Daily December 2017

daily@lists.cert.at

1 participants
18 discussions

Tageszusammenfassung - 29.12.2017
by Daily end-of-shift report 29 Dec '17

29 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-12-2017 18:00 − Freitag 29-12-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Twenty-plus years on, SMTP callbacks are still pointless and need to die ∗∗∗ --------------------------------------------- A rarely used legacy misfeature of the main Internet email protocol creeps back from irrelevance as a minor annoyance. You should ask your mail and antispam provider about their approach to SMTP callbacks. Be wary of any assertion that is not backed by evidence.Even if you are an IT professional and run an email system, you could be forgiven for not being immediately aware that there is such a thing as SMTP callbacks, also referred to as callback verification. As you will see from the Wikipedia [...] --------------------------------------------- http://bsdly.blogspot.com/2017/08/twenty-plus-years-on-smtp-callbacks-are.h… ∗∗∗ Magento Sites Hacked via Helpdesk Widget ∗∗∗ --------------------------------------------- Hackers are actively targeting Magento sites running a popular helpdesk extension, Dutch security researcher Willem de Groot has discovered. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/magento-sites-hacked-via-hel… ∗∗∗ Hacker zeigen Lücken bei Tor-Funksteuerung auf ∗∗∗ --------------------------------------------- Wiener Sicherheitsforscher der Firma Trustworks zeigten am Chaos Communication Congress, wie sie eine Funkfernsteuerung des deutschen Herstellers Hörmann geknackt haben. --------------------------------------------- https://futurezone.at/digital-life/hacker-zeigen-luecken-bei-tor-funksteuer… ∗∗∗ Code Used in Zero Day Huawei Router Attack Made Public ∗∗∗ --------------------------------------------- Researchers warn of copycat type attacks as exploit code used in Mirai variant goes public. --------------------------------------------- http://threatpost.com/code-used-in-zero-day-huawei-router-attack-made-publi… ∗∗∗ Reverse Javascript Injection Redirects to Support Scam on WordPress ∗∗∗ --------------------------------------------- Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri Labs Note. The campaign attempts to redirect visitors to a bogus Windows support page claiming that their computers are infected with 'riskware' and will be disabled unless they call what is an obviously bogus support hotline. Google and several other web security vendors are currently blacklisting the domain; fortunately, most [...] --------------------------------------------- https://blog.sucuri.net/2017/12/reverse-javascript-injection-redirects-to-s… ∗∗∗ 34C3: Auch 4G-Mobilfunk ist einfach abzuhören und zu überwachen ∗∗∗ --------------------------------------------- GSM war sehr einfach zu knacken, 3G stand über das SS7-Protokoll offen wie ein Scheunentor. Bei 4G sollte mit dem neuen Roaming- und Abrechnungsprotokoll Diameter alles besser werden, doch viele Angriffsflächen sind geblieben. --------------------------------------------- https://heise.de/-3928496 ∗∗∗ The State of Security in Industrial Control Systems ∗∗∗ --------------------------------------------- The main challenge for industrial control systems is that the processes that control those systems are connected to critical infrastructure such as power, water, gas, and transport. This means they require high availability, and it is not easy to interrupt those systems to apply security updates. Effects of any downtime means that it can affect [...] --------------------------------------------- https://www.tripwire.com/state-of-security/ics-security/state-security-indu… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4074 imagemagick - security update ∗∗∗ --------------------------------------------- This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitising mayresult in denial of service, memory disclosure or the execution ofarbitrary code if malformed image files are processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-4074 Next End-of-Day report: 2018-01-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.12.2017
by Daily end-of-shift report 28 Dec '17

