read various prognostications about the impending doom from the proliferation of poorly-secured "Internet of Things" or IoT devices. Loosely defined as any gadget or gizmo that connects to the Internet but which most consumers probably wouldnt begin to know how to secure, IoT encompasses everything from security cameras, routers and digital video recorders to printers, wearable devices and "smart" lightbulbs. Throughout 2016 and 2017, [...] --------------------------------------------- https://krebsonsecurity.com/2018/01/some-basic-rules-for-securing-your-iot-… ===================== = Vulnerabilities = ===================== ∗∗∗ Meltdown and Spectre Vulnerabilities (Update B) ∗∗∗ --------------------------------------------- This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01A Meltdown and Spectre Vulnerabilities that was published January 16, 2018, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01B ∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗ --------------------------------------------- Due to concerns about the robustness of some of the Intel microcode updates included in the hotfixes below, Citrix recommends that customers ... --------------------------------------------- https://support.citrix.com/article/CTX231390 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (linux-firmware and microcode_ctl), Fedora (icecat and transmission), Oracle (java-1.8.0-openjdk and microcode_ctl), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk), Slackware (bind), SUSE (kernel), and Ubuntu (eglibc). --------------------------------------------- https://lwn.net/Articles/744713/rss ∗∗∗ Bugtraq: [security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541694 ∗∗∗ DFN-CERT-2018-0111: GitLab: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0111/ ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop (CVE-2017-3736) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012552 ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012696 ∗∗∗ SSA-284673 (Last Update 2018-01-18): Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673… ∗∗∗ SSA-275839 (Last Update 2018-01-18): Denial-of-Service Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839… ∗∗∗ SSA-346262 (Last Update 2018-01-18): Denial-of-Service in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262… ∗∗∗ SSA-701708 (Last Update 2018-01-18): Local Privilege Escalation in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708… ∗∗∗ SSA-127490 (Last Update 2018-01-18): Vulnerabilities in SIMATIC WinCC Add-Ons ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-127490… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.01.2018
by Daily end-of-shift report 17 Jan '18

17 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 16-01-2018 18:00 − Mittwoch 17-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Linux-Kernel 4.15 schützt vor Meltdown und Spectre ∗∗∗ --------------------------------------------- Das noch diesen Monat erwartete Linux 4.15 versucht, die Prozessor-Sicherheitslücken Meltdown und Spectre im Zaum zu halten. Ohne Performance-Verlust geht das aber auch bei Linux nicht – und vollständig sind die Gegenmaßnahmen auch noch nicht. --------------------------------------------- https://heise.de/-3900646 ===================== = Vulnerabilities = ===================== ∗∗∗ Meltdown and Spectre Vulnerabilities (Update A) ∗∗∗ --------------------------------------------- This updated alert is a follow-up to the original alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities that was published January 11, 2018, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01A ∗∗∗ Cisco Web Security Appliance Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data.The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco StarOS CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the administrative shell of the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Oracle Critical Patch Update Advisory - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ∗∗∗ Critical Patch Update - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ∗∗∗ Solaris Third Party Bulletin - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/bulletinjan2018-4181198.h… ∗∗∗ Oracle Linux Bulletin - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2018-4214… ∗∗∗ Oracle VM Server for x86 Bulletin - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/ovmbulletinjan2018-421464… ∗∗∗ WordPress 4.9.2 Security and Maintenance Release ∗∗∗ --------------------------------------------- https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.01.2018
by Daily end-of-shift report 16 Jan '18

16 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Montag 15-01-2018 18:00 − Dienstag 16-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Skygofree: Kaspersky findet mutmaßlichen Staatstrojaner ∗∗∗ --------------------------------------------- Ein Unternehmen aus Italien soll hinter einer Android-Malware stecken, die seit Jahren verteilt wird. Interessant ist dabei die Vielzahl an Kontrollmöglichkeiten der Angreifer - von HTTP über XMPP und die Firebase-Dienste. --------------------------------------------- https://www.golem.de/news/skygofree-kaspersky-findet-mutmasslichen-staatstr… ∗∗∗ WhatsApp und Signal: Forscher beschreiben Schwächen verschlüsselter Gruppenchats ∗∗∗ --------------------------------------------- Zwar ist die Ende-zu-Ende-Verschlüsselung bei WhatsApp und Signal sicher, das Drumherum lässt aber eventuell zu wünschen übrig. So wird ein von Spionen gekaperter Kontrollserver mitunter zur Schwachstelle. --------------------------------------------- https://heise.de/-3942046 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ca-certificates, gdk-pixbuf, and graphicsmagick), Fedora (qtpass), openSUSE (python-openpyxl and syncthing), Slackware (kernel), and Ubuntu (gdk-pixbuf). --------------------------------------------- https://lwn.net/Articles/744503/rss ∗∗∗ BlackBerry powered by Android Security Bulletin – January 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Vuln: Atlassian JIRA CVE-2017-16862 Cross Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/102506 ∗∗∗ Vuln: Atlassian JIRA CVE-2017-16864 Cross Site Scripting Vulnerabiliy ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/102505 ∗∗∗ IBM Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012528 ∗∗∗ IBM Security Bulletin: Rational Developer for System z – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011808 ∗∗∗ IBM Security Bulletin: IBM Developer for z Systems – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011816 ∗∗∗ IBM Security Bulletin: IBM i2 COPLINK BeanShell Vulnerability (CVE-2016-2510) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21982952 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012619 ∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010868 ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012476 ∗∗∗ IBM Security Bulletin: Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. (CVE-2017-1000257) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011203 ∗∗∗ IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011720 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099753 ∗∗∗ [R1] SecurityCenter 5.6.1 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2017-16 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.01.2018
by Daily end-of-shift report 15 Jan '18

15 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 12-01-2018 18:00 − Montag 15-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ List of Links: BIOS Updates for the Meltdown and Spectre Patches ∗∗∗ --------------------------------------------- As Intel, AMD, and other CPU manufacturers have started releasing CPU microcode (firmware) updates for processor models affected by the Meltdown and Spectre patches, those updates are trickling down to OEMs and motherboard vendors, who are now integrating these patches into BIOS/UEFI updates for affected PCs. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-f… ∗∗∗ Lenovo findet Backdoor in eigenen Netzwerk-Switches ∗∗∗ --------------------------------------------- Die kompromitierten Switch-Modelle, die nun zu Lenovos Portfolio gehören, hatte ursprünglich der längst aufgelöste Netzwerk-Zulieferer Nortel entwickelt. --------------------------------------------- https://heise.de/-3940562 ∗∗∗ Intel AMT: Exploit hebelt Zugangsschutz von Firmen-Notebooks aus ∗∗∗ --------------------------------------------- F-Secure berichtet über eine potenzielle Sicherheitslücke in Intel AMT, die es Angreifern ermöglicht, sämtliche gängigen Zugangsschutzmaßnahmen vieler Firmen-Notebooks auszuhebeln. --------------------------------------------- https://heise.de/-3940637 ∗∗∗ Personal Cloud: Seagate sichert NAS gegen Fernzugriff ab ∗∗∗ --------------------------------------------- In Netzwerkspeichern des Herstellers Seagate stecken Bugs, die mit einigem Aufwand für den Remote-Zugriff missbraucht werden können. Ein Firmware-Update behebt das Problem. --------------------------------------------- https://heise.de/-3941451 ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates für VMware Workstation, Player, Fusion und ESXi ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/01/warn… ∗∗∗ DSA-4086 libxml2 - security update ∗∗∗ --------------------------------------------- Nick Wellnhofer discovered that certain function calls inside XPathpredicates can lead to use-after-free and double-free errors whenexecuted by libxml2s XPath engine via an XSLT transformation. --------------------------------------------- https://www.debian.org/security/2018/dsa-4086 ∗∗∗ DSA-4087 transmission - security update ∗∗∗ --------------------------------------------- Tavis Ormandy discovered a vulnerability in the Transmission BitTorrentclient; insecure RPC handling between the Transmission daemon and theclient interface(s) may result in the execution of arbitrary code if auser visits a malicious website while Transmission is running. --------------------------------------------- https://www.debian.org/security/2018/dsa-4087 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (qtpass), Debian (libkohana2-php, libxml2, transmission, and xmltooling), Fedora (kernel and qpid-cpp), Gentoo (PolarSSL and xen), Mageia (flash-player-plugin, irssi, kernel, kernel-linus, kernel-tmb, libvorbis, microcode, nvidia-current, php & libgd, poppler, webkit2, and wireshark), openSUSE (gifsicle, glibc, GraphicsMagick, gwenhywfar, ImageMagick, libetpan, mariadb, pngcrush, postgresql94, rsync, tiff, and wireshark), and Oracle (kernel). --------------------------------------------- https://lwn.net/Articles/744398/rss ∗∗∗ DFN-CERT-2018-0084: XMLTooling, Shibboleth Service Provider (SP): Eine Schwachstelle ermöglicht u.a. die Übernahme einer Identität ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0084/ ∗∗∗ Security Advisory - Two DOS Vulnerabilities of XML Parser in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ IBM Security Bulletin: This Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 (known as Spectre and Meltdown) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026811 ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2017-3736) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012518 ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012519 ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2015-8982 CVE-2015-8983 CVE-2015-8984 CVE-2015-8985) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012428 ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerability (CVE-2017-1000366) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012517 ∗∗∗ IBM Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022433 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022429 ∗∗∗ IBM Security Bulletin: Vulnerabilities in WebSphere eXtreme Scale Version 8.6.0.8 Libraries Affect IBM B2B Advanced Communications (CVE-2015-4936) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012332 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache HTTP Components Libraries Affect IBM B2B Advanced Communications ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012312 ∗∗∗ Palo Alto PAN-OS RSA TLS Implementation Lets Remote Users Decrypt Data Communicated By the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040149 ∗∗∗ Palo Alto PAN-OS Input Validation Flaw in Captive Portal Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040148 ∗∗∗ Palo Alto PAN-OS Input Validation Flaw in GlobalProtect Interface Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040147 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.01.2018
by Daily end-of-shift report 12 Jan '18