28 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-12-2017 18:00 − Donnerstag 28-12-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Web Trackers Exploit Flaw in Browser Login Managers to Steal Usernames ∗∗∗ --------------------------------------------- Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain. --------------------------------------------- https://www.bleepingcomputer.com/news/security/web-trackers-exploit-flaw-in… ∗∗∗ Xiaomi: Mit einem Stück Alufolie autonome Staubsauger rooten ∗∗∗ --------------------------------------------- Obwohl Xiaomi in puncto Security viel richtig macht, lassen sich Staubsauger der Firma rooten - mit einem Stück Alufolie. Das ermöglicht dann den Zugriff auf zahlreiche Sensoren und die Nutzung eines eigenen Cloudinterfaces. --------------------------------------------- https://www.golem.de/news/xiaomi-mit-einem-stueck-alufolie-autonome-staubsa… ∗∗∗ Computer Forensics: Forensic Techniques, Part 2 ∗∗∗ --------------------------------------------- Introduction This is a continuation of our "Forensic Techniques" series, in which we discuss some of the most common yet powerful computer forensic techniques for beginners. In Part 1, we took a look at live forensics, file carving, data/password recovery, known file filtering, and email header analysis. Part 2 will feature slightly more advanced techniques, [...] --------------------------------------------- http://resources.infosecinstitute.com/computer-forensics-forensic-technique… ∗∗∗ The "Extended Random" Feature in the BSAFE Crypto Library ∗∗∗ --------------------------------------------- Matthew Green wrote a fascinating blog post about the NSAs efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSAs backdoor into the DUAL_EC_PRNG random number generator to weaken TLS. --------------------------------------------- https://www.schneier.com/blog/archives/2017/12/the_extended_ra.html ∗∗∗ Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More ∗∗∗ --------------------------------------------- Attackers can use sound waves to interfere with a hard drives normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/acoustic-attacks-on-hdds-can… ∗∗∗ 34C3: "Nomorp" hebelt Schutzschild zahlreicher Banking-Apps aus ∗∗∗ --------------------------------------------- Der Sicherheitsforscher Vincent Haupert hat das Rätsel gelüftet, wie er zusammen mit einem Kollegen schwere Lücken bei App-basierten TAN-Verfahren ausnutzen und etwa Überweisungen manipulieren konnte. --------------------------------------------- https://heise.de/-3928363 ∗∗∗ Keine Identitätsbestätigung bei Amazon erforderlich ∗∗∗ --------------------------------------------- In einem gefälschten Amazon-Schreiben ist davon die Rede, dass Kund/innen ihre Identität bei dem Händler bestätigen müssen. Tun sie das nicht, sperrt er angeblich ihr Nutzerkonto. Empfänger/innen können die Nachricht ignorieren, denn sie stammt von Kriminellen. Diese wollen mit dem erfundenen Vorwand fremde Zugangsdaten stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/keine-identitaetsbestaetigung-be… ∗∗∗ Three Plugins Backdoored in Supply Chain Attack ∗∗∗ --------------------------------------------- In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. “Closing” a plugin means that it is no longer available for download from the repository, and will not show up in WordPress.org search results. Each of them had been purchased in the previous six months as part of [...] --------------------------------------------- https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/ ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2017-2323: Digium Asterisk, Digium Certified Asterisk: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2323/ ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Out-of-Bounds Memory Access Vulnerability on Some Huawei FireWall Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ Security Advisory - Weak Algorithm Vulnerability in Huawei USG product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170802-… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in wget affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026217 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM SPSS Statistics Server (CVE-2017-10356, CVE-2017-10388) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011663 ∗∗∗ IBM Security Bulletin: A vulnerability in libnl3 affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026208 ∗∗∗ IBM Security Bulletin: Vulnerabilities in wpa_supplicant affect PowerKVM (KRACK) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026222 ∗∗∗ IBM Security Bulletin: A vulnerability in httpd affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025957 ∗∗∗ IBM Security Bulletin: Vulnerabilities in dnsmasq affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025956 ∗∗∗ IBM Security Bulletin: A vulnerability in emacs affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025961 ∗∗∗ IBM Security Bulletin: A vulnerability in ausgeas affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025962 ∗∗∗ IBM Security Bulletin: Vulnerabilities in nagios affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026031 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenvSwitch affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026032 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.12.2017
by Daily end-of-shift report 27 Dec '17

27 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-12-2017 18:00 − Mittwoch 27-12-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Vulnerability Affects Hundreds of Thousands of IoT Devices ∗∗∗ --------------------------------------------- Heres something to be cheery on Christmas Day - a vulnerability affecting a web server thats been embedded in hundreds of thousands of IoT devices. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/vulnerability-affects-hundre… ∗∗∗ Huawei Router Vulnerability Used to Spread Mirai Variant ∗∗∗ --------------------------------------------- Researchers have identified a vulnerability in a Huawei home router model that is being exploited by an adversary to spread a variant of the Mirai malware called Okiku, also known as Satori. --------------------------------------------- http://threatpost.com/huawei-router-vulnerability-used-to-spread-mirai-vari… ∗∗∗ Recent Russian Routing Leak was Largely Preventable ∗∗∗ --------------------------------------------- Last week, the IP address space belonging to several high-profile companies, including Google, Facebook and Apple, was briefly announced out of Russia, as was first reported by BGPmon. Following the incident, Job Snijders of NTT wrote in a post entitled, “What to do about BGP hijacks”. He stated that, given the inherent security weaknesses in [...] --------------------------------------------- https://dyn.com/blog/recent-russian-routing-leak-was-largely-preventable/ ∗∗∗ Hackers Can Rickroll Thousands of Sonos and Bose Speakers Over the Internet ∗∗∗ --------------------------------------------- Researchers found that network configuration errors have left thousands of high-end speakers open to epic audio pranking. --------------------------------------------- https://www.wired.com/story/hackers-can-rickroll-sonos-bose-speakers-over-i… ∗∗∗ Botnetze können das Stromnetz sabotieren ∗∗∗ --------------------------------------------- Ein Botnetz könnte den Stromverbrauch vernetzter Geräte rascher beeinflussen, als Stromnetze darauf reagieren können. Damit könnte die Stromversorgung ganzer Länder sabotiert werden. --------------------------------------------- https://heise.de/-3927886 ∗∗∗ Inkasso-Sicherheitsleck offenbart Daten von über 33.000 Schuldnern ∗∗∗ --------------------------------------------- Der schweizerische Zweig der Eos-Inkassogruppe hat große Mengen sensibler Daten von Schuldnern in unbefugte Hände fallen lassen. Namen, Adressen, die Höhe von Schuldensbeträgen und sogar Krankenakten waren durch das Datenleck zugänglich. --------------------------------------------- https://heise.de/-3928173 ∗∗∗ 34C3: Riesige Sicherheitslücken bei Stromtankstellen ∗∗∗ --------------------------------------------- An Ladesäulen auf fremde Rechnung Strom fürs E-Auto abzuzapfen ist laut dem Sicherheitsforscher Mathias Dalheimer kein Problem. Die Abrechnungsnummer für Nutzerkarten könne einfach kopiert werden, die Kommunikationsinfrastruktur sei kaum geschützt. --------------------------------------------- https://heise.de/-3928264 ===================== = Vulnerabilities = ===================== ∗∗∗ Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure ∗∗∗ --------------------------------------------- Input passed thru the file GET parameter in forceSave.php script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php ∗∗∗ PMASA-2017-9 ∗∗∗ --------------------------------------------- XSRF/CSRF vulnerability in phpMyAdminAffected VersionsVersions 4.7.x (prior to 4.7.7) are affected. --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2017-9/ ∗∗∗ SECURITY BULLETIN: Trend Micro Smart Protection Server (Standalone) Multiple Vulnerabilities ∗∗∗ --------------------------------------------- Trend Micro has released some Critical Patches (CP) and an updated build for Trend Micro Smart Protection Server (Standalone) to resolve multiple vulnerabilities in the product. --------------------------------------------- https://success.trendmicro.com/solution/1118992 ∗∗∗ 2017-12-22: Cyber Security Notification - TRITON/TRISIS malware ∗∗∗ --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A7931&Lang… ∗∗∗ 2017-12-08: Vulnerability in Ellipse8 - Ellipse Authentication to LDAP/AD ∗∗∗ --------------------------------------------- http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A7341&… ∗∗∗ Security Advisory - Activation Lock Bypass Vulnerability on Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171227-… ∗∗∗ Security Advisory - Several Vulnerabilities in