12 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 11-01-2018 18:00 − Freitag 12-01-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ AMD Will Release CPU Microcode Updates for Spectre Flaw This Week ∗∗∗ --------------------------------------------- AMD officially admitted today that its processors are not vulnerable to the Meltdown bug, but are affected by both variants of the Spectre flaw. --------------------------------------------- https://www.bleepingcomputer.com/news/hardware/amd-will-release-cpu-microco… ∗∗∗ PowerStager Analysis ∗∗∗ --------------------------------------------- Unit 42 analyzes PowerStager and the unique obfuscation technique it was employing for its PowerShell segments --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-anal… ∗∗∗ Perfect SAP Penetration testing. Part 3: The Scope of Vulnerability Search ∗∗∗ --------------------------------------------- In this part we will demonstrate that sometimes traditional approach does not work. If SAP pentesters know a number of SAP vulnerabilities and downloaded free tools from the Internet, they won’t be able to hack a system because some companies have applied the latest patches and they don’t have at least the most common issues (e.g. Gateway bypass, Verb Tampering, or default passwords). [...] This article will show what we did to break the walls. --------------------------------------------- https://erpscan.com/press-center/blog/perfect-sap-penetration-testing-part-… ∗∗∗ Vorsicht vor Fake-Mails vom BSI mit angeblichen Meltdown-/Spectre-Patches ∗∗∗ --------------------------------------------- Betrügerische Mails im Namen des Bundesamt für Sicherheit in der Informationstechnik wollen Opfern einen als Meltdown-/Spectre-Patch getarnten Trojaner unterjubeln. --------------------------------------------- https://www.heise.de/security/meldung/Vorsicht-vor-Fake-Mails-vom-BSI-mit-a… ===================== = Vulnerabilities = ===================== ∗∗∗ Meltdown and Spectre Vulnerabilities ∗∗∗ --------------------------------------------- NCCIC/ICS-CERT is referencing CERT/CC’s vulnerability note VU#584653 CPU hardware vulnerable to side-channel attacks to enhance the awareness of critical infrastructure asset owners/operators and to identify affected product vendors that have contacted ICS-CERT for help disseminating customer notifications/recommendations to mitigate the risk associated with cache side-channel attacks known as Meltdown and Spectre. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01 ∗∗∗ Advantech WebAccess (Update A) ∗∗∗ --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-18-004-02 Advantech WebAccess that was published January 4, 2018, on the NCCIC/ICS-CERT web site. This updated advisory contains mitigation details for untrusted pointer dereference, stack-based buffer overflow, path traversal, SQL injection, improper input validation, unrestricted upload of file with dangerous type, and use after free vulnerabilities in Advantech’s WebAccess products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A ∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI Editor ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based and heap-based buffer overflow vulnerabilities in the WECON LeviStudio HMI Editor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-011-01 ∗∗∗ Moxa MXview ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an unquoted search path or element vulnerability in the Moxa MXview network management software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02 ∗∗∗ PHOENIX CONTACT FL SWITCH ∗∗∗ --------------------------------------------- This advisory contains mitigation details for improper authorization and information exposure vulnerabilities in the PHOENIX CONTACT FL SWITCH. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-011-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (intel-ucode), Debian (gifsicle), Fedora (awstats and kernel), Gentoo (icoutils, pysaml2, and tigervnc), Mageia (dokuwiki and poppler), Oracle (kernel), SUSE (glibc, kernel, microcode_ctl, tiff, and ucode-intel), and Ubuntu (intel-microcode). --------------------------------------------- https://lwn.net/Articles/744175/rss ∗∗∗ DFN-CERT-2018-0080: Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0080/ ∗∗∗ Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affects Rational Publishing Engine ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012454 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload Affects IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012458 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cURL vulnerability (CVE-2016-7167) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012358 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in Python (CVE-2014-9365) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012355 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM B2B Advanced Communications ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012406 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008807 ∗∗∗ Critical Patch Update - January 2018 - Pre-Release Announcement ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ∗∗∗ SSB-068644 (Last Update 2018-01-11): General Customer Information for Spectre and Meltdown ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_bulletin_ssb-068644… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.01.2018
by Daily end-of-shift report 11 Jan '18

11 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 10-01-2018 18:00 − Donnerstag 11-01-2018 18:00 Handler: Robert Waldner Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ mitm6 – compromising IPv4 networks via IPv6 ∗∗∗ --------------------------------------------- ... most companies are unaware that while IPv6 might not be actively in use, all Windows versions since Windows Vista (including server variants) have IPv6 enabled and prefer it over IPv4. In this blog, an attack is presented that abuses the default IPv6 configuration in Windows networks to spoof DNS replies by acting as a malicious DNS servers and redirect traffic to an attacker specified endpoint. --------------------------------------------- https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv… ===================== = Vulnerabilities = ===================== ∗∗∗ SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software ∗∗∗ --------------------------------------------- The Simple Network Management Protocol(SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2018-0073/">Juniper Networks ScreenOS: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann die Schwachstelle in ScreenOS, die auch unter dem Namen 'Etherleak' geführt wird, ausnutzen, um Informationen auszuspähen. Der Hersteller veröffentlicht die ScreenOS Version 6.3.0r25 zur Behebung der Schwachstelle. Alle nachfolgenden ScreenOS Versionen sind über diese Schwachstelle ebenfalls nicht mehr verwundbar. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0073/ ∗∗∗ DFN-CERT-2018-0077/">Juniper Junos Space: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme ∗∗∗ --------------------------------------------- Es existieren mehrere Schwachstellen im Junos Space Security Director and Log Collector, in Junos Space sowie den enthaltenen Komponenten Apache Commons Collections, Apache HTTP-Server (httpd), Apache Log4, Apache Tomcat, JBoss Enterprise Application Platform (EAP), dessen Webkonsole, dem JGroups Framework, dem Linux-Kernel, OpenSSH und rpcbind. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0077/ ∗∗∗ DFN-CERT-2018-0071/">Juniper Junos OS: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Für einige der genannten Schwachstellen stehen Workarounds zur Mitigation zur Verfügung. Die Hinweise dazu finden sich in den einzelnen Security Bulletins. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0071/ ∗∗∗ WebKitGTK+ Security Advisory WSA-2018-0001 ∗∗∗ --------------------------------------------- Impact: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker via a side-channel analysis. This variant of the Spectre vulnerability triggers the speculative execution by utilizing branch target injection. Description: Security improvements are included to mitigate the effects. --------------------------------------------- https://www.securityfocus.com/archive/1/541659 ∗∗∗ Spectre-Lücke: Auch Server mit IBM POWER, Fujitsu SPARC und ARMv8 betroffen ∗∗∗ --------------------------------------------- IBM stellt Firmware-Updates für Server mit POWER7+, POWER8 und POWER9 bereit, Fujitsu will einige SPARC-M10- und -M12-Server patchen; zu ARM-SoCs für Server fehlen Infos. --------------------------------------------- https://heise.de/-3938749 ∗∗∗ VMSA-2018-0005 ∗∗∗ --------------------------------------------- VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0005.html ∗∗∗ January 2018 Office Update Release ∗∗∗ --------------------------------------------- The January 2018 Public Update releases for Office are now available! This month, there are 36 security updates and 25 non-security updates. All of the security and non-security updates are listed in KB article 4058103. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/01/09… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (glibc and lib32-glibc), Debian (ming and poco), Fedora (electron-cash, electrum, firefox, heketi, microcode_ctl, and python-jsonrpclib), openSUSE (clamav-database and ucode-intel), Red Hat (flash-plugin), SUSE (OBS toolchain), and Ubuntu (webkit2gtk). --------------------------------------------- https://lwn.net/Articles/744075/rss ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011739 ∗∗∗ IBM Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009368 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.01.2018
by Daily end-of-shift report 10 Jan '18