H323 Protocol of Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171227-… ∗∗∗ IBM Security Bulletin: Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010779 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010778 ∗∗∗ IBM Security Bulletin: A vulnerability in Eclipse Jetty affects the IBM InfoSphere Information Server installers ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009537 ∗∗∗ IBM Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010776 ∗∗∗ IBM Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010775 ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM WebSphere MQ File Transfer Edition component (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011689 ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects Jazz for Service Management (JazzSM) (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011302 ∗∗∗ Linux kernel vulnerability CVE-2017-16648 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K73337338 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.12.2017
by Daily end-of-shift report 22 Dec '17

22 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-12-2017 18:00 − Freitag 22-12-2017 18:00 Handler: Nina Bieringer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Myloc/Webtropia: Offene VNC-Ports ermöglichten Angriffe auf Server ∗∗∗ --------------------------------------------- Golem.de hat den Serverhoster Webtropia über eine kritische Schwachstelle informiert: Über eine Lücke in den Ports der Kontrollserver hätten Angreifer ohne Passwort die Kontrolle übernehmen können - zumindest bei einigen Systemen. --------------------------------------------- https://www.golem.de/news/myloc-webtropia-offene-vnc-ports-ermoeglichten-an… ∗∗∗ Conference review: Botconf 2017 ∗∗∗ --------------------------------------------- Virus Bulletin researchers report back from a very interesting fifth edition of Botconf, the botnet fighting conference. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/12/conference-review-botconf-20… ∗∗∗ Opera: Version 50 soll vor Krypto-Mining im Browser schützen ∗∗∗ --------------------------------------------- Auf immer mehr Webseiten lauern Skripte, die unbemerkt CPUs anzapfen, um Kryptowährungen zu schürfen. Die neue Opera-Version enthält mit "NoCoin" einen eingebauten Schutzmechanismus gegen diese Masche. --------------------------------------------- https://heise.de/-3926990 ∗∗∗ Thunderbird: Version 52.5.2 fixt Mailsploit und weitere Schwachstellen ∗∗∗ --------------------------------------------- Mozilla reagiert auf unlängst von Forschern entdeckte Sicherheitsprobleme und bessert seinen Mail-Client nach. Nutzer sollten zeitnah auf die aktuelle Version umsteigen. --------------------------------------------- https://heise.de/-3927213 ===================== = Vulnerabilities = ===================== ∗∗∗ Moxa NPort W2150A and W2250A ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a credentials management vulnerability in Moxas NPort W2150A and W2250A serial network interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01 ∗∗∗ Schneider Electric Pelco VideoXpert Enterprise ∗∗∗ --------------------------------------------- This advisory contains mitigation details for path traversal and improper access control vulnerabilities in Schneider Electric’s Pelco VideoXpert Enterprise. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02 ∗∗∗ The installer of Music Center for PC may insecurely load Dynamic Link Libraries ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN60695371/ ∗∗∗ The installer of Content Manager Assistant for PlayStation may insecurely load Dynamic Link Libraries ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN95423049/ ∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Print Spooler Service ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-… ∗∗∗ Security Notice - Statement on Remote Code Execution Vulnerability in Huawei HG532 Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171130-01-… ∗∗∗ Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2017-1698) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011519 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been fixed in products bundled with IBM Security Directory Suite 8.0.1 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011971 ∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache HTTPD, Apache Tomcat and OpenSSL Upgrade ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010523 ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in IBM Cognos Planning. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011963 ∗∗∗ Citrix XenServer Lets Local Administrative Users on a Guest System Cause Denial of Service Conditions on the Host System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040031 ∗∗∗ SSA-323211 (Last Update 2017-12-22): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Devices ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211… Next End-of-Day report: 2017-12-27 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.12.2017
by Daily end-of-shift report 21 Dec '17

21 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-12-2017 18:00 − Donnerstag 21-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Infosec controls relaxed a little after latest Wassenaar meeting ∗∗∗ --------------------------------------------- A welcome dash of perspective Without much fanfare, negotiators crafting the Wassenaar Agreement earlier this month moved to make things easier for infosec white-hats. --------------------------------------------- www.theregister.co.uk/2017/12/21/infosec_controls_relaxed_a_little_after_la… ∗∗∗ Einfache Mail-Verschlüsselung: PGP-Helfer Autocrypt in Version 1.0 vorgestellt ∗∗∗ --------------------------------------------- Eine benutzerfreundliche E-Mail-Verschlüsselung versprechen die Macher der Autocrypt-Spezifikation, die heute in Version 1.0 freigegeben wurde. --------------------------------------------- https://heise.de/-3924855 ∗∗∗ Massive Cryptomining Campaign Targeting WordPress Sites ∗∗∗ --------------------------------------------- On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed. As reported, it was the most intense period of attacks we had ever recorded. We believe that a single botnet is behind the attacks. We were able .. --------------------------------------------- https://www.wordfence.com/blog/2017/12/massive-cryptomining-campaign-wordpr… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory for Buffer Overflow Vulnerabilities in QTS ∗∗∗ --------------------------------------------- Multiple buffer overflow vulnerabilities were recently found in QTS 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier. If exploited, these vulnerabilities may allow remote attackers to run arbitrary code on NAS devices. --------------------------------------------- https://www.qnap.com/en/security-advisory/nas-201712-15 ∗∗∗ TMM vulnerability CVE-2017-6138 ∗∗∗ --------------------------------------------- TMM vulnerability CVE-2017-6138. Security Advisory. Security Advisory Description. Malicious requests made to virtual servers .. --------------------------------------------- https://support.f5.com/csp/article/K34514540 ∗∗∗ TMM vulnerability CVE-2017-6132 ∗∗∗ --------------------------------------------- TMM vulnerability CVE-2017-6132. Security Advisory. Security Advisory Description. Undisclosed sequence of packets sent .. --------------------------------------------- https://support.f5.com/csp/article/K12044607 ∗∗∗ Linux kernel vulnerability CVE-2017-6135 ∗∗∗ --------------------------------------------- Linux kernel vulnerability CVE-2017-6135. Security Advisory. Security Advisory Description. A slow memory leak as a result .. --------------------------------------------- https://support.f5.com/csp/article/K43322910 ∗∗∗ me aliases - Highly critical - Arbitrary code execution - SA-CONTRIB-2017-097 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2017-097 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source Samba affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009491 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source OpenSSL affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011039 ∗∗∗ TMM vulnerability CVE-2017-6134 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37404773 ∗∗∗ SQL injection vulnerability CVE-2017-0304 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K39428424 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.12.2017
by Daily end-of-shift report 20 Dec '17

20 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-12-2017 18:00 − Mittwoch 20-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Verschlüsselung: Audit findet schwerwiegende Sicherheitslücken in Enigmail ∗∗∗ --------------------------------------------- Mozillas Secure Open Source Fund und der Berliner E-Mail-Anbieter Posteo haben einen Security-Audit für Thunderbird und die Erweiterung Enigmail in Auftrag gegeben. Dabei sind einige kritische und schwerwiegende Lücken gefunden worden. --------------------------------------------- https://www.golem.de/news/verschluesselung-audit-findet-schwerwiegende-sich… ∗∗∗ Avast veröffentlicht Maschinencode-Decompiler als Open Source ∗∗∗ --------------------------------------------- Der Virenschutz-Hersteller Avast hat ein Werkzeug entwickelt, mit dem sich ausführbarer Maschinencode in lesbaren Quelltext zurückübersetzen lassen soll. Damit lässt sich das Verhalten von