10 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 09-01-2018 18:00 − Mittwoch 10-01-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Let’s Encrypt: 2018.01.09 Issue with TLS-SNI-01 and Shared Hosting Infrastructure ∗∗∗ --------------------------------------------- At approximately 5 p.m. Pacific time on January 9, 2018, we received a report from Frans Rosén of Detectify outlining a method of exploiting some shared hosting infrastructures to obtain certificates for domains he did not control, by making use of the ACME TLS-SNI-01 challenge type. We quickly confirmed the issue and mitigated it by entirely disabling TLS-SNI-01 validation in Let’s Encrypt --------------------------------------------- https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-sh… ===================== = Vulnerabilities = ===================== ∗∗∗ January 2018 security update release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this months security updates can be found in the Security Update Guide. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/01/09/january-2018-security-u… ∗∗∗ Bugtraq: [security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. ∗∗∗ --------------------------------------------- On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. --------------------------------------------- http://www.securityfocus.com/archive/1/541654 ∗∗∗ DFN-CERT-2018-0065/">Irssi: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Irssi ermöglichen auch einem entfernten, einfach authentisierten Angreifer verschiedene Denial-of-Service (DoS)-Angriffe. Das Irssi-Projekt stellt die Version 1.0.6 von Irssi im Quellcode zur Verfügung, um die Schwachstellen zu schließen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0065/ ∗∗∗ Blue Coat ProxySG Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Open Redirect Attacks and Obtain Authentication Information ∗∗∗ --------------------------------------------- Several vulnerabilities were reported in Blue Coat ProxySG. A remote user can redirect the target user's browser to an arbitrary site. A remote user can obtain authentication information on the target system. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1040138 ∗∗∗ VMSA-2018-0004 ∗∗∗ --------------------------------------------- VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0004.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (awstats, gdk-pixbuf, plexus-utils, and plexus-utils2), Fedora (asterisk, gimp, heimdal, libexif, linux-firmware, mupdf, poppler, thunderbird, webkitgtk4, wireshark, and xrdp), openSUSE (diffoscope, irssi, and qemu), SUSE (java-1_7_0-ibm, kernel-firmware, and qemu), and Ubuntu (irssi, kernel, linux, linux-aws, linux-euclid, linux-kvm, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-lts-xenial, linux-aws, --------------------------------------------- https://lwn.net/Articles/743903/rss ∗∗∗ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1361) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22012409 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012420 ∗∗∗ IBM Security Bulletin: Fix available for Stored Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1739) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012366 ∗∗∗ IBM Security Bulletin: Fix available for Reflected Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1740) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012372 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Cúram Social Program Management (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012374 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability (CVE-2017-1478) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012323 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.01.2018
by Daily end-of-shift report 09 Jan '18

09 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Montag 08-01-2018 18:00 − Dienstag 09-01-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ VirusTotal Graph ∗∗∗ --------------------------------------------- [...] It is a visualization tool built on top of VirusTotals data set. It understands the relationship between files, URLs, domains and IP addresses and it provides an easy interface to pivot and navigate over them. --------------------------------------------- http://blog.virustotal.com/2018/01/virustotal-graph.html ∗∗∗ Bitcoin- und Litecoin-Klau bei Electrum, Electron Cash und Electrum-LTC möglich ∗∗∗ --------------------------------------------- Eine von außen ausnutzbare Sicherheitslücke gefährdet Nutzer der Wallet-Programme Electrum (Bitcoin), Electron Cash (Bitcoin Cash) und Electrum-LTC (Litecoin). Angreifer könnten den Anwender deanonymisieren und im Extremfall das Guthaben stehlen. --------------------------------------------- https://heise.de/-3936813 ∗∗∗ Amazon-Händler/innen erhalten Phishingmails ∗∗∗ --------------------------------------------- Kriminelle versenden gefälschte Amazon Seller Center-Nachrichten. Darin fordern sie Händler/innen dazu auf, eine Website aufzurufen und ihre persönlichen Daten zu aktualisieren. Verkäufer/innen, die das tun, übermitteln ihr Passwort an Betrüger/innen. Dadurch können diese auf das fremde Shop-Konto zugreifen und es für Verbrechen nutzen. --------------------------------------------- https://www.watchlist-internet.at/phishing/amazon-haendlerinnen-erhalten-ph… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Flash Player (APSB18-01) ∗∗∗ --------------------------------------------- A Security Bulletin (APSB18-01) has been published regarding security updates for Adobe Flash Player. These updates address an important out-of-bounds read vulnerability that could lead to information disclosure, and Adobe recommends users update their product installations to the latest versions --------------------------------------------- https://blogs.adobe.com/psirt/?p=1517 ∗∗∗ DSA-4081 php5 - security update ∗∗∗ --------------------------------------------- Several vulnerabilities were found in PHP, a widely-used open sourcegeneral purpose scripting language: --------------------------------------------- https://www.debian.org/security/2018/dsa-4081 ∗∗∗ DSA-4080 php7.0 - security update ∗∗∗ --------------------------------------------- Several vulnerabilities were found in PHP, a widely-used open sourcegeneral purpose scripting language: --------------------------------------------- https://www.debian.org/security/2018/dsa-4080 ∗∗∗ First Kotlin-Developed Malicious App Signs Users Up for Premium SMS Services ∗∗∗ --------------------------------------------- We spotted a malicious app (detected by Trend Micro as ANDROIDOS_BKOTKLIND.HRX) that appears to be the first developed using Kotlin—an open-source programming language for modern multiplatform applications. The samples we found on Google Play posed as Swift Cleaner, a utility tool that cleans and optimizes Android devices. The malicious app, which has 1,000-5,000 installs as of writing, is capable of remote command execution, information theft, SMS sending, URL forwarding, and click ad --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/COv5LfcpYs8/ ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Original release date: January 08, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain access to sensitive information.NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:macOS High Sierra 10.13.2OS X El Capitan 10.11.6 and macOS Sierra 10.12.6iPhone 5s and later, iPad Air and later, and iPod touch 6th generation --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/01/08/Apple-Releases-Mul… ∗∗∗ Patch gegen Spectre: Aktualisierte Nvidia-Grafiktreiber für GeForce und Quadro, Tesla-Treiber später ∗∗∗ --------------------------------------------- Nutzer von Nvidia-Grafikkarten sollten die neuen Grafiktreiber schnellstmöglich installieren. Sie enthalten Patches, die die Anfälligkeit für erfolgreiche Spectre-Attacken senken. --------------------------------------------- https://heise.de/-3937247 ∗∗∗ SAP Security Patch Day - January 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that --------------------------------------------- https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (graphicsmagick and linux-lts), CentOS (thunderbird), Debian (kernel, opencv, php5, and php7.0), Fedora (electrum), Gentoo (libXfont), openSUSE (gimp, java-1_7_0-openjdk, and libvorbis), Oracle (thunderbird), Slackware (irssi), SUSE (kernel, kernel-firmware, and kvm), and Ubuntu (awstats, nvidia-graphics-drivers-384, python-pysaml2, and tomcat7, tomcat8). --------------------------------------------- https://lwn.net/Articles/743700/rss ∗∗∗ IBM Security Bulletin: Information disclosure in Liberty for Java for IBM Bluemix (CVE-2017-1681, CVE-2013-6440) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011863 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by GnuTLS vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012330 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011802 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011803 ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011804 ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011805 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.01.2018
by Daily end-of-shift report 08 Jan '18

08 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 05-01-2018 18:00 − Montag 08-01-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Meltdown and Spectre: clearing up the confusion, (Mon, Jan 8th) ∗∗∗ --------------------------------------------- Unless youve been living under a rock (or on a remote island, with no Internet connection), youve heard about the latest vulnerabilities that impact modern processors. Im sure that most of our readers are scrambling in order to assess the risk, patch systems and what not, so we have decided to write a diary that will clear the confusion a bit and point out some important things that people might not be aware of. --------------------------------------------- https://isc.sans.edu/diary/rss/23197 ∗∗∗ Meltdown und Spectre: Die Sicherheitshinweise und Updates von Hardware- und Software-Herstellern ∗∗∗ --------------------------------------------- Hersteller von Hard- und Software sind von den Sicherheitslücken Meltdown und Spectre gleichermaßen betroffen. Eine Linkübersicht zu Stellungnahmen, weiterführenden Informationen und Update-Hinweisen. --------------------------------------------- https://heise.de/-3936141 ===================== = Vulnerabilities = ===================== ∗∗∗ Backdoor Account Removed from Western Digital NAS Hard Drives ∗∗∗ --------------------------------------------- A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/backdoor-account-removed-fro… ∗∗∗ AMD PSP fTPM Remote Code Execution ∗∗∗ --------------------------------------------- Topic: AMD PSP fTPM Remote Code Execution Risk: High Text:Introduction AMD PSP [1] is a dedicated security processor built onto the main CPU die. ARM TrustZone provides an isola... --------------------------------------------- https://cxsecurity.com/issue/WLB-2018010061 ∗∗∗ CPU Side-Channel Information Disclosure Vulnerabilities ∗∗∗ --------------------------------------------- Cisco is investigating its product line to determine which products may be affected by these vulnerabilities. As the investigation progresses, Cisco will update this advisory with information about affected products, including the Cisco bug ID for each affected product. ----- Vulnerable Products Cisco 800 Industrial Integrated Services Routers Cisco UCS B-Series M2 Blade Servers Cisco UCS B-Series M3 Blade Servers Cisco UCS B-Series M4 Blade Servers (except B260, B460) Cisco UCS B-Series M5 Blade Servers Cisco UCS B260 M4 Blade Server Cisco UCS B460 M4 Blade Server Cisco UCS C-Series M2 Rack Servers Cisco UCS C-Series M3 Rack Servers Cisco UCS C-Series M4 Rack Servers Cisco UCS C-Series M5 Rack Servers Cisco UCS C460 M4 Rack Server --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Juniper: Out of Cycle Security Bulletin: Meltdown & Spectre: CPU Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method ∗∗∗ --------------------------------------------- The following products may be impacted if deployed in a way that allows unsigned code execution: Junos OS based platforms Junos Space appliance Qfabric Director CTP Series NSMXpress/NSM3000/NSM4000 appliances STRM/Juniper Secure Analytics (JSA) appliances SRC/C Series The following products are not impacted: ScreenOS / Netscreen platforms JUNOSe / E Series platforms BTI platforms --------------------------------------------- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10842&actp=RSS ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (linux-hardened, linux-lts, linux-zen, and mongodb), Debian (gdk-pixbuf, gifsicle, graphicsmagick, kernel, and poppler), Fedora (dracut, electron-cash, and firefox), Gentoo (backintime, binutils, chromium, emacs, libXcursor, miniupnpc, openssh, optipng, and webkit-gtk), Mageia (kernel, kernel-linus, kernel-tmb, openafs, and python-mistune), openSUSE (clamav-database, ImageMagick, kernel-firmware, nodejs4, and qemu), Red Hat (linux-firmware, --------------------------------------------- https://lwn.net/Articles/743575/rss ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting. (CVE-2017-1623) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012344 ∗∗∗ IBM Security Bulletin: IBM Java as used in IBM QRadar SIEM is vulnerable to sensitive information leakage. (CVE-2017-10115) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012301 ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to incorrect permission assignment. (CVE-2016-9722) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012293 ∗∗∗ IBM Security Bulletin: Vulnerability in NSS affects Power Hardware Management Console (CVE-2017-7805) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022320 ∗∗∗ IBM Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022321 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability (CVE-2017-1459) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012331 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by an open redirect vulnerability (CVE-2017-1534) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008936 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site scripting vulnerability (CVE-2017-1533) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012327 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and WebSphere Message Broker ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011534 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.01.2018
by Daily end-of-shift report 05 Jan '18

05 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 04-01-2018 18:00 − Freitag 05-01-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Google Unveils New Retpoline Coding Technique for Mitigating Spectre Attacks ∗∗∗ --------------------------------------------- Google has published details about a new coding technique created by the companys engineers that any developer can deploy and prevent Spectre attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/google/google-unveils-new-retpoline-c… ∗∗∗ Microsoft could soon be “password free” ∗∗∗ --------------------------------------------- Is it the beginning of the end for passwords? --------------------------------------------- https://nakedsecurity.sophos.com/2018/01/05/microsoft-could-soon-be-passwor… ∗∗∗ How to Check and Update Windows Systems for the Meltdown and Spectre CPU Flaws ∗∗∗ --------------------------------------------- [...] An editorial-form article is probably not the best format to give advice, so were going to present a simple, dumbed-down, step-by-step article on how to get these updates and navigate Microsofts overly complicated announcement. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-win… ∗∗∗ How a researcher hacked his own computer and found worst chip flaw ∗∗∗ --------------------------------------------- FRANKFURT (Reuters) - Daniel Gruss didn’t sleep much the night he hacked his own computer and exposed a flaw in most of the chips made in the past two decades by hardware giant Intel Corp (INTC.O). --------------------------------------------- https://www.reuters.com/article/us-cyber-intel-researcher/how-a-researcher-… ∗∗∗ Meltdown und Spectre: Alle Macs und iOS-Geräte betroffen ∗∗∗ --------------------------------------------- Apple hat sich endlich zu der Chiplücke in ARM- und Intel-Prozessoren geäußert. Demnach sind alle aktuellen Produkte des Konzerns angreifebar – die Apple Watch nicht mit Meltdown. Erste Bugfixes existieren. --------------------------------------------- https://heise.de/-3934477 ∗∗∗ XeroxDay: Zero-Day-Schwachstelle bei Xerox Alto gefunden!!!1elf ∗∗∗ --------------------------------------------- Der Passwortschutz der 14-Zoll-Disketten für Xerox Alto lässt sich im Handumdrehen aushebeln. Ein Fix ist nicht in Sicht. Vom Produktiveinsatz mit sensiblen Daten sollte daher Abstand genommen werden. --------------------------------------------- https://heise.de/-3934443 ∗∗∗ Prozessor-Lücken Meltdown und Spectre: Intel und ARM führen betroffene Prozessoren auf, Nvidia analysiert noch ∗∗∗ --------------------------------------------- Betroffen sind unter anderem sämtliche Intel-Core-Prozessoren bis zurück zum Jahr 2008 sowie eine Vielzahl von ARM-Cortex-CPUs. Nvidia glaubt, dass die CUDA-GPUs nicht anfällig sind und analysiert noch seine Tegra-Prozessoren. --------------------------------------------- https://heise.de/-3934667 ∗∗∗ Trackmageddon: GPS-Tracking-Services ermöglichen unbefugten Zugriff ∗∗∗ --------------------------------------------- Sicherheitsforscher haben Schwachstellen in zahlreichen Online-Tracking-Services entdeckt, die Angreifern unter anderem das Abrufen von GPS-Daten ermöglichen. Eine Liste der verwundbaren Services ist online verfügbar. --------------------------------------------- https://heise.de/-3934328 ∗∗∗ Jetzt patchen: Kritische Lücken in Dell EMC Data Protection Suite ∗∗∗ --------------------------------------------- Einige Dell-EMC-Produkte sind anfällig für Angriffe, die im schlimmsten Fall die vollständige Systemkompromittierung ermöglichen. Patches stehen bereit. --------------------------------------------- https://heise.de/-3935063 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4078 linux - security update ∗∗∗ --------------------------------------------- Multiple researchers have discovered a vulnerability in Intel processors,enabling an attacker controlling an unprivileged process to read memory fromarbitrary addresses, including from the kernel and all other processes runningon the system. --------------------------------------------- https://www.debian.org/security/2018/dsa-4078 ∗∗∗ Delta Electronics Delta Industrial Automation Screen Editor ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow, use-after-free, out-of-bounds write, and type confusion vulnerabilities in the Delta Electronics Delta Industrial Automation Screen Editor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01 ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- This advisory contains mitigation details for untrusted pointer dereference, stack-based buffer overflow, path traversal, SQL injection, and improper input validation vulnerabilities in Advantech’s WebAccess products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02 ∗∗∗ Intel-SA-00086 Security Review Cumulative Update ∗∗∗ --------------------------------------------- Intel recently released a security update (Intel-SA-00086), regarding Intel ME 11.x, SPS 4.0, and TXE 3.0 intel products.The following Firmware are impacted:Intel Management Engine (ME) Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20Intel Server Platform Services (SPS) Firmware version 4.0Intel Trusted Execution Engine (TXE) version 3.0And the following Intel products are affected:6th, 7th & 8th Generation Intel Core Processor FamilyIntel Xeon Processor E3-1200 v5 & v6 Product --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-271 ∗∗∗ VMSA-2018-0003 ∗∗∗ --------------------------------------------- vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0003.html ∗∗∗ Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 ∗∗∗ --------------------------------------------- A new class of issues has been identified in common CPU architectures. The presently known issues could allow unprivileged [...] --------------------------------------------- https://support.citrix.com/article/CTX231399 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (kernel), CentOS (kernel, libvirt, microcode_ctl, and qemu-kvm), Debian (kernel and xen), Fedora (kernel), Mageia (backintime, erlang, and wildmidi), openSUSE (kernel and ucode-intel), Oracle (kernel, libvirt, microcode_ctl, and qemu-kvm), Red Hat (kernel, kernel-rt, libvirt, microcode_ctl, qemu-kvm, and qemu-kvm-rhev), Scientific Linux (libvirt and qemu-kvm), SUSE (kvm and qemu), and Ubuntu (ruby1.9.1, ruby2.0, ruby2.3). --------------------------------------------- https://lwn.net/Articles/743242/rss ∗∗∗ Three new stable kernels ∗∗∗ --------------------------------------------- Greg Kroah-Hartman has announced the release of the 4.14.12, 4.9.75, and 4.4.110 stable kernels. The bulk of thechanges are either to fix the mitigations for Meltdown/Spectre (in 4.14.12) or to backportthose mitigations (in the two older kernels). There are apparently known (orsuspected) problems with each of the releases, which Kroah-Hartman is hoping to get shaken out inthe near term. For example, the 4.4.110 announcement warns: "But becareful, there have been some reports of problems [...] --------------------------------------------- https://lwn.net/Articles/743246/rss ∗∗∗ Bugtraq: SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541633 ∗∗∗ DFN-CERT-2018-0035: Ruby: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0035/ ∗∗∗ DFN-CERT-2018-0029: Mozilla Firefox, Spectre: Zwei Schwachstellen ermöglichen das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0029/ ∗∗∗ HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011668 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010680 ∗∗∗ IBM Security Bulletin: Multiple Apache Struts Vulnerabilities Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011978 ∗∗∗ IBM Security Bulletin: Multiple Apache Struts Vulnerabilities Affect IBM Sterling File Gateway ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012006 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by XML External Entity Injection (XXE) attack (CVE-2017-1666) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011970 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by SQL injection (CVE-2017-1670 ) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012009 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Spoofing through URL Redirection (CVE-2017-1668) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012010 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Path Traversal vulnerability (CVE-2017-1671) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011967 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by OpenSSH vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012324 ∗∗∗ IBM Security Bulletin: Authenticated Users Can Gain Privilege in IBM UrbanCode Deploy (CVE-2017-1493) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000367 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.01.2018
by Daily end-of-shift report 04 Jan '18