Programmen analysieren, ohne sie auszuführen. --------------------------------------------- https://heise.de/-3923397 ∗∗∗ Backdoor in Captcha Plugin Affects 300K WordPress Sites ∗∗∗ --------------------------------------------- The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name. Whenever the WordPress repository removes a plugin with a large user base, we check .. --------------------------------------------- https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/ ===================== = Vulnerabilities = ===================== ∗∗∗ Ecava IntegraXor ∗∗∗ --------------------------------------------- This advisory contains mitigation details for SQL injection vulnerabilities in Ecava’s IntegraXor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03 ∗∗∗ Siemens LOGO! Soft Comfort ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a download of code without integrity check vulnerability in Siemens LOGO! Soft Comfort software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-353-04 ∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a heap-based buffer overflow vulnerability in WECON’s LeviStudio HMI. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-353-05 ∗∗∗ Multiple vulnerabilities in extension "JobControl" (dmmjobcontrol) ∗∗∗ --------------------------------------------- It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to SQL Injection and Cross Site-Scripting. --------------------------------------------- https://typo3.org/news/article/multiple-vulnerabilities-in-extension-jobcon… ∗∗∗ Captcha 4.3.6–4.4.4 - Backdoored ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8980 ∗∗∗ DFN-CERT-2017-2302/">TYPO3 Extensions: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2302/ ∗∗∗ DFN-CERT-2017-2305/">VMware ESXi, Workstation, Fusion, vCenter Server Appliance: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2305/ ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: IBM Connections Docs is affected by libxml2 vulnerabilty (CVE-2017-16932 CVE-2017-16931) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011831 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix (CVE-2017-3735 CVE-2017-14919) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011851 ∗∗∗ BIG-IP APM Portal Access vulnerability CVE-2017-0301 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54358225 ∗∗∗ TMM vulnerability CVE-2017-6140 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55102452 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.12.2017
by Daily end-of-shift report 19 Dec '17

19 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Montag 18-12-2017 18:00 − Dienstag 19-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Dual EC: Wie Cisco, Avast und die NSA TLS 1.3 behindern ∗∗∗ --------------------------------------------- Auch der jüngste Entwurf des TLS-1.3-Protokolls führt zu Verbindungsabbrüchen. Google nennt jetzt einige Schuldige, darunter ein Gerät von Cisco, ein Virenscanner - und eine Spur zur NSA-Hintertüre Dual EC in der RSA-BSAFE-Bibliothek. --------------------------------------------- https://www.golem.de/news/dual-ec-wie-cisco-avast-und-die-nsa-tls-1-3-behin… ∗∗∗ aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript ∗∗∗ --------------------------------------------- Many widely-deployed technologies, viewed through 20/20 hindsight, seem like an odd or unnecessarily risky idea. Engineering decisions in IT are often made with imperfect information and under time pressure, and some oddities of the IT stack can best be .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-win… ∗∗∗ Multifunktionstrojaner Loapi kann Android-Smartphones physisch beschädigen ∗∗∗ --------------------------------------------- Loapi ist die eierlegende Wollmilchsau unter den Android-Trojanern und geht so hart zu Werk, dass Smartphones aufplatzen können. --------------------------------------------- https://heise.de/-3921651 ∗∗∗ The Market for Stolen Account Credentials ∗∗∗ --------------------------------------------- Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Todays post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online .. --------------------------------------------- https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentia… ∗∗∗ Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC ∗∗∗ --------------------------------------------- A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive .. --------------------------------------------- https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-att… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2017-10: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framewo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.12.2017