04 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 03-01-2018 18:00 − Donnerstag 04-01-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates ∗∗∗ --------------------------------------------- This article contains an continuously updated list of advisories, bulletins, and software updates related to the Meltdown and Spectre vulnerabilities discovered in modern processors. The related CVEs are CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre… ∗∗∗ BeA: Noch mehr Sicherheitslücken im Anwaltspostfach ∗∗∗ --------------------------------------------- Das besondere elektronische Anwaltspostfach hat mehr als nur eine Sicherheitslücke. Die Probleme reichen von einer falschen Ende-zu-Ende-Verschlüsselung über Cross Site Scripting bis hin zu ROBOT und veralteten Java-Libraries. Dabei hat die Firma SEC Consult einen Sicherheitsaudit durchgeführt. --------------------------------------------- https://www.golem.de/news/bea-noch-mehr-sicherheitsluecken-im-anwaltspostfa… ∗∗∗ SWIFT framework took effect Jan. 1 ∗∗∗ --------------------------------------------- While organizations often drag their feet in adopting new cyber requirements, playing the odds that either they wont be breached or found out by regulators, a banks compliance with the SWIFT framework is transparent to other members of the global messaging platform. --------------------------------------------- https://www.scmagazine.com/swift-framework-took-effect-jan-1/article/734615/ ∗∗∗ TU Graz-Forscher entdecken schwere IT-Sicherheitslücke ∗∗∗ --------------------------------------------- Mit "Meltdown" und "Spectre" deckte ein internationales Team - darunter Forscher der TU Graz – schwere Sicherheitslücken in Computer-Prozessoren auf. Betroffen sind PCs, Server und Cloud-Dienste. Ein Patch soll helfen. --------------------------------------------- https://www.tugraz.at/tu-graz/services/news-stories/tu-graz-news/einzelansi… ∗∗∗ Android-Patchday: Google schließt 38 Sicherheitslücken ∗∗∗ --------------------------------------------- Im Rahmen seiner monatlichen Update-Routine schließt Google im Januar 38 Android-Lücken, von denen fünf als kritisch gelten. Für Pixel- und Nexus-Geräte gibt es wieder zusätzliche Sicherheitspatches. --------------------------------------------- https://heise.de/-3933932 ∗∗∗ WordPress Supply Chain Attacks: An Emerging Threat ∗∗∗ --------------------------------------------- In the last few months, we have discovered a number of supply chain attacks targeting WordPress plugins. In this post, we explain what a supply chain attack is, why WordPress is an attractive target for them, and what you can do to protect your site. What Is a Supply Chain Attack? In the software industry, [...] --------------------------------------------- https://www.wordfence.com/blog/2018/01/wordpress-supply-chain-attacks/ ∗∗∗ Wartungsarbeiten Dienstag, 9.1.2018 ∗∗∗ --------------------------------------------- Am Dienstag, 9. Jänner 2018, ab etwa 18:00, werden wir Wartungsarbeiten (ausserhalb des regulären Wartungsfensters, vgl. https://www.cert.at/services/blog/20170609114214-2029.html) an unserer Infrastruktur vornehmen. Dies wird zu kurzen Ausfällen der extern erreichbaren Services (z.B. Mail, Webserver, Mailinglisten) führen, diese können jeweils mehrere Minuten andauern. Es gehen dabei keine Daten (z.B. Emails) [...] --------------------------------------------- http://www.cert.at/services/blog/20180104144006-2108.html ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: [security bulletin] HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541628 ∗∗∗ DFN-CERT-2018-0023: Microsoft Internet Explorer: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0023/ ∗∗∗ DFN-CERT-2018-0021: Microsoft Edge: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0021/ ∗∗∗ IBM Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011428 ∗∗∗ IBM Security Bulletin: IBM WebSphere MQ is affected by a privilege escalation vulnerability (CVE-2017-1612) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009918 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ (CVE-2017-3735 CVE-2017-3736) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22009850 ∗∗∗ VMSA-2018-0002 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0002.html ∗∗∗ Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K91229003 ∗∗∗ XSA-254 ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-254.html ∗∗∗ XSA-253 ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-253.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.01.2018
by Daily end-of-shift report 03 Jan '18

03 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 02-01-2018 18:00 − Mittwoch 03-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 9% of Popular Websites Use Anti-Adblock Scripts ∗∗∗ --------------------------------------------- Around 9% of todays most popular websites deployed or are deploying anti-adblock scripts in an effort to maintain advertising revenues and fight off the rise in the adoption of ad-blocking extensions. --------------------------------------------- https://www.bleepingcomputer.com/news/technology/9-percent-of-popular-websi… ∗∗∗ VMware Issues 3 Critical Patches for vSphere Data Protection ∗∗∗ --------------------------------------------- VMware released three patches fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform. --------------------------------------------- http://threatpost.com/vmware-issues-3-critical-patches-for-vsphere-data-pro… ∗∗∗ Massive Lücke in Intel-CPUs erfordert umfassende Patches ∗∗∗ --------------------------------------------- Derzeit arbeiten Linux- und Windows-Entwickler mit Hochdruck an umfangreichen Sicherheits-Patches, die Angriffe auf Kernel-Schwachstellen verhindern sollen. Grund für die Eile: eine Intel-spezifische Sicherheitslücke. --------------------------------------------- https://heise.de/-3931562 ∗∗∗ Serial Swatter “SWAuTistic” Bragged He Hit 100 Schools, 10 Homes ∗∗∗ --------------------------------------------- The individual who allegedly made a fake emergency call to Kansas police last week that summoned them to shoot and kill an unarmed local man has claimed credit for raising dozens of these dangerous false .. --------------------------------------------- https://krebsonsecurity.com/2018/01/serial-swatter-swautistic-bragged-he-hi… ∗∗∗ Android-Update: Google räumt zahlreiche Sicherheitslücken aus ∗∗∗ --------------------------------------------- Media Framework bleibt problematischster Bereich – Update für Pixel- und Nexus-Devices begonnen --------------------------------------------- http://derstandard.at/2000071414985 ∗∗∗ Cybersecurity stand im Fokus eines Sicherheitsgipfels in St. Pölten ∗∗∗ --------------------------------------------- Behördliches Krisen- und Katastrophenmanagement soll u.a. weiter ausgebaut werden – Nächstes Treffen im Herbst --------------------------------------------- http://derstandard.at/2000071416550 ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ PMASA-2017-9 ∗∗∗ --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2017-9/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.01.2018
by Daily end-of-shift report 02 Jan '18

02 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 29-12-2017 18:00 − Dienstag 02-01-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ I Am Dave ∗∗∗ --------------------------------------------- This cartoon has been making the rounds on the internet for a long time. It depicts how all security technologies and efforts can be undone by "Dave" the 'stupid user'. I can't think of many (well no) real industries that treat their users, peers, and customers with the same level of disdain. Imagine the automotive industry pushing a similar message. 'On one hand we have seatbelts, ABS, airbags, five star safety features... and on the other hand we [...] --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/i-am-dave ∗∗∗ Scripts spionieren im Browser gespeicherte Login-Daten aus ∗∗∗ --------------------------------------------- Wer Nutzernamen und Passwörter direkt im Browser abspeichert, könnte dadurch ausspioniert werden, wie Sicherheitsforscher warnen. --------------------------------------------- https://futurezone.at/digital-life/scripts-spionieren-im-browser-gespeicher… ∗∗∗ The mysterious case of the Linux Page Table Isolation patches ∗∗∗ --------------------------------------------- tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. --------------------------------------------- http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-… ∗∗∗ IOHIDeous: Zero-Day-Exploit für macOS veröffentlicht ∗∗∗ --------------------------------------------- Eine seit wohl 15 Jahren bestehende Schwachstelle kann es einem Angreifer ermöglichen, die Kontrolle über den Mac zu übernehmen. Der nun veröffentlichte Kernel-Exploit funktioniert in macOS bis hin zu 10.13 High Sierra. --------------------------------------------- https://heise.de/-3929556 ∗∗∗ Gefälschte Raiffeisenbank-Sicherheits-App im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte Raiffeisenbank-Nachricht. Darin behaupten sie, dass Kund/innen eine Sicherheits-App installieren müssen. Sie sei notwendig dafür, dass diese weiterhin ihr ELBA-Internet nützen können. In Wahrheit ist die Anwendung Schadsoftware. Sie ermöglicht es Datendieb/innen, dass Geld ihrer Opfer zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-raiffeisenbank-siche… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0003: Asterisk: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0003/ ∗∗∗ DFN-CERT-2018-0004: GIMP: Mehrere Schwachstellen ermöglichen u.a. die Ausführung von Denial-of-Service-Angriffen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0004/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.12.2017
by Daily end-of-shift report 29 Dec '17