by Daily end-of-shift report 18 Dec '17

18 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-12-2017 18:00 − Montag 18-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Windows 10: Kritische Lücke in vorinstalliertem Passwortmanager ∗∗∗ --------------------------------------------- Keeper-Nutzer sollten unbedingt die gepatchte Version installieren. Der aktuell in Windows 10 vorinstallierte Passwortmanager Keeper hatte bis Version 11.3 einen Fehler, der es bösartigen Webseiten ermöglichte, über Clickjacking beliebige Passwörter auszulesen. --------------------------------------------- https://www.golem.de/news/windows-10-kritische-luecke-in-vorinstalliertem-p… ∗∗∗ BGP-Hijacking: IP-Verkehr der Großen Vier nach Russland umgeleitet ∗∗∗ --------------------------------------------- Weil etliche Netzbetreiber immer noch ein Routing-Protokoll ohne Sicherheitsvorkehrungen nutzen, gelang es wieder einmal Angreifern, IP-Verkehr von Google, Facebook, Apple und Microsoft umzuleiten. Das Zwischenziel: Russland. --------------------------------------------- https://heise.de/-3919524 ∗∗∗ Kritische und bislang ungepatchte Lücken in Forensoftware vBulletin ∗∗∗ --------------------------------------------- In der aktuellen Version von vBulletin klaffen zwei Schwachstellen – davon ist mindestens eine als kritisch einzustufen. Angreifer könnten Schadcode ausführen. --------------------------------------------- https://heise.de/-3920375 ∗∗∗ Gesichtserkennung von Windows 10 mit Papierausdruck reingelegt ∗∗∗ --------------------------------------------- Sicherheitsforscher haben Windows Hello erfolgreich ausgetrickst und sich an damit gesicherten Computern angemeldet. Das funktioniert aber nur mit bestimmten Hard- und Softwarekonstellationen. --------------------------------------------- https://heise.de/-3920864 ∗∗∗ Hacker zeigte Probleme bei Ladekarten für Stromtankstellen auf ∗∗∗ --------------------------------------------- "Ich brauche nur diese Nummer, um auf fremde Kosten Strom zu laden" --------------------------------------------- http://derstandard.at/2000070592621 ∗∗∗ Über 10.000 Seiten schürfen mit PC-Leistung der Nutzer nach Kryptogeld ∗∗∗ --------------------------------------------- Sicherheitsexperten registrieren rasanten Anstieg seit Bitcoin-Hype --------------------------------------------- http://derstandard.at/2000070618982 ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin – December 2017 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ Security Advisory - Multiple Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2017-1423) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22011400 ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2017-14919) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010601 ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Business Process Manager web Process Designer (CVE-2017-1494) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008673 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.12.2017
by Daily end-of-shift report 15 Dec '17

15 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-12-2017 18:00 − Freitag 15-12-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft Considers Adding Python as an Official Scripting Language to Excel ∗∗∗ --------------------------------------------- Microsoft is considering adding Python as one of the official Excel scripting languages, according to .. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-considers-adding-… ∗∗∗ Vigilante Removes Malware from Netgear Site After Company Fails to Do So for 2 Years ∗∗∗ --------------------------------------------- An anonymous vigilante has taken matters into his own hands and removed malware from a Netgear site after the .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vigilante-removes-malware-fr… ∗∗∗ The spy under your christmas tree ∗∗∗ --------------------------------------------- In the past few years, makers of internet-enabled toys have made the headlines multiple times, but not in a good way. Privacy and data protection clearly is not the highest priority in this sector. In Germany, the sale of some of those toys has already been banned after they were classified as concealed surveillance .. --------------------------------------------- https://www.gdatasoftware.com/blog/2017/12/30277-the-spy-under-your-christm… ∗∗∗ Joanna Rutkowska: Qubes OS soll "einfach wie Ubuntu" werden ∗∗∗ --------------------------------------------- Die Gründerin von Qubes OS, Joanna Rutkowska, erklärt die grundlegenden Ideen und Konzepte des auf Sicherheit fokussierten Projektes. Außerdem verrät die Entwicklerin im Gespräch mit Golem.de weiter .. --------------------------------------------- https://www.golem.de/news/joanna-rutkowska-qubes-os-soll-einfach-wie-ubuntu… ∗∗∗ Determining your risk ∗∗∗ --------------------------------------------- Red Hat continues to be a leader in transparency regarding security problems that are discovered in our software and the steps we take to fix them. We publish data about vulnerabilities on our security metrics page and .. --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2998921 ∗∗∗ Javascript Injection Creates Rogue WordPress Admin User ∗∗∗ --------------------------------------------- Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection type was always the same: malicious JavaScript designed to display unauthorized pop-ups or completely redirect visitors to spammy websites, which the hackers then monetized through advertisement .. --------------------------------------------- https://blog.sucuri.net/2017/12/javascript-injection-creates-rogue-wordpres… ∗∗∗ Root-Lücke in Firewalls von Palo Alto Networks ∗∗∗ --------------------------------------------- Kombinieren Angreifer drei Sicherheitslücken, könnten sie Firewalls von Palo Alto Networks kompromittieren, warnt ein Sicherheitsforscher. --------------------------------------------- https://heise.de/-3918909 ===================== = Vulnerabilities = ===================== ∗∗∗ Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake ∗∗∗ --------------------------------------------- A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Packet Engine that could .. --------------------------------------------- https://support.citrix.com/article/CTX230612 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.12.2017
by Daily end-of-shift report 14 Dec '17

14 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-12-2017 18:00 − Donnerstag 14-12-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ The Intel ME vulnerabilities are a big deal for some people, harmless for most ∗∗∗ --------------------------------------------- (Note: all discussion here is based on publicly disclosed information, and I am not speaking on behalf of my employers)I wrote about the potential impact of the most recent Intel ME vulnerabilities a couple of weeks ago. The details of the vulnerability were released last week, and its not absolutely the worst case scenario but its still .. --------------------------------------------- https://mjg59.dreamwidth.org/49788.html ∗∗∗ Sneaky *.BAT File Leads to Spoofed Banking Page ∗∗∗ --------------------------------------------- If you thought using BAT files was old hat, think again. While monitoring our Secure Email Gateway Cloud service, we came across several suspect spam emails targeting Brazilian users. The figure .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Sneaky--BAT-File-Leads-to-Sp… ∗∗∗ Attack on Fox-IT shows how a DNS hijack can break multiple layers of security ∗∗∗ --------------------------------------------- Dutch security firm Fox-IT deserves praise for being open about an attack on its client network. There are some important lessons to be learned about DNS .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/12/attack-fox-it-shows-how-dns-… ∗∗∗ Triton Malware Targets Industrial Safety Systems In the Middle East ∗∗∗ --------------------------------------------- A rare and dangerous new form of malware targets the industrial safety control systems that protect human life. --------------------------------------------- https://www.wired.com/story/triton-malware-targets-industrial-safety-system… ∗∗∗ Dezember-Patchday bei SAP ∗∗∗ --------------------------------------------- Es stehen Sicherheitsupdates für verschiedene SAP-Produkte bereit. Zwei Lücken sind mit dem Bedrohungsgrad "hoch" eingestuft. --------------------------------------------- https://heise.de/-3918036 ∗∗∗ Mirai: Wie Minecraft-Betrug das ganze Internet in die Knie zwang ∗∗∗ --------------------------------------------- Drei US-amerikanische Studenten gestehen Urheberschaft – Wollten eigentlich nur mit Angriffen gegen Spieleserver Geld machen --------------------------------------------- http://derstandard.at/2000070340698 ∗∗∗ 34C3: Das Programm für den Hacker-Kongress steht ∗∗∗ --------------------------------------------- Keynote von Science-Fiction-Autor Charles Stross – Findet heuer erstmals in Leipzig statt --------------------------------------------- http://derstandard.at/2000070364235 ∗∗∗ New MacOS malware steals bank log-in details and intellectual property ∗∗∗ --------------------------------------------- https://www.scmagazineuk.com/news/new-macos-malware-steals-bank-log-in-deta… ===================== = Vulnerabilities = ===================== -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily December 2017