29 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-12-2017 18:00 − Freitag 29-12-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Twenty-plus years on, SMTP callbacks are still pointless and need to die ∗∗∗ --------------------------------------------- A rarely used legacy misfeature of the main Internet email protocol creeps back from irrelevance as a minor annoyance. You should ask your mail and antispam provider about their approach to SMTP callbacks. Be wary of any assertion that is not backed by evidence.Even if you are an IT professional and run an email system, you could be forgiven for not being immediately aware that there is such a thing as SMTP callbacks, also referred to as callback verification. As you will see from the Wikipedia [...] --------------------------------------------- http://bsdly.blogspot.com/2017/08/twenty-plus-years-on-smtp-callbacks-are.h… ∗∗∗ Magento Sites Hacked via Helpdesk Widget ∗∗∗ --------------------------------------------- Hackers are actively targeting Magento sites running a popular helpdesk extension, Dutch security researcher Willem de Groot has discovered. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/magento-sites-hacked-via-hel… ∗∗∗ Hacker zeigen Lücken bei Tor-Funksteuerung auf ∗∗∗ --------------------------------------------- Wiener Sicherheitsforscher der Firma Trustworks zeigten am Chaos Communication Congress, wie sie eine Funkfernsteuerung des deutschen Herstellers Hörmann geknackt haben. --------------------------------------------- https://futurezone.at/digital-life/hacker-zeigen-luecken-bei-tor-funksteuer… ∗∗∗ Code Used in Zero Day Huawei Router Attack Made Public ∗∗∗ --------------------------------------------- Researchers warn of copycat type attacks as exploit code used in Mirai variant goes public. --------------------------------------------- http://threatpost.com/code-used-in-zero-day-huawei-router-attack-made-publi… ∗∗∗ Reverse Javascript Injection Redirects to Support Scam on WordPress ∗∗∗ --------------------------------------------- Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri Labs Note. The campaign attempts to redirect visitors to a bogus Windows support page claiming that their computers are infected with 'riskware' and will be disabled unless they call what is an obviously bogus support hotline. Google and several other web security vendors are currently blacklisting the domain; fortunately, most [...] --------------------------------------------- https://blog.sucuri.net/2017/12/reverse-javascript-injection-redirects-to-s… ∗∗∗ 34C3: Auch 4G-Mobilfunk ist einfach abzuhören und zu überwachen ∗∗∗ --------------------------------------------- GSM war sehr einfach zu knacken, 3G stand über das SS7-Protokoll offen wie ein Scheunentor. Bei 4G sollte mit dem neuen Roaming- und Abrechnungsprotokoll Diameter alles besser werden, doch viele Angriffsflächen sind geblieben. --------------------------------------------- https://heise.de/-3928496 ∗∗∗ The State of Security in Industrial Control Systems ∗∗∗ --------------------------------------------- The main challenge for industrial control systems is that the processes that control those systems are connected to critical infrastructure such as power, water, gas, and transport. This means they require high availability, and it is not easy to interrupt those systems to apply security updates. Effects of any downtime means that it can affect [...] --------------------------------------------- https://www.tripwire.com/state-of-security/ics-security/state-security-indu… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4074 imagemagick - security update ∗∗∗ --------------------------------------------- This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitising mayresult in denial of service, memory disclosure or the execution ofarbitrary code if malformed image files are processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-4074 Next End-of-Day report: 2018-01-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.12.2017
by Daily end-of-shift report 28 Dec '17

28 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-12-2017 18:00 − Donnerstag 28-12-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Web Trackers Exploit Flaw in Browser Login Managers to Steal Usernames ∗∗∗ --------------------------------------------- Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain. --------------------------------------------- https://www.bleepingcomputer.com/news/security/web-trackers-exploit-flaw-in… ∗∗∗ Xiaomi: Mit einem Stück Alufolie autonome Staubsauger rooten ∗∗∗ --------------------------------------------- Obwohl Xiaomi in puncto Security viel richtig macht, lassen sich Staubsauger der Firma rooten - mit einem Stück Alufolie. Das ermöglicht dann den Zugriff auf zahlreiche Sensoren und die Nutzung eines eigenen Cloudinterfaces. --------------------------------------------- https://www.golem.de/news/xiaomi-mit-einem-stueck-alufolie-autonome-staubsa… ∗∗∗ Computer Forensics: Forensic Techniques, Part 2 ∗∗∗ --------------------------------------------- Introduction This is a continuation of our "Forensic Techniques" series, in which we discuss some of the most common yet powerful computer forensic techniques for beginners. In Part 1, we took a look at live forensics, file carving, data/password recovery, known file filtering, and email header analysis. Part 2 will feature slightly more advanced techniques, [...] --------------------------------------------- http://resources.infosecinstitute.com/computer-forensics-forensic-technique… ∗∗∗ The "Extended Random" Feature in the BSAFE Crypto Library ∗∗∗ --------------------------------------------- Matthew Green wrote a fascinating blog post about the NSAs efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSAs backdoor into the DUAL_EC_PRNG random number generator to weaken TLS. --------------------------------------------- https://www.schneier.com/blog/archives/2017/12/the_extended_ra.html ∗∗∗ Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More ∗∗∗ --------------------------------------------- Attackers can use sound waves to interfere with a hard drives normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/acoustic-attacks-on-hdds-can… ∗∗∗ 34C3: "Nomorp" hebelt Schutzschild zahlreicher Banking-Apps aus ∗∗∗ --------------------------------------------- Der Sicherheitsforscher Vincent Haupert hat das Rätsel gelüftet, wie er zusammen mit einem Kollegen schwere Lücken bei App-basierten TAN-Verfahren ausnutzen und etwa Überweisungen manipulieren konnte. --------------------------------------------- https://heise.de/-3928363 ∗∗∗ Keine Identitätsbestätigung bei Amazon erforderlich ∗∗∗ --------------------------------------------- In einem gefälschten Amazon-Schreiben ist davon die Rede, dass Kund/innen ihre Identität bei dem Händler bestätigen müssen. Tun sie das nicht, sperrt er angeblich ihr Nutzerkonto. Empfänger/innen können die Nachricht ignorieren, denn sie stammt von Kriminellen. Diese wollen mit dem erfundenen Vorwand fremde Zugangsdaten stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/keine-identitaetsbestaetigung-be… ∗∗∗ Three Plugins Backdoored in Supply Chain Attack ∗∗∗ --------------------------------------------- In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. “Closing” a plugin means that it is no longer available for download from the repository, and will not show up in WordPress.org search results. Each of them had been purchased in the previous six months as part of [...] --------------------------------------------- https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/ ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2017-2323: Digium Asterisk, Digium Certified Asterisk: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2323/ ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Out-of-Bounds Memory Access Vulnerability on Some Huawei FireWall Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ Security Advisory - Weak Algorithm Vulnerability in Huawei USG product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170802-… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in wget affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026217 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM SPSS Statistics Server (CVE-2017-10356, CVE-2017-10388) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011663 ∗∗∗ IBM Security Bulletin: A vulnerability in libnl3 affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026208 ∗∗∗ IBM Security Bulletin: Vulnerabilities in wpa_supplicant affect PowerKVM (KRACK) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026222 ∗∗∗ IBM Security Bulletin: A vulnerability in httpd affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025957 ∗∗∗ IBM Security Bulletin: Vulnerabilities in dnsmasq affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025956 ∗∗∗ IBM Security Bulletin: A vulnerability in emacs affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025961 ∗∗∗ IBM Security Bulletin: A vulnerability in ausgeas affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025962 ∗∗∗ IBM Security Bulletin: Vulnerabilities in nagios affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026031 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenvSwitch affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026032 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.12.2017
by Daily end-of-shift report 27 Dec '17

27 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-12-2017 18:00 − Mittwoch 27-12-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Vulnerability Affects Hundreds of Thousands of IoT Devices ∗∗∗ --------------------------------------------- Heres something to be cheery on Christmas Day - a vulnerability affecting a web server thats been embedded in hundreds of thousands of IoT devices. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/vulnerability-affects-hundre… ∗∗∗ Huawei Router Vulnerability Used to Spread Mirai Variant ∗∗∗ --------------------------------------------- Researchers have identified a vulnerability in a Huawei home router model that is being exploited by an adversary to spread a variant of the Mirai malware called Okiku, also known as Satori. --------------------------------------------- http://threatpost.com/huawei-router-vulnerability-used-to-spread-mirai-vari… ∗∗∗ Recent Russian Routing Leak was Largely Preventable ∗∗∗ --------------------------------------------- Last week, the IP address space belonging to several high-profile companies, including Google, Facebook and Apple, was briefly announced out of Russia, as was first reported by BGPmon. Following the incident, Job Snijders of NTT wrote in a post entitled, “What to do about BGP hijacks”. He stated that, given the inherent security weaknesses in [...] --------------------------------------------- https://dyn.com/blog/recent-russian-routing-leak-was-largely-preventable/ ∗∗∗ Hackers Can Rickroll Thousands of Sonos and Bose Speakers Over the Internet ∗∗∗ --------------------------------------------- Researchers found that network configuration errors have left thousands of high-end speakers open to epic audio pranking. --------------------------------------------- https://www.wired.com/story/hackers-can-rickroll-sonos-bose-speakers-over-i… ∗∗∗ Botnetze können das Stromnetz sabotieren ∗∗∗ --------------------------------------------- Ein Botnetz könnte den Stromverbrauch vernetzter Geräte rascher beeinflussen, als Stromnetze darauf reagieren können. Damit könnte die Stromversorgung ganzer Länder sabotiert werden. --------------------------------------------- https://heise.de/-3927886 ∗∗∗ Inkasso-Sicherheitsleck offenbart Daten von über 33.000 Schuldnern ∗∗∗ --------------------------------------------- Der schweizerische Zweig der Eos-Inkassogruppe hat große Mengen sensibler Daten von Schuldnern in unbefugte Hände fallen lassen. Namen, Adressen, die Höhe von Schuldensbeträgen und sogar Krankenakten waren durch das Datenleck zugänglich. --------------------------------------------- https://heise.de/-3928173 ∗∗∗ 34C3: Riesige Sicherheitslücken bei Stromtankstellen ∗∗∗ --------------------------------------------- An Ladesäulen auf fremde Rechnung Strom fürs E-Auto abzuzapfen ist laut dem Sicherheitsforscher Mathias Dalheimer kein Problem. Die Abrechnungsnummer für Nutzerkarten könne einfach kopiert werden, die Kommunikationsinfrastruktur sei kaum geschützt. --------------------------------------------- https://heise.de/-3928264 ===================== = Vulnerabilities = ===================== ∗∗∗ Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure ∗∗∗ --------------------------------------------- Input passed thru the file GET parameter in forceSave.php script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php ∗∗∗ PMASA-2017-9 ∗∗∗ --------------------------------------------- XSRF/CSRF vulnerability in phpMyAdminAffected VersionsVersions 4.7.x (prior to 4.7.7) are affected. --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2017-9/ ∗∗∗ SECURITY BULLETIN: Trend Micro Smart Protection Server (Standalone) Multiple Vulnerabilities ∗∗∗ --------------------------------------------- Trend Micro has released some Critical Patches (CP) and an updated build for Trend Micro Smart Protection Server (Standalone) to resolve multiple vulnerabilities in the product. --------------------------------------------- https://success.trendmicro.com/solution/1118992 ∗∗∗ 2017-12-22: Cyber Security Notification - TRITON/TRISIS malware ∗∗∗ --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A7931&Lang… ∗∗∗ 2017-12-08: Vulnerability in Ellipse8 - Ellipse Authentication to LDAP/AD ∗∗∗ --------------------------------------------- http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A7341&… ∗∗∗ Security Advisory - Activation Lock Bypass Vulnerability on Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171227-… ∗∗∗ Security Advisory - Several Vulnerabilities in H323 Protocol of Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171227-… ∗∗∗ IBM Security Bulletin: Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010779 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010778 ∗∗∗ IBM Security Bulletin: A vulnerability in Eclipse Jetty affects the IBM InfoSphere Information Server installers ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009537 ∗∗∗ IBM Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010776 ∗∗∗ IBM Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010775 ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM WebSphere MQ File Transfer Edition component (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011689 ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects Jazz for Service Management (JazzSM) (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011302 ∗∗∗ Linux kernel vulnerability CVE-2017-16648 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K73337338 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.12.2017
by Daily end-of-shift report 22 Dec '17

22 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-12-2017 18:00 − Freitag 22-12-2017 18:00 Handler: Nina Bieringer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Myloc/Webtropia: Offene VNC-Ports ermöglichten Angriffe auf Server ∗∗∗ --------------------------------------------- Golem.de hat den Serverhoster Webtropia über eine kritische Schwachstelle informiert: Über eine Lücke in den Ports der Kontrollserver hätten Angreifer ohne Passwort die Kontrolle übernehmen können - zumindest bei einigen Systemen. --------------------------------------------- https://www.golem.de/news/myloc-webtropia-offene-vnc-ports-ermoeglichten-an… ∗∗∗ Conference review: Botconf 2017 ∗∗∗ --------------------------------------------- Virus Bulletin researchers report back from a very interesting fifth edition of Botconf, the botnet fighting conference. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/12/conference-review-botconf-20… ∗∗∗ Opera: Version 50 soll vor Krypto-Mining im Browser schützen ∗∗∗ --------------------------------------------- Auf immer mehr Webseiten lauern Skripte, die unbemerkt CPUs anzapfen, um Kryptowährungen zu schürfen. Die neue Opera-Version enthält mit "NoCoin" einen eingebauten Schutzmechanismus gegen diese Masche. --------------------------------------------- https://heise.de/-3926990 ∗∗∗ Thunderbird: Version 52.5.2 fixt Mailsploit und weitere Schwachstellen ∗∗∗ --------------------------------------------- Mozilla reagiert auf unlängst von Forschern entdeckte Sicherheitsprobleme und bessert seinen Mail-Client nach. Nutzer sollten zeitnah auf die aktuelle Version umsteigen. --------------------------------------------- https://heise.de/-3927213 ===================== = Vulnerabilities = ===================== ∗∗∗ Moxa NPort W2150A and W2250A ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a credentials management vulnerability in Moxas NPort W2150A and W2250A serial network interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01 ∗∗∗ Schneider Electric Pelco VideoXpert Enterprise ∗∗∗ --------------------------------------------- This advisory contains mitigation details for path traversal and improper access control vulnerabilities in Schneider Electric’s Pelco VideoXpert Enterprise. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02 ∗∗∗ The installer of Music Center for PC may insecurely load Dynamic Link Libraries ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN60695371/ ∗∗∗ The installer of Content Manager Assistant for PlayStation may insecurely load Dynamic Link Libraries ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN95423049/ ∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Print Spooler Service ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-… ∗∗∗ Security Notice - Statement on Remote Code Execution Vulnerability in Huawei HG532 Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171130-01-… ∗∗∗ Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2017-1698) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011519 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been fixed in products bundled with IBM Security Directory Suite 8.0.1 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011971 ∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache HTTPD, Apache Tomcat and OpenSSL Upgrade ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010523 ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in IBM Cognos Planning. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011963 ∗∗∗ Citrix XenServer Lets Local Administrative Users on a Guest System Cause Denial of Service Conditions on the Host System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040031 ∗∗∗ SSA-323211 (Last Update 2017-12-22): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Devices ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211… Next End-of-Day report: 2017-12-27 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.12.2017
by Daily end-of-shift report 21 Dec '17

21 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-12-2017 18:00 − Donnerstag 21-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Infosec controls relaxed a little after latest Wassenaar meeting ∗∗∗ --------------------------------------------- A welcome dash of perspective Without much fanfare, negotiators crafting the Wassenaar Agreement earlier this month moved to make things easier for infosec white-hats. --------------------------------------------- www.theregister.co.uk/2017/12/21/infosec_controls_relaxed_a_little_after_la… ∗∗∗ Einfache Mail-Verschlüsselung: PGP-Helfer Autocrypt in Version 1.0 vorgestellt ∗∗∗ --------------------------------------------- Eine benutzerfreundliche E-Mail-Verschlüsselung versprechen die Macher der Autocrypt-Spezifikation, die heute in Version 1.0 freigegeben wurde. --------------------------------------------- https://heise.de/-3924855 ∗∗∗ Massive Cryptomining Campaign Targeting WordPress Sites ∗∗∗ --------------------------------------------- On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed. As reported, it was the most intense period of attacks we had ever recorded. We believe that a single botnet is behind the attacks. We were able .. --------------------------------------------- https://www.wordfence.com/blog/2017/12/massive-cryptomining-campaign-wordpr… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory for Buffer Overflow Vulnerabilities in QTS ∗∗∗ --------------------------------------------- Multiple buffer overflow vulnerabilities were recently found in QTS 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier. If exploited, these vulnerabilities may allow remote attackers to run arbitrary code on NAS devices. --------------------------------------------- https://www.qnap.com/en/security-advisory/nas-201712-15 ∗∗∗ TMM vulnerability CVE-2017-6138 ∗∗∗ --------------------------------------------- TMM vulnerability CVE-2017-6138. Security Advisory. Security Advisory Description. Malicious requests made to virtual servers .. --------------------------------------------- https://support.f5.com/csp/article/K34514540 ∗∗∗ TMM vulnerability CVE-2017-6132 ∗∗∗ --------------------------------------------- TMM vulnerability CVE-2017-6132. Security Advisory. Security Advisory Description. Undisclosed sequence of packets sent .. --------------------------------------------- https://support.f5.com/csp/article/K12044607 ∗∗∗ Linux kernel vulnerability CVE-2017-6135 ∗∗∗ --------------------------------------------- Linux kernel vulnerability CVE-2017-6135. Security Advisory. Security Advisory Description. A slow memory leak as a result .. --------------------------------------------- https://support.f5.com/csp/article/K43322910 ∗∗∗ me aliases - Highly critical - Arbitrary code execution - SA-CONTRIB-2017-097 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2017-097 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source Samba affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009491 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source OpenSSL affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011039 ∗∗∗ TMM vulnerability CVE-2017-6134 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37404773 ∗∗∗ SQL injection vulnerability CVE-2017-0304 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K39428424 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.12.2017
by Daily end-of-shift report 20 Dec '17

20 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-12-2017 18:00 − Mittwoch 20-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Verschlüsselung: Audit findet schwerwiegende Sicherheitslücken in Enigmail ∗∗∗ --------------------------------------------- Mozillas Secure Open Source Fund und der Berliner E-Mail-Anbieter Posteo haben einen Security-Audit für Thunderbird und die Erweiterung Enigmail in Auftrag gegeben. Dabei sind einige kritische und schwerwiegende Lücken gefunden worden. --------------------------------------------- https://www.golem.de/news/verschluesselung-audit-findet-schwerwiegende-sich… ∗∗∗ Avast veröffentlicht Maschinencode-Decompiler als Open Source ∗∗∗ --------------------------------------------- Der Virenschutz-Hersteller Avast hat ein Werkzeug entwickelt, mit dem sich ausführbarer Maschinencode in lesbaren Quelltext zurückübersetzen lassen soll. Damit lässt sich das Verhalten von Programmen analysieren, ohne sie auszuführen. --------------------------------------------- https://heise.de/-3923397 ∗∗∗ Backdoor in Captcha Plugin Affects 300K WordPress Sites ∗∗∗ --------------------------------------------- The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name. Whenever the WordPress repository removes a plugin with a large user base, we check .. --------------------------------------------- https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/ ===================== = Vulnerabilities = ===================== ∗∗∗ Ecava IntegraXor ∗∗∗ --------------------------------------------- This advisory contains mitigation details for SQL injection vulnerabilities in Ecava’s IntegraXor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03 ∗∗∗ Siemens LOGO! Soft Comfort ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a download of code without integrity check vulnerability in Siemens LOGO! Soft Comfort software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-353-04 ∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a heap-based buffer overflow vulnerability in WECON’s LeviStudio HMI. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-353-05 ∗∗∗ Multiple vulnerabilities in extension "JobControl" (dmmjobcontrol) ∗∗∗ --------------------------------------------- It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to SQL Injection and Cross Site-Scripting. --------------------------------------------- https://typo3.org/news/article/multiple-vulnerabilities-in-extension-jobcon… ∗∗∗ Captcha 4.3.6–4.4.4 - Backdoored ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8980 ∗∗∗ DFN-CERT-2017-2302/">TYPO3 Extensions: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2302/ ∗∗∗ DFN-CERT-2017-2305/">VMware ESXi, Workstation, Fusion, vCenter Server Appliance: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2305/ ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: IBM Connections Docs is affected by libxml2 vulnerabilty (CVE-2017-16932 CVE-2017-16931) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011831 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix (CVE-2017-3735 CVE-2017-14919) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011851 ∗∗∗ BIG-IP APM Portal Access vulnerability CVE-2017-0301 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54358225 ∗∗∗ TMM vulnerability CVE-2017-6140 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55102452 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.12.2017
by Daily end-of-shift report 19 Dec '17

19 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Montag 18-12-2017 18:00 − Dienstag 19-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Dual EC: Wie Cisco, Avast und die NSA TLS 1.3 behindern ∗∗∗ --------------------------------------------- Auch der jüngste Entwurf des TLS-1.3-Protokolls führt zu Verbindungsabbrüchen. Google nennt jetzt einige Schuldige, darunter ein Gerät von Cisco, ein Virenscanner - und eine Spur zur NSA-Hintertüre Dual EC in der RSA-BSAFE-Bibliothek. --------------------------------------------- https://www.golem.de/news/dual-ec-wie-cisco-avast-und-die-nsa-tls-1-3-behin… ∗∗∗ aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript ∗∗∗ --------------------------------------------- Many widely-deployed technologies, viewed through 20/20 hindsight, seem like an odd or unnecessarily risky idea. Engineering decisions in IT are often made with imperfect information and under time pressure, and some oddities of the IT stack can best be .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-win… ∗∗∗ Multifunktionstrojaner Loapi kann Android-Smartphones physisch beschädigen ∗∗∗ --------------------------------------------- Loapi ist die eierlegende Wollmilchsau unter den Android-Trojanern und geht so hart zu Werk, dass Smartphones aufplatzen können. --------------------------------------------- https://heise.de/-3921651 ∗∗∗ The Market for Stolen Account Credentials ∗∗∗ --------------------------------------------- Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Todays post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online .. --------------------------------------------- https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentia… ∗∗∗ Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC ∗∗∗ --------------------------------------------- A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive .. --------------------------------------------- https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-att… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2017-10: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framewo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.12.2017
by Daily end-of-shift report 18 Dec '17

18 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-12-2017 18:00 − Montag 18-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Windows 10: Kritische Lücke in vorinstalliertem Passwortmanager ∗∗∗ --------------------------------------------- Keeper-Nutzer sollten unbedingt die gepatchte Version installieren. Der aktuell in Windows 10 vorinstallierte Passwortmanager Keeper hatte bis Version 11.3 einen Fehler, der es bösartigen Webseiten ermöglichte, über Clickjacking beliebige Passwörter auszulesen. --------------------------------------------- https://www.golem.de/news/windows-10-kritische-luecke-in-vorinstalliertem-p… ∗∗∗ BGP-Hijacking: IP-Verkehr der Großen Vier nach Russland umgeleitet ∗∗∗ --------------------------------------------- Weil etliche Netzbetreiber immer noch ein Routing-Protokoll ohne Sicherheitsvorkehrungen nutzen, gelang es wieder einmal Angreifern, IP-Verkehr von Google, Facebook, Apple und Microsoft umzuleiten. Das Zwischenziel: Russland. --------------------------------------------- https://heise.de/-3919524 ∗∗∗ Kritische und bislang ungepatchte Lücken in Forensoftware vBulletin ∗∗∗ --------------------------------------------- In der aktuellen Version von vBulletin klaffen zwei Schwachstellen – davon ist mindestens eine als kritisch einzustufen. Angreifer könnten Schadcode ausführen. --------------------------------------------- https://heise.de/-3920375 ∗∗∗ Gesichtserkennung von Windows 10 mit Papierausdruck reingelegt ∗∗∗ --------------------------------------------- Sicherheitsforscher haben Windows Hello erfolgreich ausgetrickst und sich an damit gesicherten Computern angemeldet. Das funktioniert aber nur mit bestimmten Hard- und Softwarekonstellationen. --------------------------------------------- https://heise.de/-3920864 ∗∗∗ Hacker zeigte Probleme bei Ladekarten für Stromtankstellen auf ∗∗∗ --------------------------------------------- "Ich brauche nur diese Nummer, um auf fremde Kosten Strom zu laden" --------------------------------------------- http://derstandard.at/2000070592621 ∗∗∗ Über 10.000 Seiten schürfen mit PC-Leistung der Nutzer nach Kryptogeld ∗∗∗ --------------------------------------------- Sicherheitsexperten registrieren rasanten Anstieg seit Bitcoin-Hype --------------------------------------------- http://derstandard.at/2000070618982 ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin – December 2017 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ Security Advisory - Multiple Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2017-1423) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22011400 ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2017-14919) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010601 ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Business Process Manager web Process Designer (CVE-2017-1494) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008673 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.12.2017
by Daily end-of-shift report 15 Dec '17

15 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-12-2017 18:00 − Freitag 15-12-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft Considers Adding Python as an Official Scripting Language to Excel ∗∗∗ --------------------------------------------- Microsoft is considering adding Python as one of the official Excel scripting languages, according to .. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-considers-adding-… ∗∗∗ Vigilante Removes Malware from Netgear Site After Company Fails to Do So for 2 Years ∗∗∗ --------------------------------------------- An anonymous vigilante has taken matters into his own hands and removed malware from a Netgear site after the .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vigilante-removes-malware-fr… ∗∗∗ The spy under your christmas tree ∗∗∗ --------------------------------------------- In the past few years, makers of internet-enabled toys have made the headlines multiple times, but not in a good way. Privacy and data protection clearly is not the highest priority in this sector. In Germany, the sale of some of those toys has already been banned after they were classified as concealed surveillance .. --------------------------------------------- https://www.gdatasoftware.com/blog/2017/12/30277-the-spy-under-your-christm… ∗∗∗ Joanna Rutkowska: Qubes OS soll "einfach wie Ubuntu" werden ∗∗∗ --------------------------------------------- Die Gründerin von Qubes OS, Joanna Rutkowska, erklärt die grundlegenden Ideen und Konzepte des auf Sicherheit fokussierten Projektes. Außerdem verrät die Entwicklerin im Gespräch mit Golem.de weiter .. --------------------------------------------- https://www.golem.de/news/joanna-rutkowska-qubes-os-soll-einfach-wie-ubuntu… ∗∗∗ Determining your risk ∗∗∗ --------------------------------------------- Red Hat continues to be a leader in transparency regarding security problems that are discovered in our software and the steps we take to fix them. We publish data about vulnerabilities on our security metrics page and .. --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2998921 ∗∗∗ Javascript Injection Creates Rogue WordPress Admin User ∗∗∗ --------------------------------------------- Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection type was always the same: malicious JavaScript designed to display unauthorized pop-ups or completely redirect visitors to spammy websites, which the hackers then monetized through advertisement .. --------------------------------------------- https://blog.sucuri.net/2017/12/javascript-injection-creates-rogue-wordpres… ∗∗∗ Root-Lücke in Firewalls von Palo Alto Networks ∗∗∗ --------------------------------------------- Kombinieren Angreifer drei Sicherheitslücken, könnten sie Firewalls von Palo Alto Networks kompromittieren, warnt ein Sicherheitsforscher. --------------------------------------------- https://heise.de/-3918909 ===================== = Vulnerabilities = ===================== ∗∗∗ Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake ∗∗∗ --------------------------------------------- A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Packet Engine that could .. --------------------------------------------- https://support.citrix.com/article/CTX230612 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily